From 96fdb88690fcb572b5bc4948a7df71b3c257a97d Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 23 Feb 2017 15:15:19 -0800 Subject: nativewiki: only apply markdown filter to markdown input --- Zotlabs/Lib/NativeWikiPage.php | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) (limited to 'Zotlabs/Lib/NativeWikiPage.php') diff --git a/Zotlabs/Lib/NativeWikiPage.php b/Zotlabs/Lib/NativeWikiPage.php index cdb2a5134..af0286997 100644 --- a/Zotlabs/Lib/NativeWikiPage.php +++ b/Zotlabs/Lib/NativeWikiPage.php @@ -333,18 +333,26 @@ class NativeWikiPage { static public function save_page($arr) { - $pageUrlName = ((array_key_exists('pageUrlName',$arr)) ? $arr['pageUrlName'] : ''); - $content = ((array_key_exists('content',$arr)) ? purify_html(Zlib\NativeWikiPage::prepare_content($arr['content'])) : ''); - $resource_id = ((array_key_exists('resource_id',$arr)) ? $arr['resource_id'] : ''); + $pageUrlName = ((array_key_exists('pageUrlName',$arr)) ? $arr['pageUrlName'] : ''); + $content = ((array_key_exists('content',$arr)) ? $arr['content'] : ''); + $resource_id = ((array_key_exists('resource_id',$arr)) ? $arr['resource_id'] : ''); $observer_hash = ((array_key_exists('observer_hash',$arr)) ? $arr['observer_hash'] : ''); $channel_id = ((array_key_exists('channel_id',$arr)) ? $arr['channel_id'] : 0); - $revision = ((array_key_exists('revision',$arr)) ? $arr['revision'] : 0); + $revision = ((array_key_exists('revision',$arr)) ? $arr['revision'] : 0); $w = Zlib\NativeWiki::get_wiki($channel_id, $observer_hash, $resource_id); if (!$w['wiki']) { return array('message' => t('Error reading wiki'), 'success' => false); } + + $mimetype = $w['mimeType']; + if($mimetype === 'text/markdown') { + $content = purify_html(Zlib\NativeWikiPage::prepare_content($content)); + } + else { + $content = escape_tags($content); + } // fetch the most recently saved revision. -- cgit v1.2.3 From eaefb362129b9d1731d809822232f1d35c95b871 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Sat, 4 Mar 2017 16:56:52 +0100 Subject: we need item edited for wiki page history, not item created --- Zotlabs/Lib/NativeWikiPage.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs/Lib/NativeWikiPage.php') diff --git a/Zotlabs/Lib/NativeWikiPage.php b/Zotlabs/Lib/NativeWikiPage.php index af0286997..25e454cb7 100644 --- a/Zotlabs/Lib/NativeWikiPage.php +++ b/Zotlabs/Lib/NativeWikiPage.php @@ -188,7 +188,7 @@ class NativeWikiPage { $processed ++; $history[] = [ 'revision' => $item['revision'], - 'date' => datetime_convert('UTC',date_default_timezone_get(),$item['created']), + 'date' => datetime_convert('UTC',date_default_timezone_get(),$item['edited']), 'name' => $item['author']['xchan_name'], 'title' => get_iconfig($item,'nwikipage','commit_msg') ]; -- cgit v1.2.3 From 9e44b0727513d820336cd4c51350d62b13cf8479 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Mon, 6 Mar 2017 22:32:05 +0100 Subject: allow unauthenticated access to public wiki pages --- Zotlabs/Lib/NativeWikiPage.php | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'Zotlabs/Lib/NativeWikiPage.php') diff --git a/Zotlabs/Lib/NativeWikiPage.php b/Zotlabs/Lib/NativeWikiPage.php index 25e454cb7..e9f8a32c9 100644 --- a/Zotlabs/Lib/NativeWikiPage.php +++ b/Zotlabs/Lib/NativeWikiPage.php @@ -232,7 +232,11 @@ class NativeWikiPage { } } - $sql_extra = item_permissions_sql($channel_id,$observer_hash); + $sql_extra = ''; + + if($w['wiki']['allow_cid'] || $w['wiki']['allow_gid'] || $w['wiki']['deny_cid'] || $w['wiki']['deny_gid']) + $sql_extra .= item_permissions_sql($channel_id,$observer_hash); + if($revision == (-1)) $sql_extra .= " order by revision desc "; elseif($revision) @@ -284,7 +288,11 @@ class NativeWikiPage { } } - $sql_extra = item_permissions_sql($channel_id,$observer_hash); + $sql_extra = ''; + + if($w['wiki']['allow_cid'] || $w['wiki']['allow_gid'] || $w['wiki']['deny_cid'] || $w['wiki']['deny_gid']) + $sql_extra .= item_permissions_sql($channel_id,$observer_hash); + $sql_extra .