From 4afeefb5ce2119541a6d2a0a0b332c7a9a59a2b4 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sat, 18 Mar 2017 16:41:43 -0700 Subject: various input filter fixes --- Zotlabs/Lib/MarkdownSoap.php | 14 ++++++++++++-- Zotlabs/Lib/NativeWikiPage.php | 31 ++++++++++++++++++++++++------- 2 files changed, 36 insertions(+), 9 deletions(-) (limited to 'Zotlabs/Lib') diff --git a/Zotlabs/Lib/MarkdownSoap.php b/Zotlabs/Lib/MarkdownSoap.php index 2dcaaec9a..8cc18d513 100644 --- a/Zotlabs/Lib/MarkdownSoap.php +++ b/Zotlabs/Lib/MarkdownSoap.php @@ -34,9 +34,13 @@ class MarkdownSoap { function clean() { + $x = $this->extract_code($this->str); + $x = $this->purify($x); + $x = $this->putback_code($x); + $x = $this->escape($x); return $x; @@ -60,7 +64,7 @@ class MarkdownSoap { } function encode_code($matches) { - return $this->token . ';' . base64_encode($matches[1]) . ';' ; + return $this->token . ';' . base64_encode($matches[0]) . ';' ; } function decode_code($matches) { @@ -73,7 +77,13 @@ class MarkdownSoap { } function purify($s) { - return purify_html($s); + $s = str_replace("\n",'
',$s); + $s = str_replace("\t",'    ',$s); + $s = str_replace(' ',' ',$s); + $s = purify_html($s); + $s = str_replace(' '," ",$s); + $s = str_replace(['
','
'],["\n","\n"],$s); + return $s; } function escape($s) { diff --git a/Zotlabs/Lib/NativeWikiPage.php b/Zotlabs/Lib/NativeWikiPage.php index 9f54081a1..3d6da7779 100644 --- a/Zotlabs/Lib/NativeWikiPage.php +++ b/Zotlabs/Lib/NativeWikiPage.php @@ -323,13 +323,6 @@ class NativeWikiPage { } $mimetype = $w['mimeType']; - if($mimetype === 'text/markdown') { - $x = new Zlib\MarkdownSoap($content); - $content = $x->clean(); - } - else { - $content = escape_tags($content); - } // fetch the most recently saved revision. @@ -348,6 +341,7 @@ class NativeWikiPage { $item['author_xchan'] = $observer_hash; $item['revision'] = (($arr['revision']) ? intval($arr['revision']) + 1 : intval($item['revision']) + 1); $item['edited'] = datetime_convert(); + $item['mimetype'] = $mimetype; if($item['iconfig'] && is_array($item['iconfig']) && count($item['iconfig'])) { for($x = 0; $x < count($item['iconfig']); $x ++) { @@ -515,6 +509,29 @@ class NativeWikiPage { } return $s; } + + static public function render_page_history($arr) { + + $pageUrlName = ((array_key_exists('pageUrlName', $arr)) ? $arr['pageUrlName'] : ''); + $resource_id = ((array_key_exists('resource_id', $arr)) ? $arr['resource_id'] : ''); + + $pageHistory = self::page_history([ + 'channel_id' => \App::$profile_uid, + 'observer_hash' => get_observer_hash(), + 'resource_id' => $resource_id, + 'pageUrlName' => $pageUrlName + ]); + + return replace_macros(get_markup_template('nwiki_page_history.tpl'), array( + '$pageHistory' => $pageHistory['history'], + '$permsWrite' => $arr['permsWrite'], + '$name_lbl' => t('Name'), + '$msg_label' => t('Message','wiki_history') + )); + + } + + /** * Replace the instances of the string [toc] with a list element that will be populated by -- cgit v1.2.3