diff options
Diffstat (limited to 'Zotlabs/Module')
-rw-r--r-- | Zotlabs/Module/Cloud.php | 24 | ||||
-rw-r--r-- | Zotlabs/Module/Display.php | 7 | ||||
-rw-r--r-- | Zotlabs/Module/Update.php | 43 | ||||
-rw-r--r-- | Zotlabs/Module/Update_articles.php | 39 | ||||
-rw-r--r-- | Zotlabs/Module/Update_cards.php | 39 | ||||
-rw-r--r-- | Zotlabs/Module/Update_channel.php | 70 | ||||
-rw-r--r-- | Zotlabs/Module/Update_display.php | 32 | ||||
-rw-r--r-- | Zotlabs/Module/Update_home.php | 42 | ||||
-rw-r--r-- | Zotlabs/Module/Update_hq.php | 31 | ||||
-rw-r--r-- | Zotlabs/Module/Update_network.php | 44 | ||||
-rw-r--r-- | Zotlabs/Module/Update_pubstream.php | 26 | ||||
-rw-r--r-- | Zotlabs/Module/Update_search.php | 69 | ||||
-rw-r--r-- | Zotlabs/Module/Wiki.php | 81 |
13 files changed, 121 insertions, 426 deletions
diff --git a/Zotlabs/Module/Cloud.php b/Zotlabs/Module/Cloud.php index 0f7f9c47a..2215507ca 100644 --- a/Zotlabs/Module/Cloud.php +++ b/Zotlabs/Module/Cloud.php @@ -87,6 +87,10 @@ class Cloud extends \Zotlabs\Web\Controller { // $server->addPlugin(new \Zotlabs\Storage\\QuotaPlugin($auth)); + // over-ride the default XML output on thrown exceptions + + $server->on('exception', [ $this, 'DAVException' ]); + // All we need to do now, is to fire up the server $server->exec(); @@ -97,4 +101,24 @@ class Cloud extends \Zotlabs\Web\Controller { killme(); } + + function DAVException($err) { + + if($err instanceof \Sabre\DAV\Exception\NotFound) { + notice( t('Not found') . EOL); + } + elseif($err instanceof \Sabre\DAV\Exception\Forbidden) { + notice( t('Permission denied') . EOL); + } + else { + notice( t('Unknown error') . EOL); + } + + construct_page(); + + killme(); + } + } + + diff --git a/Zotlabs/Module/Display.php b/Zotlabs/Module/Display.php index 266a5b6bf..6d895feb5 100644 --- a/Zotlabs/Module/Display.php +++ b/Zotlabs/Module/Display.php @@ -14,6 +14,7 @@ class Display extends \Zotlabs\Web\Controller { $module_format = 'html'; + if(argc() > 1) { $module_format = substr(argv(1),strrpos(argv(1),'.') + 1); if(! in_array($module_format,['atom','zot','json'])) @@ -30,7 +31,7 @@ class Display extends \Zotlabs\Web\Controller { return; } - if(argc() > 1 && argv(1) !== 'load') { + if(argc() > 1) { $item_hash = argv(1); if($module_format !== 'html') { $item_hash = substr($item_hash,0,strrpos($item_hash,'.')); @@ -260,7 +261,7 @@ class Display extends \Zotlabs\Web\Controller { elseif($update && !$load) { $r = null; - + require_once('include/channel.php'); $sys = get_sys_channel(); $sysid = $sys['channel_id']; @@ -285,7 +286,6 @@ class Display extends \Zotlabs\Web\Controller { // make that content unsearchable by ensuring the owner_xchan can't match if(! perm_is_allowed($sysid,$observer_hash,'view_stream')) $sysid = 0; - $r = q("SELECT item.parent AS item_id from item WHERE parent_mid = '%s' AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = '' @@ -315,7 +315,6 @@ class Display extends \Zotlabs\Web\Controller { WHERE parent in ( %s ) $item_normal ", dbesc($parents_str) ); - xchan_query($items); $items = fetch_post_tags($items,true); $items = conv_sort($items,'created'); diff --git