diff options
Diffstat (limited to 'include')
| -rw-r--r-- | include/bbcode.php | 26 | ||||
| -rw-r--r-- | include/channel.php | 10 | ||||
| -rw-r--r-- | include/connections.php | 5 | ||||
| -rw-r--r-- | include/event.php | 6 | ||||
| -rw-r--r-- | include/feedutils.php | 16 | ||||
| -rw-r--r-- | include/follow.php | 2 | ||||
| -rw-r--r-- | include/import.php | 23 | ||||
| -rwxr-xr-x | include/items.php | 40 | ||||
| -rw-r--r-- | include/markdown.php | 6 | ||||
| -rw-r--r-- | include/nav.php | 2 | ||||
| -rwxr-xr-x | include/oembed.php | 2 | ||||
| -rw-r--r-- | include/opengraph.php | 72 | ||||
| -rw-r--r-- | include/queue_fn.php | 2 | ||||
| -rw-r--r-- | include/text.php | 37 | ||||
| -rw-r--r-- | include/zot.php | 10 |
15 files changed, 216 insertions, 43 deletions
diff --git a/include/bbcode.php b/include/bbcode.php index 485a1f5b2..c7dea53c5 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -4,6 +4,8 @@ * @brief BBCode related functions for parsing, etc. */ +use Zotlabs\Lib\SvgSanitizer; + require_once('include/oembed.php'); require_once('include/event.php'); require_once('include/zot.php'); @@ -267,6 +269,22 @@ function bb_parse_app($match) { return Zotlabs\Lib\Apps::app_render($app); } +function bb_svg($match) { + + $params = str_replace(['<br>', '"'], [ '', '"'],$match[1]); + $Text = str_replace([ '[',']' ], [ '<','>' ], $match[2]); + + $output = '<svg' . (($params) ? $params : ' width="100%" height="480" ') . '>' . str_replace(['<br>', '"', ' '], [ '', '"', ' '],$Text) . '</svg>'; + + $purify = new SvgSanitizer(); + $purify->loadXML($output); + $purify->sanitize(); + $output = $purify->saveSVG(); + $output = preg_replace("/\<\?xml(.*?)\?\>/",'',$output); + return $output; +} + + function bb_parse_element($match) { $j = json_decode(base64url_decode($match[1]),true); @@ -948,9 +966,9 @@ function bbcode($Text, $options = []) { if (strpos($Text,'http') !== false) { if($tryoembed) { - $Text = preg_replace_callback("/([^\]\='".'"'."\/]|^|\#\^)(https?\:\/\/$urlchars+)/ismu", 'tryoembed', $Text); + $Text = preg_replace_callback("/([^\]\='".'"'."\;\/]|^|\#\^)(https?\:\/\/$urlchars+)/ismu", 'tryoembed', $Text); } - $Text = preg_replace("/([^\]\='".'"'."\/]|^|\#\^)(https?\:\/\/$urlchars+)/ismu", '$1<a href="$2" ' . $target . ' rel="nofollow noopener">$2</a>', $Text); + $Text = preg_replace("/([^\]\='".'"'."\;\/]|^|\#\^)(https?\:\/\/$urlchars+)/ismu", '$1<a href="$2" ' . $target . ' rel="nofollow noopener">$2</a>', $Text); } if (strpos($Text,'[/share]') !== false) { @@ -1289,6 +1307,9 @@ function bbcode($Text, $options = []) { $Text = preg_replace_callback("/\[zaudio\](.*?\.(ogg|ogv|oga|ogm|webm|mp4|mp3|opus|m4a))\[\/zaudio\]/ism", 'tryzrlaudio', $Text); } + // SVG stuff + $Text = preg_replace_callback("/\[svg(.*?)\](.*?)\[\/svg\]/ism", 'bb_svg', $Text); + // Try to Oembed if ($tryoembed) { if (strpos($Text,'[/video]') !== false) { @@ -1346,6 +1367,7 @@ function bbcode($Text, $options = []) { $Text = preg_replace("/\[event\-finish\](.*?)\[\/event\-finish\]/ism",'',$Text); $Text = preg_replace("/\[event\-id\](.*?)\[\/event\-id\]/ism",'',$Text); $Text = preg_replace("/\[event\-location\](.*?)\[\/event\-location\]/ism",'',$Text); + $Text = preg_replace("/\[event\-timezone\](.