= " order by revision desc "; $r = null; -- cgit v1.2.3 From 595cb13d8f2793fcefdc1566715848479460e479 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 6 Mar 2017 15:33:10 -0800 Subject: correct fix for wiki anonymous read issue (items_permissions_sql checks item.public_policy which was set for posts, not wikis) --- Zotlabs/Lib/NativeWikiPage.php | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) (limited to 'Zotlabs/Lib/NativeWikiPage.php') diff --git a/Zotlabs/Lib/NativeWikiPage.php b/Zotlabs/Lib/NativeWikiPage.php index e9f8a32c9..941ade90c 100644 --- a/Zotlabs/Lib/NativeWikiPage.php +++ b/Zotlabs/Lib/NativeWikiPage.php @@ -64,6 +64,8 @@ class NativeWikiPage { $arr['deny_cid'] = $w['wiki']['deny_cid']; $arr['deny_gid'] = $w['wiki']['deny_gid']; + $arr['public_policy'] = map_scope(\Zotlabs\Access\PermissionLimits::Get($channel_id,'view_wiki'),true); + // We may wish to change this some day. $arr['item_unpublished'] = 1; @@ -232,10 +234,7 @@ class NativeWikiPage { } } - $sql_extra = ''; - - if($w['wiki']['allow_cid'] || $w['wiki']['allow_gid'] || $w['wiki']['deny_cid'] || $w['wiki']['deny_gid']) - $sql_extra .= item_permissions_sql($channel_id,$observer_hash); + $sql_extra = item_permissions_sql($channel_id,$observer_hash); if($revision == (-1)) $sql_extra .= " order by revision desc "; @@ -288,10 +287,7 @@ class NativeWikiPage { } } - $sql_extra = ''; - - if($w['wiki']['allow_cid'] || $w['wiki']['allow_gid'] || $w['wiki']['deny_cid'] || $w['wiki']['deny_gid']) - $sql_extra .= item_permissions_sql($channel_id,$observer_hash); + $sql_extra = item_permissions_sql($channel_id,$observer_hash); $sql_extra .= " order by revision desc "; -- cgit v1.2.3 From fa629841bd2fd150531a5494504a24b13a0c4503 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 14 Mar 2017 17:07:29 -0700 Subject: input filter updates --- Zotlabs/Lib/NativeWikiPage.php | 31 ++----------------------------- 1 file changed, 2 insertions(+), 29 deletions(-) (limited to 'Zotlabs/Lib/NativeWikiPage.php') diff --git a/Zotlabs/Lib/NativeWikiPage.php b/Zotlabs/Lib/NativeWikiPage.php index 941ade90c..9f54081a1 100644 --- a/Zotlabs/Lib/NativeWikiPage.php +++ b/Zotlabs/Lib/NativeWikiPage.php @@ -307,34 +307,6 @@ class NativeWikiPage { return null; } - - - static public function prepare_content($s) { - - $text = preg_replace_callback('{ - (?:\n\n|\A\n?) - ( # $1 = the code block -- one or more lines, starting with a space/tab - (?> - [ ]{'.'4'.'} # Lines must start with a tab or a tab-width of spaces - .*\n+ - )+ - ) - ((?=^[ ]{0,'.'4'.'}\S)|\Z) # Lookahead for non-space at line-start, or end of doc - }xm', - 'self::nwiki_prepare_content_callback', $s); - - return $text; - } - - static public function nwiki_prepare_content_callback($matches) { - $codeblock = $matches[1]; - - $codeblock = htmlspecialchars($codeblock, ENT_NOQUOTES, UTF8, false); - return "\n\n" . $codeblock ; - } - - - static public function save_page($arr) { $pageUrlName = ((array_key_exists('pageUrlName',$arr)) ? $arr['pageUrlName'] : ''); @@ -352,7 +324,8 @@ class NativeWikiPage { $mimetype = $w['mimeType']; if($mimetype === 'text/markdown') { - $content = purify_html(Zlib\NativeWikiPage::prepare_content($content)); + $x = new Zlib\MarkdownSoap($content); + $content = $x->clean(); } else { $content = escape_tags($content); -- cgit v1.2.3 From d5525a38f185e37fe0101bc7ef6e67abf59f98f8 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sat, 18 Mar 2017 16:41:43 -0700 Subject: various input filter fixes --- Zotlabs/Lib/NativeWikiPage.php | 31 ++++++++++++++++++++++++------- 1 file changed, 24 insertions(+), 7 deletions(-) (limited to 'Zotlabs/Lib/NativeWikiPage.php') diff --git a/Zotlabs/Lib/NativeWikiPage.php b/Zotlabs/Lib/NativeWikiPage.php index 9f54081a1..3d6da7779 100644 --- a/Zotlabs/Lib/NativeWikiPage.php +++ b/Zotlabs/Lib/NativeWikiPage.php @@ -323,13 +323,6 @@ class NativeWikiPage { } $mimetype = $w['mimeType']; - if($mimetype === 'text/markdown') { - $x = new Zlib\MarkdownSoap($content); - $content = $x->clean(); - } - else { - $content = escape_tags($content); - } // fetch the