a/Zotlabs/Module/Update.php b/Zotlabs/Module/Update.php new file mode 100644 index 000000000..b3252f8b9 --- /dev/null +++ b/Zotlabs/Module/Update.php @@ -0,0 +1,43 @@ +<?php +namespace Zotlabs\Module; + + +class Update extends \Zotlabs\Web\Controller { + + function get() { + + $profile_uid = intval($_GET['p']); + + // it's probably safe to do this for all modules and not just a limited subset, + // but it needs to be verified. + + if((! $profile_uid) && in_array(argv(1),['display','search','pubstream','home'])) + $profile_uid = (-1); + + if(argc() < 2) { + killme(); + } + + // These modules don't have a completely working liveUpdate implementation currently + + if(in_array(strtolower(argv(1)),['articles','cards'])) + killme(); + + $module = "\\Zotlabs\\Module\\" . ucfirst(argv(1)); + $load = (((argc() > 2) && (argv(2) == 'load')) ? 1 : 0); + + $mod = new $module; + + header("Content-type: text/html"); + + \App::$argv = [ argv(1) ]; + \App::$argc = 1; + + echo "<!DOCTYPE html><html><body><section>\r\n"; + echo $mod->get($profile_uid, $load); + echo "</section></body></html>\r\n"; + + killme(); + + } +} diff --git a/Zotlabs/Module/Update_articles.php b/Zotlabs/Module/Update_articles.php deleted file mode 100644 index 280904f67..000000000 --- a/Zotlabs/Module/Update_articles.php +++ /dev/null @@ -1,39 +0,0 @@ -<?php - -namespace Zotlabs\Module; - -/** - * Module: update_profile - * Purpose: AJAX synchronisation of profile page - * - */ - - -class Update_articles extends \Zotlabs\Web\Controller { - -function get() { - - $profile_uid = intval($_GET['p']); - $load = (((argc() > 1) && (argv(1) == 'load')) ? 1 : 0); - - header("Content-type: text/html"); - echo "<!DOCTYPE html><html><body><section></section></body></html>\r\n"; - - killme(); - - - $mod = new Articles(); - - $text = $mod->get($profile_uid,$load); - - /** - * reportedly some versions of MSIE don't handle tabs in XMLHttpRequest documents very well - */ - - echo str_replace("\t",' ',$text); - echo (($_GET['msie'] == 1) ? '</div>' : '</section>'); - echo "</body></html>\r\n"; - killme(); - -} -} diff --git a/Zotlabs/Module/Update_cards.php b/Zotlabs/Module/Update_cards.php deleted file mode 100644 index bb87357e8..000000000 --- a/Zotlabs/Module/Update_cards.php +++ /dev/null @@ -1,39 +0,0 @@ -<?php - -namespace Zotlabs\Module; - -/** - * Module: update_profile - * Purpose: AJAX synchronisation of profile page - * - */ - - -class Update_cards extends \Zotlabs\Web\Controller { - -function get() { - - $profile_uid = intval($_GET['p']); - $load = (((argc() > 1) && (argv(1) == 'load')) ? 1 : 0); - - header("Content-type: text/html"); - echo "<!DOCTYPE html><html><body><section></section></body></html>\r\n"; - - killme(); - - - $mod = new Cards(); - - $text = $mod->get($profile_uid,$load); - - /** - * reportedly some versions of MSIE don't handle tabs in XMLHttpRequest documents very well - */ - - echo str_replace("\t",' ',$text); - echo (($_GET['msie'] == 1) ? '</div>' : '</section>'); - echo "</body></html>\r\n"; - killme(); - -} -} diff --git a/Zotlabs/Module/Update_channel.php b/Zotlabs/Module/Update_channel.php deleted file mode 100644 index 46ad19805..000000000 --- a/Zotlabs/Module/Update_channel.php +++ /dev/null @@ -1,70 +0,0 @@ -<?php - -namespace Zotlabs\Module; - -/** - * Module: update_profile - * Purpose: AJAX synchronisation of profile page - * - */ - - -class Update_channel extends \Zotlabs\Web\Controller { - -function get() { - - $profile_uid = intval($_GET['p']); - $load = (((argc() > 1) && (argv(1) == 'load')) ? 