From 410f5389ae90e1c219b097b051aaa9922e73efd5 Mon Sep 17 00:00:00 2001 From: Andrew Manning Date: Sun, 12 Jun 2016 07:17:23 -0400 Subject: Apply purify_html to page content before preview and save to prevent JavaScript code injection. --- Zotlabs/Module/Wiki.php | 18 +++--------------- 1 file changed, 3 insertions(+), 15 deletions(-) (limited to 'Zotlabs/Module/Wiki.php') diff --git a/Zotlabs/Module/Wiki.php b/Zotlabs/Module/Wiki.php index fbf751ddf..1e6446904 100644 --- a/Zotlabs/Module/Wiki.php +++ b/Zotlabs/Module/Wiki.php @@ -167,7 +167,7 @@ class Wiki extends \Zotlabs\Web\Controller { if((argc() > 2) && (argv(2) === 'preview')) { $content = $_POST['content']; require_once('library/markdown.php'); - $html = Markdown($content); + $html = purify_html(Markdown($content)); json_return_and_die(array('html' => $html, 'success' => true)); } @@ -182,19 +182,7 @@ class Wiki extends \Zotlabs\Web\Controller { // more detail permissions framework if (local_channel() !== intval($channel['channel_id'])) { goaway('/'.argv(0).'/'.$nick.'/'); - } else { - /* - $channel = get_channel_by_nick($nick); - // Figure out who the page owner is. - $perms = get_all_perms(intval($channel['channel_id']), $observer_hash); - // TODO: Create a new permission setting for wiki analogous to webpages. Until - // then, use webpage permissions - if (!$perms['write_pages']) { - notice(t('Permission denied.') . EOL); - goaway('/'.argv(0).'/'.argv(1).'/'); - } - */ - } + } $wiki = array(); // Generate new wiki info from input name $wiki['rawName'] = $_POST['wikiName']; @@ -306,7 +294,7 @@ class Wiki extends \Zotlabs\Web\Controller { $resource_id = $_POST['resource_id']; $pageUrlName = $_POST['name']; $pageHtmlName = escape_tags($_POST['name']); - $content = escape_tags($_POST['content']); //Get new content + $content = $_POST['content']; //Get new content $commitMsg = $_POST['commitMsg']; if ($commitMsg === '') { $commitMsg = 'Updated ' . $pageHtmlName; -- cgit v1.2.3 From 0ef2622621867fa197988974b47eff85f20a80e7 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 13 Jun 2016 22:09:22 -0700 Subject: some work to provide propagation and honouring of the item_notshown flag. --- Zotlabs/Module/Wiki.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'Zotlabs/Module/Wiki.php') diff --git a/Zotlabs/Module/Wiki.php b/Zotlabs/Module/Wiki.php index 1e6446904..f1f7b87b2 100644 --- a/Zotlabs/Module/Wiki.php +++ b/Zotlabs/Module/Wiki.php @@ -1,6 +1,6 @@ - Date: Wed, 15 Jun 2016 06:25:31 -0400 Subject: Rename page feature added. Fixed bug in git commit function and other minor fixes. --- Zotlabs/Module/Wiki.php | 54 +++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 50 insertions(+), 4 deletions(-) (limited to 'Zotlabs/Module/Wiki.php') diff --git a/Zotlabs/Module/Wiki.php b/Zotlabs/Module/Wiki.php index f1f7b87b2..9e7d151b5 100644 --- a/Zotlabs/Module/Wiki.php +++ b/Zotlabs/Module/Wiki.php @@ -72,7 +72,8 @@ class Wiki extends \Zotlabs\Web\Controller { switch (argc()) { case 2: // Configure page template - $wikiheader = t('Wiki Sandbox'); + $wikiheaderName = t('Wiki'); + $wikiheaderPage = t('Sandbox'); $content = '"# Wiki Sandbox\n\nContent you **edit** and **preview** here *will not be saved*."'; $hide_editor = false; $showPageControls = false; @@ -113,7 +114,8 @@ class Wiki extends \Zotlabs\Web\Controller { } else { $wiki_editor = true; } - $wikiheader = urldecode($wikiUrlName) . ': ' . urldecode($pageUrlName); // show wiki name and page + $wikiheaderName = urldecode($wikiUrlName); + $wikiheaderPage = urldecode($pageUrlName); $p = wiki_get_page_content(array('resource_id' => $resource_id, 'pageUrlName' => $pageUrlName)); if(!$p['success']) { notice('Error retrieving page content' . EOL); @@ -135,7 +137,8 @@ class Wiki extends \Zotlabs\Web\Controller { require_once('library/markdown.php'); $o .= replace_macros(get_markup_template('wiki.tpl'),array( - '$wikiheader' => $wikiheader, + '$wikiheaderName' => $wikiheaderName, + '$wikiheaderPage' => $wikiheaderPage, '$hideEditor' => $hide_editor, '$showPageControls' => $showPageControls, '$showNewWikiButton'=> $showNewWikiButton, @@ -152,6 +155,7 @@ class Wiki extends \Zotlabs\Web\Controller { '$renderedContent' => Markdown(json_decode($content)), '$wikiName' => array('wikiName', t('Enter the name of your new wiki:'), '', ''), '$pageName' => array('pageName', t('Enter the name of the new page:'), '', ''), + '$pageRename' => array('pageRename', t('Enter the new name:'), '', ''), '$commitMsg' => array('commitMsg', '', '', '', '', 'placeholder="(optional) Enter a custom message when saving the