*?)\[\/event\-timezone\]/ism",'',$Text); $Text = preg_replace("/\[event\-adjust\](.*?)\[\/event\-adjust\]/ism",'',$Text); $Text = str_replace("\0",'$',$Text); diff --git a/include/channel.php b/include/channel.php index 7c0397e11..29835eac6 100644 --- a/include/channel.php +++ b/include/channel.php @@ -1718,9 +1718,9 @@ function advanced_profile() { if(App::$profile['sexual']) $profile['sexual'] = array( t('Sexual Preference:'), App::$profile['sexual'] ); - if(App::$profile['homepage']) $profile['homepage'] = array( t('Homepage:'), linkify(App::$profile['homepage']) ); + if(App::$profile['homepage']) $profile['homepage'] = array( t('Homepage:'), linkify(App::$profile['homepage'], true) ); - if(App::$profile['hometown']) $profile['hometown'] = array( t('Hometown:'), linkify(App::$profile['hometown']) ); + if(App::$profile['hometown']) $profile['hometown'] = array( t('Hometown:'), linkify(App::$profile['hometown'], true) ); if(App::$profile['politic']) $profile['politic'] = array( t('Political Views:'), App::$profile['politic']); @@ -2254,19 +2254,19 @@ function get_zcard($channel, $observer_hash = '', $args = array()) { $cover_width = 425; $size = 'hz_small'; $cover_size = PHOTO_RES_COVER_425; - $pphoto = array('mimetype' => $channel['xchan_photo_mimetype'], 'width' => 80 , 'height' => 80, 'href' => $channel['xchan_photo_m']); + $pphoto = array('mimetype' => $channel['xchan_photo_mimetype'], 'width' => 80 , 'height' => 80, 'href' => $channel['xchan_photo_m'].'?rev='.strtotime($channel['xchan_photo_date'])); } elseif($maxwidth <= 900) { $width = 900; $cover_width = 850; $size = 'hz_medium'; $cover_size = PHOTO_RES_COVER_850; - $pphoto = array('mimetype' => $channel['xchan_photo_mimetype'], 'width' => 160 , 'height' => 160, 'href' => $channel['xchan_photo_l']); + $pphoto = array('mimetype' => $channel['xchan_photo_mimetype'], 'width' => 160 , 'height' => 160, 'href' => $channel['xchan_photo_l'].'?rev='.strtotime($channel['xchan_photo_date'])); } elseif($maxwidth <= 1200) { $width = 1200; $cover_width = 1200; $size = 'hz_large'; $cover_size = PHOTO_RES_COVER_1200; - $pphoto = array('mimetype' => $channel['xchan_photo_mimetype'], 'width' => 300 , 'height' => 300, 'href' => $channel['xchan_photo_l']); + $pphoto = array('mimetype' => $channel['xchan_photo_mimetype'], 'width' => 300 , 'height' => 300, 'href' => $channel['xchan_photo_l'].'?rev='.strtotime($channel['xchan_photo_date'])); } // $scale = (float) $maxwidth / $width; diff --git a/include/connections.php b/include/connections.php index e942503f0..51df18b70 100644 --- a/include/connections.php +++ b/include/connections.php @@ -299,6 +299,11 @@ function remove_all_xchan_resources($xchan, $channel_id = 0) { $r = q("delete from pgrp_member where xchan = '%s'", dbesc($xchan) ); + + // Cannot delete just one side of the conversation since we do not allow + // you to block private mail replies. This would leave open a gateway for abuse. + // Both participants are owners of the conversation and both can remove it. + $r = q("delete from mail where ( from_xchan = '%s' or to_xchan = '%s' )", dbesc($xchan), dbesc($xchan) diff --git a/include/event.php b/include/event.php index 6689919cf..6be1b6705 100644 --- a/include/event.php +++ b/include/event.php @@ -276,6 +276,9 @@ function format_event_bbcode($ev) { if($ev['event_hash']) $o .