diff options
Diffstat (limited to 'include')
| -rw-r--r-- | include/html2bbcode.php | 6 | ||||
| -rw-r--r-- | include/items.php | 30 | ||||
| -rw-r--r-- | include/notifier.php | 25 | ||||
| -rw-r--r-- | include/poller.php | 4 |
4 files changed, 40 insertions, 25 deletions
diff --git a/include/html2bbcode.php b/include/html2bbcode.php index 688c01452..65cbcec41 100644 --- a/include/html2bbcode.php +++ b/include/html2bbcode.php @@ -11,6 +11,9 @@ function html2bbcode($s) { $htmltags = array( '/\n/is', + '/\<pre\>(.*?)\<\/pre\>/is', + '/\<p(.*?)\>/is', + '/\<\/p\>/is', '/\<b\>(.*?)\<\/b\>/is', '/\<i\>(.*?)\<\/i\>/is', '/\<u\>(.*?)\<\/u\>/is', @@ -33,6 +36,9 @@ function html2bbcode($s) { $bbtags = array( '', + '[code]$1[/code]', + '', + "\n", '[b]$1[/b]', '[i]$1[/i]', '[u]$1[/u]', diff --git a/include/items.php b/include/items.php index 1a5ca5a1f..1fdbc6fc2 100644 --- a/include/items.php +++ b/include/items.php @@ -35,6 +35,7 @@ function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0) else killme(); + /** * * Determine the next birthday, but only if the birthday is published @@ -380,7 +381,7 @@ function get_atom_elements($feed,$item) { // It isn't certain at this point whether our content is plaintext or html and we'd be foolish to trust // the content type. Our own network only emits text normally, though it might have been converted to - // html if we used a pubsubhubbub transport. But if we see even one html open tag in our text, we will + // html if we used a pubsubhubbub transport. But if we see even one html tag in our text, we will // have to assume it is all html and needs to be purified. // It doesn't matter all that much security wise - because before this content is used anywhere, we are @@ -389,7 +390,7 @@ function get_atom_elements($feed,$item) { // html. - if(strpos($res['body'],'<')) { + if((strpos($res['body'],'<')) || (strpos($res['body'],'>'))) { $res['body'] = preg_replace('#<object[^>]+>.+?' . 'http://www.youtube.com/((?:v|cp)/[A-Za-z0-9\-_=]+).+?</object>#s', '[youtube]$1[/youtube]', $res['body']); @@ -403,11 +404,12 @@ function get_atom_elements($feed,$item) { $purifier = new HTMLPurifier($config); $res['body'] = $purifier->purify($res['body']); - } + $res['body'] = html2bbcode($res['body']); + } + else + $res['body'] = escape_tags($res['body']); - $res['body'] = html2bbcode($res['body']); - $allow = $item->get_item_tags(NAMESPACE_DFRN,'comment-allow'); if($allow && $allow[0]['data'] == 1) @@ -495,7 +497,7 @@ function get_atom_elements($feed,$item) { $body = $rawobj[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['summary'][0]['data']; // preserve a copy of the original body content in case we later need to parse out any microformat information, e.g. events $res['object'] .= '<orig>' . xmlify($body) . '</orig>' . "\n"; - if(strpos($body,'<')) { + if((strpos($body,'<')) || (strpos($body,'>'))) { $body = preg_replace('#<object[^>]+>.+?' . 'http://www.youtube.com/((?:v|cp)/[A-Za-z0-9\-_=]+).+?</object>#s', '[youtube]$1[/youtube]', $body); @@ -505,9 +507,11 @@ function get_atom_elements($feed,$item) { $purifier = new HTMLPurifier($config); $body = $purifier->purify($body); + $body = html2bbcode($body); } + else + $body = escape_tags($body); - $body = html2bbcode($body); $res['object'] .= '<content>' . $body . '</content>' . "\n"; } @@ -534,7 +538,7 @@ function get_atom_elements($feed,$item) { $body = $rawobj[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['summary'][0]['data']; // preserve a copy of the original body content in case we later need to parse out any microformat information, e.g. events $res['object'] .= '<orig>' . xmlify($body) . '</orig>' . "\n"; - if(strpos($body,'<')) { + if((strpos($body,'<')) || (strpos($body,'>'))) { $body = preg_replace('#<object[^>]+>.+?' . 'http://www.youtube.com/((?:v|cp)/[A-Za-z0-9\-_=]+).