From fc88c306ab282ab7061d69e5bdc60896fbdb8839 Mon Sep 17 00:00:00 2001 From: nobody Date: Mon, 22 Feb 2021 17:23:08 -0800 Subject: some minor issues uncovered during hubzilla->zap export testing --- Zotlabs/Lib/Activity.php | 6 +++--- include/items.php | 23 +++++++++++++++++++++++ 2 files changed, 26 insertions(+), 3 deletions(-) diff --git a/Zotlabs/Lib/Activity.php b/Zotlabs/Lib/Activity.php index d286f35c2..6129e7f55 100644 --- a/Zotlabs/Lib/Activity.php +++ b/Zotlabs/Lib/Activity.php @@ -3313,17 +3313,17 @@ class Activity { $ret = false; foreach ($attach as $a) { - if (strpos($a['type'], 'image') !== false) { + if (array_key_exists('type',$a) && stripos($a['type'], 'image') !== false) { if (self::media_not_in_body($a['href'], $body)) { $ret .= "\n\n" . '[img]' . $a['href'] . '[/img]'; } } - if (array_key_exists('type', $a) && strpos($a['type'], 'video') === 0) { + if (array_key_exists('type', $a) && stripos($a['type'], 'video') !== false) { if (self::media_not_in_body($a['href'], $body)) { $ret .= "\n\n" . '[video]' . $a['href'] . '[/video]'; } } - if (array_key_exists('type', $a) && strpos($a['type'], 'audio') === 0) { + if (array_key_exists('type', $a) && stripos($a['type'], 'audio') !== false) { if (self::media_not_in_body($a['href'], $body)) { $ret .= "\n\n" . '[audio]' . $a['href'] . '[/audio]'; } diff --git a/include/items.php b/include/items.php index 1eecfcb0b..eda79c00d 100644 --- a/include/items.php +++ b/include/items.php @@ -1416,6 +1416,25 @@ function decode_tags($t) { return ''; } + +function purify_imported_object($obj) { + $ret = null; + if (is_array($obj)) { + foreach ( $obj as $k => $v ) { + $ret[$k] = purify_html($v); + } + } + elseif (is_string($obj)) { + $ret = purify_html($obj); + } + + return $ret; +} + + + + + /** * @brief Santise a potentially complex array. * @@ -1427,6 +1446,10 @@ function activity_sanitise($arr) { if(is_array($arr)) { $ret = array(); foreach($arr as $k => $x) { + if (in_array($k, [ 'content', 'summary', 'contentMap', 'summaryMap' ])) { + $ret[$k] = purify_imported_object($arr[$k]); + continue; + } if(is_array($x)) $ret[$k] = activity_sanitise($x); else -- cgit v1.2.3