= '[event-id]' . $ev['event_hash'] . '[/event-id]'; + if($ev['timezone']) + $o .= '[event-timezone]' . $ev['timezone'] . '[/event-timezone]'; + if($ev['adjust']) $o .= '[event-adjust]' . $ev['adjust'] . '[/event-adjust]'; @@ -324,6 +327,9 @@ function bbtoevent($s) { if(preg_match("/\[event\-id\](.*?)\[\/event\-id\]/is",$s,$match)) $ev['event_hash'] = $match[1]; $match = ''; + if(preg_match("/\[event\-timezone\](.*?)\[\/event\-timezone\]/is",$s,$match)) + $ev['timezone'] = $match[1]; + $match = ''; if(preg_match("/\[event\-adjust\](.*?)\[\/event\-adjust\]/is",$s,$match)) $ev['adjust'] = $match[1]; if(array_key_exists('dtstart',$ev)) { diff --git a/include/feedutils.php b/include/feedutils.php index 5e52828c3..6d14eb5c4 100644 --- a/include/feedutils.php +++ b/include/feedutils.php @@ -449,6 +449,18 @@ function get_atom_elements($feed, $item) { if (title_is_body($res['title'], $res['body'])) $res['title'] = ""; + else { + $res['title'] = bbcode($res['title'], [ 'tryoembed' => false ]); + $res['title'] = html2plain($res['title'], 0, true); + $res['title'] = html_entity_decode($res['title'], ENT_QUOTES, 'UTF-8'); + $res['title'] = preg_replace("/https?\:\/\/[a-zA-Z0-9\:\/\-\?\&\;\.\=\_\~\#\%\$\!\+\,\@]+/", "", $res['title']); + while (strpos($res['title'], "\n") !== false) + $res['title'] = str_replace("\n", " ", $res['title']); + while (strpos($res['title'], " ") !== false) + $res['title'] = str_replace(" ", " ", $res['title']); + $res['title'] = trim($res['title']); + } + if($res['plink']) $base_url = implode('/', array_slice(explode('/',$res['plink']),0,3)); @@ -1748,7 +1760,11 @@ function handle_feed($uid, $abook_id, $url) { if($z['success']) { consume_feed($z['body'], $channel, $x[0], 1); consume_feed($z['body'], $channel, $x[0], 2); + return true; } + + return false; + } diff --git a/include/follow.php b/include/follow.php index 50b952881..a4d382545 100644 --- a/include/follow.php +++ b/include/follow.php @@ -142,7 +142,7 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) $sql_options = (($protocol) ? " and xchan_network = '" . dbesc($protocol) . "' " : ''); - $r = q("select * from xchan where xchan_hash = '%s' or xchan_url = '%s' $sql_options ", + $r = q("select * from xchan where (xchan_addr = '%s' or xchan_url = '%s') $sql_options ", dbesc($url), dbesc($url) ); diff --git a/include/import.php b/include/import.php index 1d3b7c035..6a3895b9f 100644 --- a/include/import.php +++ b/include/import.php @@ -769,7 +769,24 @@ function import_items($channel, $items, $sync = false, $relocate = null) { * @param array $relocate default null */ function sync_items($channel, $items, $relocate = null) { - import_items($channel, $items, true, $relocate); + + // Check if this is sync of not Zot-related content and we're connected to the top post owner + // to avoid confusing with cloned channels + $size = count($items); + for($i = 0; $i < $size; $i++) { + if(($items[$i]['owner']['network'] != 'zot') && ($items[$i]['owner']['network'] != 'zot6')) { + $r = q("SELECT * FROM abook WHERE abook_channel = %d + AND