1 : 0); - - header("Content-type: text/html"); - echo "<!DOCTYPE html><html><body>\r\n"; - - /** - * We can remove this hack once Internet Explorer recognises HTML5 natively - */ - - echo (($_GET['msie'] == 1) ? '<div>' : '<section>'); - - /** - * - * Grab the page inner contents by calling the content function from the profile module directly, - * but move any image src attributes to another attribute name. This is because - * some browsers will prefetch all the images for the page even if we don't need them. - * The only ones we need to fetch are those for new page additions, which we'll discover - * on the client side and then swap the image back. - * - */ - - $mod = new Channel(); - - $text = $mod->get($profile_uid,$load); - - $pattern = "/<img([^>]*) src=\"([^\"]*)\"/"; - $replace = "<img\${1} dst=\"\${2}\""; -// $text = preg_replace($pattern, $replace, $text); - -/* - if(! $load) { - $replace = '<br />' . t('[Embedded content - reload page to view]') . '<br />'; - $pattern = "/<\s*audio[^>]*>(.*?)<\s*\/\s*audio>/i"; - $text = preg_replace($pattern, $replace, $text); - $pattern = "/<\s*video[^>]*>(.*?)<\s*\/\s*video>/i"; - $text = preg_replace($pattern, $replace, $text); - $pattern = "/<\s*embed[^>]*>(.*?)<\s*\/\s*embed>/i"; - $text = preg_replace($pattern, $replace, $text); - $pattern = "/<\s*iframe[^>]*>(.*?)<\s*\/\s*iframe>/i"; - $text = preg_replace($pattern, $replace, $text); - } -*/ - - /** - * reportedly some versions of MSIE don't handle tabs in XMLHttpRequest documents very well - */ - - echo str_replace("\t",' ',$text); - echo (($_GET['msie'] == 1) ? '</div>' : '</section>'); - echo "</body></html>\r\n"; - killme(); - -} -} diff --git a/Zotlabs/Module/Update_display.php b/Zotlabs/Module/Update_display.php deleted file mode 100644 index b2c6a56f5..000000000 --- a/Zotlabs/Module/Update_display.php +++ /dev/null @@ -1,32 +0,0 @@ -<?php -namespace Zotlabs\Module; - -// See update_profile.php for documentation - -require_once('include/group.php'); - - -class Update_display extends \Zotlabs\Web\Controller { - - function get() { - - $profile_uid = intval($_GET['p']); - if(! $profile_uid) - $profile_uid = (-1); - $load = (((argc() > 1) && (argv(1) == 'load')) ? 1 : 0); - header("Content-type: text/html"); - echo "<!DOCTYPE html><html><body>\r\n"; - echo (($_GET['msie'] == 1) ? '<div>' : '<section>'); - - $mod = new Display(); - $text = $mod->get($profile_uid, $load); - - echo str_replace("\t",' ',$text); - echo (($_GET['msie'] == 1) ? '</div>' : '</section>'); - echo "</body></html>\r\n"; - - killme(); - - } - -} diff --git a/Zotlabs/Module/Update_home.php b/Zotlabs/Module/Update_home.php deleted file mode 100644 index 0f699482e..000000000 --- a/Zotlabs/Module/Update_home.php +++ /dev/null @@ -1,42 +0,0 @@ -<?php -namespace Zotlabs\Module; - -// See update_profile.php for documentation - -class Update_home extends \Zotlabs\Web\Controller { - - function get() { - - $profile_uid = ((intval($_GET['p'])) ? intval($_GET['p']) : (-1)); - $load = (((argc() > 1) && (argv(1) == 'load')) ? 