+?</object>#s', '[youtube]$1[/youtube]', $body); @@ -544,9 +548,11 @@ function get_atom_elements($feed,$item) { $purifier = new HTMLPurifier($config); $body = $purifier->purify($body); + $body = html2bbcode($body); } + else + $body = escape_tags($body); - $body = html2bbcode($body); $res['target'] .= '<content>' . $body . '</content>' . "\n"; } @@ -571,7 +577,7 @@ function encode_rel_links($links) { if($link['attribs']['']['type']) $o .= 'type="' . $link['attribs']['']['type'] . '" '; if($link['attribs']['']['href']) - $o .= 'type="' . $link['attribs']['']['href'] . '" '; + $o .= 'href="' . $link['attribs']['']['href'] . '" '; if( (x($link['attribs'],NAMESPACE_MEDIA)) && $link['attribs'][NAMESPACE_MEDIA]['width']) $o .= 'media:width="' . $link['attribs'][NAMESPACE_MEDIA]['width'] . '" '; if( (x($link['attribs'],NAMESPACE_MEDIA)) && $link['attribs'][NAMESPACE_MEDIA]['height']) @@ -782,8 +788,8 @@ function dfrn_deliver($owner,$contact,$atom) { return (($res->status) ? $res->status : 3); $postvars = array(); - $sent_dfrn_id = hex2bin($res->dfrn_id); - $challenge = hex2bin($res->challenge); + $sent_dfrn_id = hex2bin((string) $res->dfrn_id); + $challenge = hex2bin((string) $res->challenge); $rino_allowed = ((intval($res->rino) === 1) ? 1 : 0); $final_dfrn_id = ''; diff --git a/include/notifier.php b/include/notifier.php index 7791b9bd4..39640e51a 100644 --- a/include/notifier.php +++ b/include/notifier.php @@ -181,7 +181,7 @@ '$feed_title' => xmlify($owner['name']), '$feed_updated' => xmlify(datetime_convert('UTC', 'UTC', $updated . '+00:00' , ATOM_TIME)) , '$hub' => $hubxml, - '$salmon' => '', // private feed, we don't use salmon here + '$salmon' => '', // private feed, we don't use salmon here '$name' => xmlify($owner['name']), '$profile_page' => xmlify($owner['url']), '$photo' => xmlify($owner['photo']), @@ -207,7 +207,6 @@ )); } else { - if($followup) { foreach($items as $item) { // there is only one item if($item['id'] == $item_id) { @@ -224,7 +223,13 @@ continue; $atom .= atom_entry($item,'text',$contact,$owner,true); - $slaps[] = atom_entry($item,'html',$contact,$owner,true); + + // There's a problem here - we *were* going to use salmon to provide semi-authenticated + // communication to OStatus, but unless we're the item author they won't verify. + // commented out for now, though we'll still send local replies (and any mentions + // that they contain) upstream. Rethinking the problem space. + +// $slaps[] = atom_entry($item,'html',$contact,$owner,true); } } } @@ -232,7 +237,7 @@ logger('notifier: ' . $atom, LOGGER_DATA); - logger('notifier: slaps: ' . print_r($slaps,true), LOGGER_DATA); +// logger('notifier: slaps: ' . print_r($slaps,true), LOGGER_DATA); if($followup) $recip_str = $parent['contact-id']; @@ -324,14 +329,12 @@ // send additional slaps to mentioned remote tags (@foo@example.com) - if(count($slaps) && count($url_recipients) && $notify_hub) { + if($slap && count($url_recipients) && $followup && $notify_hub) { foreach($url_recipients as $url) { - logger('notifier: urldelivery: ' . $url); - foreach($slaps as $slappy) { - if($url) { - $deliver_status = slapper($owner,$url,$slappy); - // TODO: redeliver/queue these items on failure, though there is no contact record - } + if($url) { + logger('notifier: urldelivery: ' . $url); + $deliver_status = slapper($owner,$url,$slap); + // TODO: redeliver/queue these items on failure, though there is no contact record } } } diff --git a/include/poller.php b/include/poller.php index 28e421f5f..fc45ff9c3 100644 --- a/include/poller.php +++ b/include/poller.php @@ -186,8 +186,8 @@ $postvars = array(); - $sent_dfrn_id = hex2bin($res->dfrn_id); - $challenge = hex2bin($res->challenge); + $sent_dfrn_id = hex2bin((string) $res->dfrn_id); + $challenge = hex2bin((string) $res->challenge); $final_dfrn_id = ''; |