abook_xchan = ( SELECT xchan_hash FROM xchan WHERE xchan_guid = '%s' LIMIT 1 ) + AND abook_not_here = 0 AND abook_ignored = 0 AND abook_blocked = 0", + intval($channel['channel_id']), + dbesc($items[$i]['owner']['guid']) + ); + if(! $r) + unset($items[$i]); + } + } + if(count($items) > 0) + import_items($channel, $items, true, $relocate); } /** @@ -1190,9 +1207,9 @@ function sync_files($channel, $files) { logger('sync_files duplicate check: attach_by_hash() returned ' . print_r($x,true), LOGGER_DEBUG); if($x['success']) { - $orig_attach = $x[0]; + $orig_attach = $x['data']; $attach_exists = true; - $attach_id = $x[0]['id']; + $attach_id = $orig_attach['id']; } $newfname = 'store/' . $channel['channel_address'] . '/' . get_attach_binname($att['content']); diff --git a/include/items.php b/include/items.php index 84bfc263b..917808ad5 100755 --- a/include/items.php +++ b/include/items.php @@ -206,6 +206,25 @@ function collect_recipients($item, &$private_envelope,$include_groups = true) { } function comments_are_now_closed($item) { + + $x = [ + 'item' => $item, + 'closed' => 'unset' + ]; + + /** + * @hooks comments_are_now_closed + * Called to determine whether commenting should be closed + * * \e array \b item + * * \e boolean \b closed - return value + */ + + call_hooks('comments_are_now_closed', $x); + + if ($x['closed'] != 'unset') { + return $x['closed']; + } + if($item['comments_closed'] > NULL_DATE) { $d = datetime_convert(); if($d > $item['comments_closed']) @@ -1640,20 +1659,14 @@ function item_store($arr, $allow_exec = false, $deliver = true) { 'allow_exec' => $allow_exec ]; - if ($arr['item_type']==ITEM_TYPE_CUSTOM) { - /* Custom items are not stored by default - because they require an addon to process. */ - $d['item']['cancel']=true; - - call_hooks('item_custom',$d); - } /** * @hooks item_store * Called when item_store() stores a record of type item. * * \e array \b item * * \e boolean \b allow_exec */ - call_hooks('item_store', $d); + call_hooks('item_store_before', $d); + $arr = $d['item']; $allow_exec = $d['allow_exec']; @@ -1961,6 +1974,7 @@ function item_store($arr, $allow_exec = false, $deliver = true) { */ call_hooks('item_store', $arr); + /** * @hooks post_remote * Called when an activity arrives from another site. @@ -2129,14 +2143,6 @@ function item_store_update($arr, $allow_exec = false, $deliver = true) { 'allow_exec' => $allow_exec ]; - if ($arr['item_type']==ITEM_TYPE_CUSTOM) { - /* Custom items are not stored by default - because they require an addon to process. */ - $d['item']['cancel']=true; - - call_hooks('item_custom_update',$d); - } - /** * @hooks item_store_update * Called when item_store_update() is called to update a stored item. It @@ -2144,7 +2150,7 @@ function item_store_update($arr, $allow_exec = false, $deliver = true) { * * \e array \b item * * \e boolean \b allow_exec */ - call_hooks('item_store_update', $d); + call_hooks('item_store_update_before', $d); $arr = $d['item']; $allow_exec = $d['allow_exec']; diff --git a/include/markdown.php b/include/markdown.php index 7d1f16958..69cc264df 100644 --- a/include/markdown.php +++ b/include/markdown.php @@ -246,6 +246,9 @@ function bb_to_markdown($Text, $options = []) { call_hooks('bb_to_markdown_bb', $x); $Text = $x['bbcode']; + + // Replace spoiler tag before BBcode conversion + $Text = preg_replace("/\[\/?spoiler\]/is", "\n--- " .t('spoiler') . " ---\n", $Text); // Convert it to HTML - don't try oembed $Text = bbcode($Text, [ 'tryoembed' => false ]); @@ -264,6 +267,9 @@ function bb_to_markdown($Text, $options = []) { // Remove empty zrl links $Text = preg_replace("/\[zrl\=\].