1 : 0); - header("Content-type: text/html"); - echo "<!DOCTYPE html><html><body>\r\n"; - echo ((array_key_exists('msie',$_GET) && $_GET['msie'] == 1) ? '<div>' : '<section>'); - - $mod = new Home(); - $text = $mod->get($profile_uid, $load); - - $pattern = "/<img([^>]*) src=\"([^\"]*)\"/"; - $replace = "<img\${1} dst=\"\${2}\""; - // $text = preg_replace($pattern, $replace, $text); - /* - if(! $load) { - $replace = '<br />' . t('[Embedded content - reload page to view]') . '<br />'; - $pattern = "/<\s*audio[^>]*>(.*?)<\s*\/\s*audio>/i"; - $text = preg_replace($pattern, $replace, $text); - $pattern = "/<\s*video[^>]*>(.*?)<\s*\/\s*video>/i"; - $text = preg_replace($pattern, $replace, $text); - $pattern = "/<\s*embed[^>]*>(.*?)<\s*\/\s*embed>/i"; - $text = preg_replace($pattern, $replace, $text); - $pattern = "/<\s*iframe[^>]*>(.*?)<\s*\/\s*iframe>/i"; - $text = preg_replace($pattern, $replace, $text); - } - */ - echo str_replace("\t",' ',$text); - echo ((array_key_exists('msie',$_GET) && $_GET['msie'] == 1) ? '</div>' : '</section>'); - echo "</body></html>\r\n"; - // logger('update_home: ' . $text); - killme(); - - } -} diff --git a/Zotlabs/Module/Update_hq.php b/Zotlabs/Module/Update_hq.php deleted file mode 100644 index bb1495c64..000000000 --- a/Zotlabs/Module/Update_hq.php +++ /dev/null @@ -1,31 +0,0 @@ -<?php -namespace Zotlabs\Module; - -// See update_profile.php for documentation - -require_once('include/group.php'); - - -class Update_hq extends \Zotlabs\Web\Controller { - - function get() { - - $profile_uid = intval($_GET['p']); - - $load = (((argc() > 1) && (argv(1) == 'load')) ? 1 : 0); - header("Content-type: text/html"); - echo "<!DOCTYPE html><html><body>\r\n"; - echo (($_GET['msie'] == 1) ? '<div>' : '<section>'); - - $mod = new Hq(); - $text = $mod->get($profile_uid, $load); - - echo str_replace("\t",' ',$text); - echo (($_GET['msie'] == 1) ? '</div>' : '</section>'); - echo "</body></html>\r\n"; - - killme(); - - } - -} diff --git a/Zotlabs/Module/Update_network.php b/Zotlabs/Module/Update_network.php deleted file mode 100644 index c27b7614a..000000000 --- a/Zotlabs/Module/Update_network.php +++ /dev/null @@ -1,44 +0,0 @@ -<?php -namespace Zotlabs\Module; - -// See update_profile.php for documentation - -require_once('include/group.php'); - -class Update_network extends \Zotlabs\Web\Controller { - - function get() { - - $profile_uid = intval($_GET['p']); - $load = (((argc() > 1) && (argv(1) == 'load')) ? 1 : 0); - header("Content-type: text/html"); - echo "<!DOCTYPE html><html><body>\r\n"; - echo ((array_key_exists('msie',$_GET) && $_GET['msie'] == 1) ? '<div>' : '<section>'); - - $mod = new Network(); - $text = $mod->get($profile_uid, $load); - - $pattern = "/<img([^>]*) src=\"([^\"]*)\"/"; - $replace = "<img\${1} dst=\"\${2}\""; - // $text = preg_replace($pattern, $replace, $text); - /* - if(! $load) { - $replace = '<br />' . t('[Embedded content - reload page to view]') . '<br />'; - $pattern = "/<\s*audio[^>]*>(.