most recently saved revision. @@ -348,6 +341,7 @@ class NativeWikiPage { $item['author_xchan'] = $observer_hash; $item['revision'] = (($arr['revision']) ? intval($arr['revision']) + 1 : intval($item['revision']) + 1); $item['edited'] = datetime_convert(); + $item['mimetype'] = $mimetype; if($item['iconfig'] && is_array($item['iconfig']) && count($item['iconfig'])) { for($x = 0; $x < count($item['iconfig']); $x ++) { @@ -515,6 +509,29 @@ class NativeWikiPage { } return $s; } + + static public function render_page_history($arr) { + + $pageUrlName = ((array_key_exists('pageUrlName', $arr)) ? $arr['pageUrlName'] : ''); + $resource_id = ((array_key_exists('resource_id', $arr)) ? $arr['resource_id'] : ''); + + $pageHistory = self::page_history([ + 'channel_id' => \App::$profile_uid, + 'observer_hash' => get_observer_hash(), + 'resource_id' => $resource_id, + 'pageUrlName' => $pageUrlName + ]); + + return replace_macros(get_markup_template('nwiki_page_history.tpl'), array( + '$pageHistory' => $pageHistory['history'], + '$permsWrite' => $arr['permsWrite'], + '$name_lbl' => t('Name'), + '$msg_label' => t('Message','wiki_history') + )); + + } + + /** * Replace the instances of the string [toc] with a list element that will be populated by -- cgit v1.2.3 From e97dd48b4c046bac86322d91a13fd55d0cf3a99f Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 20 Mar 2017 19:41:03 -0700 Subject: even more fine tuning of the markdown purifier - especially when used with the wiki --- Zotlabs/Lib/NativeWikiPage.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs/Lib/NativeWikiPage.php') diff --git a/Zotlabs/Lib/NativeWikiPage.php b/Zotlabs/Lib/NativeWikiPage.php index 3d6da7779..960fe014e 100644 --- a/Zotlabs/Lib/NativeWikiPage.php +++ b/Zotlabs/Lib/NativeWikiPage.php @@ -156,7 +156,7 @@ class NativeWikiPage { $content = $item['body']; return [ - 'content' => json_encode($content), + 'content' => $content, 'mimeType' => $w['mimeType'], 'message' => '', 'success' => true -- cgit v1.2.3 From 09967598e15eb5d201bcc676ffb329b97e1b89b8 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Wed, 19 Apr 2017 10:51:50 +0200 Subject: order wiki pages by creation date --- Zotlabs/Lib/NativeWikiPage.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs/Lib/NativeWikiPage.php') diff --git a/Zotlabs/Lib/NativeWikiPage.php b/Zotlabs/Lib/NativeWikiPage.php index 960fe014e..bd40367c9 100644 --- a/Zotlabs/Lib/NativeWikiPage.php +++ b/Zotlabs/Lib/NativeWikiPage.php @@ -21,7 +21,7 @@ class NativeWikiPage { $sql_extra = item_permissions_sql($channel_id,$observer_hash); $r = q("select * from item where resource_type = 'nwikipage' and resource_id = '%s' and uid = %d and item_deleted = 0 - $sql_extra group by mid", + $sql_extra group by mid order by created asc", dbesc($resource_id), intval($channel_id) ); -- cgit v1.2.3 From 2778e63d6c51b5ca77d9a309ddb7390b239fa491 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 26 Apr 2017 19:47:05 -0700 Subject: issues from hubzilla:#737 --- Zotlabs/Lib/NativeWikiPage.php | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) (limited to 'Zotlabs/Lib/NativeWikiPage.php') diff --git a/Zotlabs/Lib/NativeWikiPage.php b/Zotlabs/Lib/NativeWikiPage.php index bd40367c9..ed3df436c 100644 --- a/Zotlabs/Lib/NativeWikiPage.php +++ b/Zotlabs/Lib/NativeWikiPage.php @@ -21,12 +21,23 @@ class NativeWikiPage { $sql_extra = item_permissions_sql($channel_id,$observer_hash); $r = q("select * from item where resource_type = 'nwikipage' and resource_id = '%s' and uid = %d and item_deleted = 0 - $sql_extra group by mid order by created asc", + $sql_extra order by created asc", dbesc($resource_id), intval($channel_id) ); if($r) { - $items = fetch_post_tags($r,true); + $x = []; + $y = []; + + foreach($r as $rv) { + if(! in_array($rv['mid'],$x)) { + $y[] = $rv; + $x[] = $rv['mid']; + } + } + + $items = fetch_post_tags($y,true); + foreach($items as $page_item) { $title = get_iconfig($page_item['id'],'nwikipage','pagetitle',t('(No Title)')); if(urldecode($title) !== 'Home') { -- cgit v1.2.3