*?\[\/zrl\]/is", "", $Text); + + // Replace unprocessed <br> in code + $Text = str_replace("<br></br>", "\n", $Text); $Text = trim($Text); diff --git a/include/nav.php b/include/nav.php index 3e1acd306..672cc2689 100644 --- a/include/nav.php +++ b/include/nav.php @@ -80,7 +80,7 @@ function nav($template = 'default') { if($observer) { $userinfo = [ - 'icon' => $observer['xchan_photo_m'], + 'icon' => $observer['xchan_photo_m'].'?rev='.strtotime($observer['xchan_photo_date']), 'name' => $observer['xchan_addr'], ]; } diff --git a/include/oembed.php b/include/oembed.php index ee9e57c3f..eeae7a174 100755 --- a/include/oembed.php +++ b/include/oembed.php @@ -146,7 +146,7 @@ function oembed_fetch_url($embedurl){ $txt = Cache::get('[' . App::$videowidth . '] ' . $furl); } - if(strpos(strtolower($embedurl),'.pdf') !== false) { + if(strpos(strtolower($embedurl),'.pdf') !== false && get_config('system','inline_pdf')) { $action = 'allow'; $j = [ 'html' => '<object data="' . $embedurl . '" type="application/pdf" style="width: 100%; height: 300px;"></object>', diff --git a/include/opengraph.php b/include/opengraph.php new file mode 100644 index 000000000..4c88570d3 --- /dev/null +++ b/include/opengraph.php @@ -0,0 +1,72 @@ +<?php +/** + * @file include/opengraph.php + * @brief Add Opengraph metadata and related functions. + */ + + + /** + * @brief Adds Opengraph meta tags into HTML head + * + * @param array $item + * @param array $channel + * + */ + + function opengraph_add_meta($item, $channel) { + + if(! empty($item)) { + + if(! empty($item['title'])) + $ogtitle = $item['title']; + + // find first image if exist + if(preg_match("/\[[zi]mg(=[0-9]+x[0-9]+)?\]([^\[]+)/is", $item['body'], $matches)) { + $ogimage = $matches[2]; + $ogimagetype = guess_image_type($ogimage); + } + + // use summary as description if exist + $ogdesc = (empty($item['summary']) ? $item['body'] : $item['summary'] ); + + $ogdesc = str_replace("#^[", "[", $ogdesc); + + $ogdesc = bbcode($ogdesc, [ 'tryoembed' => false ]); + $ogdesc = trim(html2plain($ogdesc, 0, true)); + $ogdesc = html_entity_decode($ogdesc, ENT_QUOTES, 'UTF-8'); + + // remove all URLs + $ogdesc = preg_replace("/https?\:\/\/[a-zA-Z0-9\:\/\-\?\&\;\.\=\_\~\#\%\$\!\+\,\@]+/", "", $ogdesc); + + // shorten description + $ogdesc = substr($ogdesc, 0, 300); + $ogdesc = str_replace("\n", " ", $ogdesc); + while (strpos($ogdesc, " ") !== false) + $ogdesc = str_replace(" ", " ", $ogdesc); + $ogdesc = (strlen($ogdesc) < 298 ? $ogdesc : rtrim(substr($ogdesc, 0, strrpos($ogdesc, " ")), "?.,:;!-") . "..."); + + $ogtype = "article"; + } + + if(! isset($ogdesc)) { + if(App::$profile['about'] && perm_is_allowed($channel['channel_id'],get_observer_hash(),'view_profile')) { + $ogdesc = App::$profile['about']; + } + else { + $ogdesc = sprintf( t('This is the home page of %s.'), $channel['channel_name']); + } + } + + if(! isset($ogimage)) { + $ogimage = $channel['xchan_photo_l']; + $ogimagetype = $channel['xchan_photo_mimetype']; + } + + App::$page['htmlhead'] .