*?)<\s*\/\s*audio>/i"; - $text = preg_replace($pattern, $replace, $text); - $pattern = "/<\s*video[^>]*>(.*?)<\s*\/\s*video>/i"; - $text = preg_replace($pattern, $replace, $text); - $pattern = "/<\s*embed[^>]*>(.*?)<\s*\/\s*embed>/i"; - $text = preg_replace($pattern, $replace, $text); - $pattern = "/<\s*iframe[^>]*>(.*?)<\s*\/\s*iframe>/i"; - $text = preg_replace($pattern, $replace, $text); - } - */ - echo str_replace("\t",' ',$text); - echo ((array_key_exists('msie',$_GET) && $_GET['msie'] == 1) ? '</div>' : '</section>'); - echo "</body></html>\r\n"; - // logger('update_network: ' . $text); - killme(); - - } -} diff --git a/Zotlabs/Module/Update_pubstream.php b/Zotlabs/Module/Update_pubstream.php deleted file mode 100644 index 8bb5ebfe7..000000000 --- a/Zotlabs/Module/Update_pubstream.php +++ /dev/null @@ -1,26 +0,0 @@ -<?php -namespace Zotlabs\Module; - -// See update_profile.php for documentation - - -class Update_pubstream extends \Zotlabs\Web\Controller { - - function get() { - - $profile_uid = ((intval($_GET['p'])) ? intval($_GET['p']) : (-1)); - $load = (((argc() > 1) && (argv(1) == 'load')) ? 1 : 0); - header("Content-type: text/html"); - echo "<!DOCTYPE html><html><body>\r\n"; - echo ((array_key_exists('msie',$_GET) && $_GET['msie'] == 1) ? '<div>' : '<section>'); - - $mod = new Pubstream(); - $text = $mod->get($profile_uid, $load); - - echo str_replace("\t",' ',$text); - echo ((array_key_exists('msie',$_GET) && $_GET['msie'] == 1) ? '</div>' : '</section>'); - echo "</body></html>\r\n"; - killme(); - - } -} diff --git a/Zotlabs/Module/Update_search.php b/Zotlabs/Module/Update_search.php deleted file mode 100644 index 4491f40f4..000000000 --- a/Zotlabs/Module/Update_search.php +++ /dev/null @@ -1,69 +0,0 @@ -<?php -namespace Zotlabs\Module; - -/** - * Module: update_profile - * Purpose: AJAX synchronisation of search page - * - */ - - -class Update_search extends \Zotlabs\Web\Controller { - - function get() { - - $profile_uid = intval($_GET['p']); - if(! $profile_uid) - $profile_uid = (-1); - - $load = (((argc() > 1) && (argv(1) == 'load')) ? 1 : 0); - - header("Content-type: text/html"); - echo "<!DOCTYPE html><html><body>\r\n"; - - /** - * We can remove this hack once Internet Explorer recognises HTML5 natively - */ - - echo (($_GET['msie'] == 1) ? '<div>' : '<section>'); - - /** - * - * Grab the page inner contents by calling the content function from the profile module directly, - * but move any image src attributes to another attribute name. This is because - * some browsers will prefetch all the images for the page even if we don't need them. - * The only ones we need to fetch are those for new page additions, which we'll discover - * on the client side and then swap the image back. - * - */ - - $mod = new Search(); - $text = $mod->get($profile_uid,$load); - - $pattern = "/<img([^>]*) src=\"([^\"]*)\"/"; - $replace = "<img\${1} dst=\"\${2}\""; - // $text = preg_replace($pattern, $replace, $text); - /* - if(! $load) { - $replace = '<br />' . t('[Embedded content - reload page to view]') . '<br />'; - $pattern = "/<\s*audio[^>]*>(.