= '<meta property="og:title" content="' . htmlspecialchars((isset($ogtitle) ? $ogtitle : $channel['channel_name'])) . '">' . "\r\n"; + App::$page['htmlhead'] .= '<meta property="og:image" content="' . $ogimage . '">' . "\r\n"; + App::$page['htmlhead'] .= '<meta property="og:image:type" content="' . $ogimagetype . '">' . "\r\n"; + App::$page['htmlhead'] .= '<meta property="og:description" content="' . htmlspecialchars($ogdesc) . '">' . "\r\n"; + App::$page['htmlhead'] .= '<meta property="og:type" content="' . (isset($ogtype) ? $ogtype : "profile") . '">' . "\r\n"; + + return true; + } diff --git a/include/queue_fn.php b/include/queue_fn.php index 85f98aaf9..865228041 100644 --- a/include/queue_fn.php +++ b/include/queue_fn.php @@ -286,7 +286,7 @@ function queue_deliver($outq, $immediate = false) { $host_crypto = null; if($channel && $base) { - $h = q("select hubloc_sitekey, site_crypto from hubloc left join site on hubloc_url = site_url where site_url = '%s' order by hubloc_id desc limit 1", + $h = q("select hubloc_sitekey, site_crypto from hubloc left join site on hubloc_url = site_url where site_url = '%s' and hubloc_sitekey != '' order by hubloc_id desc limit 1", dbesc($base) ); if($h) { diff --git a/include/text.php b/include/text.php index 54ad9ec7a..44af40810 100644 --- a/include/text.php +++ b/include/text.php @@ -9,6 +9,8 @@ use Michelf\MarkdownExtra; use Ramsey\Uuid\Uuid; use Ramsey\Uuid\Exception\UnsatisfiedDependencyException; +use Zotlabs\Lib\SvgSanitizer; + require_once("include/bbcode.php"); // random string, there are 86 characters max in text mode, 128 for hex @@ -842,9 +844,9 @@ function get_tags($s) { $ret = array(); $match = array(); - // ignore anything in a code block - + // ignore anything in a code or svg block $s = preg_replace('/\[code(.*?)\](.*?)\[\/code\]/sm','',$s); + $s = preg_replace('/\[svg(.*?)\](.*?)\[\/svg\]/sm','',$s); // ignore anything in [style= ] $s = preg_replace('/\[style=(.*?)\]/sm','',$s); @@ -2787,6 +2789,9 @@ function handle_tag(&$body, &$str_tags, $profile_uid, $tag, $in_network = true) // select someone by attag or nick and the name passed in if(! $r) { + // strip user-supplied wildcards before running a wildcard search + $newname = str_replace('%','',$newname); + $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash WHERE xchan_addr like ('%s') AND abook_channel = %d ", dbesc(((strpos($newname,'@')) ? $newname : $newname . '@%')), @@ -3412,18 +3417,20 @@ function cleanup_bbcode($body) { $body = preg_replace_callback('/\[code(.*?)\[\/(code)\]/ism','\red_escape_codeblock',$body); $body = preg_replace_callback('/\[url(.*?)\[\/(url)\]/ism','\red_escape_codeblock',$body); $body = preg_replace_callback('/\[zrl(.*?)\[\/(zrl)\]/ism','\red_escape_codeblock',$body); + $body = preg_replace_callback('/\[svg(.*?)\[\/(svg)\]/ism','\red_escape_codeblock',$body); - $body = preg_replace_callback("/([^\]\='".'"'."\/\{]|^|\#\^)(https?\:\/\/[a-zA-Z0-9\pL\:\/\-\?\&\;\.\=\@\_\~\#\%\$\!