*?)<\s*\/\s*audio>/i"; - $text = preg_replace($pattern, $replace, $text); - $pattern = "/<\s*video[^>]*>(.*?)<\s*\/\s*video>/i"; - $text = preg_replace($pattern, $replace, $text); - $pattern = "/<\s*embed[^>]*>(.*?)<\s*\/\s*embed>/i"; - $text = preg_replace($pattern, $replace, $text); - $pattern = "/<\s*iframe[^>]*>(.*?)<\s*\/\s*iframe>/i"; - $text = preg_replace($pattern, $replace, $text); - } - */ - /** - * reportedly some versions of MSIE don't handle tabs in XMLHttpRequest documents very well - */ - - echo str_replace("\t",' ',$text); - echo (($_GET['msie'] == 1) ? '</div>' : '</section>'); - echo "</body></html>\r\n"; - killme(); - - } -} diff --git a/Zotlabs/Module/Wiki.php b/Zotlabs/Module/Wiki.php index 2d2d8e2b7..ae543eb98 100644 --- a/Zotlabs/Module/Wiki.php +++ b/Zotlabs/Module/Wiki.php @@ -293,31 +293,43 @@ class Wiki extends \Zotlabs\Web\Controller { $p = Zlib\NativeWikiPage::get_page_content(array('channel_id' => $owner['channel_id'], 'observer_hash' => $observer_hash, 'resource_id' => $resource_id, 'pageUrlName' => $pageUrlName)); } if(! ($p && $p['success'])) { + $x = new \Zotlabs\Widget\Wiki_pages(); + + $html = $x->create_missing_page([ + 'resource_id' => $resource_id, + 'channel_id' => $owner['channel_id'], + 'channel_address' => $owner['channel_address'], + 'refresh' => true + ]); + //json_return_and_die(array('pages' => $page_list_html, 'message' => '', 'success' => true)); notice( t('Error retrieving page content') . EOL); - goaway(z_root() . '/' . argv(0) . '/' . argv(1) ); + //goaway(z_root() . '/' . argv(0) . '/' . argv(1) ); + $renderedContent = Zlib\NativeWikiPage::convert_links($html, argv(0) . '/' . argv(1) . '/' . $wikiUrlName); + $showPageControls = $wiki_editor; } - - $mimeType = $p['pageMimeType']; - - $sampleContent = (($mimeType == 'text/bbcode') ? '[h3]' . t('New page') . '[/h3]' : '### ' . t('New page')); - if($mimeType === 'text/plain') - $sampleContent = t('New page'); - - $content = (($p['content'] == '') ? $sampleContent : $p['content']); - - // Render the Markdown-formatted page content in HTML - if($mimeType == 'text/bbcode') { - $renderedContent = Zlib\NativeWikiPage::convert_links(zidify_links(smilies(bbcode($content))), argv(0) . '/' . argv(1) . '/' . $wikiUrlName); - } - elseif($mimeType === 'text/plain') { - $renderedContent = str_replace(["\n",' ',"\t"],[EOL,' ',' '],htmlentities($content,ENT_COMPAT,'UTF-8',false)); - } - elseif($mimeType === 'text/markdown') { - $content = Zlib\MarkdownSoap::unescape($content); - $html = Zlib\NativeWikiPage::generate_toc(zidify_text(MarkdownExtra::defaultTransform(Zlib\NativeWikiPage::bbcode($content)))); - $renderedContent = Zlib\NativeWikiPage::convert_links($html, argv(0) . '/' . argv(1) . '/' . $wikiUrlName); - } - $showPageControls = $wiki_editor; + else { + $mimeType = $p['pageMimeType']; + + $sampleContent = (($mimeType == 'text/bbcode') ? '[h3]' . t('New page') . '[/h3]' : '### ' . t('New page')); + if($mimeType === 'text/plain') + $sampleContent = t('New page'); + + $content = (($p['content'] == '') ? $sampleContent : $p['content']); + + // Render the Markdown-formatted page content in HTML + if($mimeType == 'text/bbcode') { + $renderedContent = Zlib\NativeWikiPage::convert_links(zidify_links(smilies(bbcode($content))), argv(0) . '/' . argv(1) . '/' . $wikiUrlName); + } + elseif($mimeType === 'text/plain') { + $renderedContent = str_replace(["\n",' ',"\t"],[EOL,' ',' '],htmlentities($content,ENT_COMPAT,'UTF-8',false)); + } + elseif($mimeType === 'text/markdown') { + $content = Zlib\MarkdownSoap::unescape($content); + $html = Zlib\NativeWikiPage::generate_toc(zidify_text(MarkdownExtra::defaultTransform(Zlib\NativeWikiPage::bbcode($content)))); + $renderedContent = Zlib\NativeWikiPage::convert_links($html, argv(0) . '/' . argv(1) . '/' . $wikiUrlName); + } + $showPageControls = $wiki_editor; + } break; // default: // Strip the extraneous URL components // goaway('/' . argv(0) . '/' . argv(1) . '/' . $wikiUrlName . '/' . $pageUrlName); @@ -430,11 +442,15 @@ class Wiki extends \Zotlabs\Web\Controller { goaway('/' . argv(0) . '/' . $nick . '/'); } $wiki = array(); + + // backslashes won't work well in the javascript functions + $name = str_replace('\\','',$_POST['wikiName']); + // Generate new wiki info from input name $wiki['postVisible'] = ((intval($_POST['postVisible'])) ? 1 : 0); - $wiki['rawName'] = $_POST['wikiName']; - $wiki['htmlName'] = escape_tags($_POST['wikiName']); - $wiki['urlName'] = urlencode(urlencode($_POST['wikiName'])); + $wiki['rawName'] = $name; + $wiki['htmlName'] = escape_tags($name); + $wiki['urlName'] = urlencode(urlencode($name)); $wiki['mimeType'] = $_POST['mimeType']; $wiki['typelock'] = $_POST['typelock']; @@ -555,9 +571,14 @@ class Wiki extends \Zotlabs\Web\Controller { } $name = $_POST['pageName']; //Get new page name - if(urlencode(escape_tags($_POST['pageName'])) === '') { - json_return_and_die(array('message' => 'Error creating page. Invalid name.', 'success' => false)); + + // backslashes won't work well in the javascript functions + $name = str_replace('\\','',$name); + + if(urlencode(escape_tags($name)) === '') { + json_return_and_die(array('message' => 'Error creating page. Invalid name (' . print_r($_POST,true) . ').', 'success' => false)); } + $page = Zlib\NativeWikiPage::create_page($owner['channel_id'],$observer_hash, $name, $resource_id, $mimetype); if($page['item_id']) { @@ -626,7 +647,7 @@ class Wiki extends \Zotlabs\Web\Controller { logger('Wiki write permission denied. ' . EOL); json_return_and_die(array('success' => false)); } - + $saved = Zlib\NativeWikiPage::save_page(array('channel_id' => $owner['channel_id'], 'observer_hash' => $observer_hash, 'resource_id' => $resource_id, 'pageUrlName' => $pageUrlName, 'content' => $content)); if($saved['success']) { @@ -758,7 +779,7 @@ class Wiki extends \Zotlabs\Web\Controller { if ((argc() === 4) && (argv(2) === 'rename') && (argv(3) === 'page')) { $resource_id = $_POST['resource_id']; $pageUrlName = $_POST['oldName']; - $pageNewName = $_POST['newName']; + $pageNewName = str_replace('\\','',$_POST['newName']); if ($pageUrlName === 'Home') { json_return_and_die(array('message' => 'Cannot rename Home','success' => false)); } |