\\ + $body = preg_replace_callback("/([^\]\='".'"'."\;\/\{]|^|\#\^)(https?\:\/\/[a-zA-Z0-9\pL\:\/\-\?\&\;\.\=\@\_\~\#\%\$\!\\ +\,\(\)]+)/ismu", '\nakedoembed', $body); - $body = preg_replace_callback("/([^\]\='".'"'."\/\{]|^|\#\^)(https?\:\/\/[a-zA-Z0-9\pL\:\/\-\?\&\;\.\=\@\_\~\#\%\$\!\\ + $body = preg_replace_callback("/([^\]\='".'"'."\;\/\{]|^|\#\^)(https?\:\/\/[a-zA-Z0-9\pL\:\/\-\?\&\;\.\=\@\_\~\#\%\$\!\\ +\,\(\)]+)/ismu", '\red_zrl_callback', $body); $body = preg_replace_callback('/\[\$b64zrl(.*?)\[\/(zrl)\]/ism','\red_unescape_codeblock',$body); $body = preg_replace_callback('/\[\$b64url(.*?)\[\/(url)\]/ism','\red_unescape_codeblock',$body); $body = preg_replace_callback('/\[\$b64code(.*?)\[\/(code)\]/ism','\red_unescape_codeblock',$body); - + $body = preg_replace_callback('/\[\$b64svg(.*?)\[\/(svg)\]/ism','\red_unescape_codeblock',$body); + // fix any img tags that should be zmg $body = preg_replace_callback('/\[img(.*?)\](.*?)\[\/img\]/ism','\red_zrlify_img_callback',$body); @@ -3648,3 +3655,23 @@ function new_uuid() { return $hash; } + + +function svg2bb($s) { + + $s = preg_replace("/\<text (.*?)\>(.*?)\<(.*?)\<\/text\>/", '<text $1>$2<$3</text>', $s); + $s = preg_replace("/\<text (.*?)\>(.*?)\>(.*?)\<\/text\>/", '<text $1>$2>$3</text>', $s); + $s = preg_replace("/\<text (.*?)\>(.*?)\[(.*?)\<\/text\>/", '<text $1>$2[$3</text>', $s); + $s = preg_replace("/\<text (.*?)\>(.*?)\](.*?)\<\/text\>/", '<text $1>$2]$3</text>', $s); + $s = utf8_encode($s); + $purify = new SvgSanitizer(); + if ($purify->loadXML($s)) { + $purify->sanitize(); + $output = $purify->saveSVG(); + $output = preg_replace("/\<\?xml(.*?)\>/",'',$output); + $output = preg_replace("/\<\!\-\-(.*?)\-\-\>/",'',$output); + $output = str_replace(['<','>'],['[',']'],$output); + return $output; + } + return EMPTY_STR; +} diff --git a/include/zot.php b/include/zot.php index 60bada1d6..d08146287 100644 --- a/include/zot.php +++ b/include/zot.php @@ -1776,17 +1776,14 @@ function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $ $DR = new Zotlabs\Lib\DReport(z_root(),$sender['hash'],$d['hash'],$arr['mid']); - $r = q("select * from channel where channel_hash = '%s' limit 1", - dbesc($d['hash']) - ); + $channel = channelx_by_hash($d['hash']); - if(! $r) { + if(! $channel) { $DR->update('recipient not found'); $result[] = $DR->get(); continue; } - $channel = $r[0]; $DR->set_name($channel['channel_name'] . ' <' . channel_reddress($channel) . '>'); /* blacklisted channels get a permission denied, no special message to tip them off */ @@ -2032,7 +2029,7 @@ function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $ // if it's a sourced post, call the post_local hooks as if it were // posted locally so that crosspost connectors will be triggered. - if(check_item_source($arr['uid'], $arr)) { + if(check_item_source($arr['uid'], $arr) || ($channel['xchan_pubforum'] == 1)) { /** * @hooks post_local * Called when an item has been posted on this machine via mod/item.php (also via API). @@ -2392,7 +2389,6 @@ function process_mail_delivery($sender, $arr, $deliveries) { } } - $r = q("select id, conv_guid from mail where mid = '%s' and channel_id = %d limit 1", dbesc($arr['mid']), intval($channel['channel_id']) |