page..."'), '$pageHistory' => $pageHistory['history'] )); @@ -377,7 +381,7 @@ class Wiki extends \Zotlabs\Web\Controller { if($deleted['success']) { $ob = \App::get_observer(); $commit = wiki_git_commit(array( - 'commit_msg' => 'Deleted ' . $pageHtmlName, + 'commit_msg' => 'Deleted ' . $pageUrlName, 'resource_id' => $resource_id, 'observer' => $ob, 'files' => null @@ -416,6 +420,48 @@ class Wiki extends \Zotlabs\Web\Controller { } } + // Rename a page + if ((argc() === 4) && (argv(2) === 'rename') && (argv(3) === 'page')) { + $resource_id = $_POST['resource_id']; + $pageUrlName = $_POST['oldName']; + $pageNewName = $_POST['newName']; + if ($pageUrlName === 'Home') { + json_return_and_die(array('message' => 'Cannot rename Home','success' => false)); + } + if(urlencode(escape_tags($pageNewName)) === '') { + json_return_and_die(array('message' => 'Error renaming page. Invalid name.', 'success' => false)); + } + // Determine if observer has permission to rename pages + $nick = argv(1); + $channel = get_channel_by_nick($nick); + if (local_channel() !== intval($channel['channel_id'])) { + $observer_hash = get_observer_hash(); + $perms = wiki_get_permissions($resource_id, intval($channel['channel_id']), $observer_hash); + if(!$perms['write']) { + logger('Wiki write permission denied. ' . EOL); + json_return_and_die(array('success' => false)); + } + } + $renamed = wiki_rename_page(array('resource_id' => $resource_id, 'pageUrlName' => $pageUrlName, 'pageNewName' => $pageNewName)); + logger('$renamed: ' . json_encode($renamed)); + if($renamed['success']) { + $ob = \App::get_observer(); + $commit = wiki_git_commit(array( + 'commit_msg' => 'Renamed ' . urldecode($pageUrlName) . ' to ' . $renamed['page']['htmlName'], + 'resource_id' => $resource_id, + 'observer' => $ob, + 'files' => array($pageUrlName . '.md', $renamed['page']['fileName']), + 'all' => true + )); + if($commit['success']) { + json_return_and_die(array('name' => $renamed['page'], 'message' => 'Wiki git repo commit made', 'success' => true)); + } else { + json_return_and_die(array('message' => 'Error making git commit','success' => false)); + } + } else { + json_return_and_die(array('message' => 'Error renaming page', 'success' => false)); + } + } //notice('You must be authenticated.'); json_return_and_die(array('message' => 'You must be authenticated.', 'success' => false)); -- cgit v1.2.3 From 961539258be90f5b7c989299db0e8c551d0d6c72 Mon Sep 17 00:00:00 2001 From: Andrew Manning Date: Fri, 17 Jun 2016 06:33:39 -0400 Subject: Wiki page revision comparison tool with diff displayed in modal dialog. Leverages Diff class from http://code.stephenmorley.org/php/diff-implementation with license CC0 1.0 universal http://creativecommons.org/publicdomain/zero/1.0/legalcode --- Zotlabs/Module/Wiki.php | 42 ++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 40 insertions(+), 2 deletions(-) (limited to 'Zotlabs/Module/Wiki.php') diff --git a/Zotlabs/Module/Wiki.php b/Zotlabs/Module/Wiki.php index 9e7d151b5..83fa0e337 100644 --- a/Zotlabs/Module/Wiki.php +++ b/Zotlabs/Module/Wiki.php @@ -136,6 +136,16 @@ class Wiki extends \Zotlabs\Web\Controller { // Render the Markdown-formatted page content in HTML require_once('library/markdown.php'); + $wikiModalID = random_string(3); + $wikiModal = replace_macros( + get_markup_template('generic_modal.tpl'), array( + '$id' => $wikiModalID, + '$title' => t('Revision Comparison'), + '$ok' => t('Revert'), + '$cancel' => t('Cancel') + ) + ); + $o .= replace_macros(get_markup_template('wiki.tpl'),array( '$wikiheaderName' => $wikiheaderName, '$wikiheaderPage' => $wikiheaderPage, @@ -157,7 +167,10 @@ class Wiki extends \Zotlabs\Web\Controller { '$pageName' => array('pageName', t('Enter the name of the new page:'), '', ''), '$pageRename' => array('pageRename', t('Enter the new name:'), '', ''), '$commitMsg' => array('commitMsg', '', '', '', '', 'placeholder="(optional) Enter a custom message when saving the page..."'), - '$pageHistory' => $pageHistory['history'] + '$pageHistory' => $pageHistory['history'], + '$wikiModal' => $wikiModal, + '$wikiModalID' => $wikiModalID, + '$commit' => 'HEAD' )); head_add_js('library/ace/ace.js'); // Ace Code Editor return $o; @@ -412,7 +425,7 @@ class Wiki extends \Zotlabs\Web\Controller { json_return_and_die(array('success' => false)); } } - $reverted = wiki_revert_page(array('commitHash' => $commitHash, 'observer' => \App::get_observer(), 'resource_id' => $resource_id, 'pageUrlName' => $pageUrlName)); + $reverted = wiki_revert_page(array('commitHash' => $commitHash, 'resource_id' => $resource_id, 'pageUrlName' => $pageUrlName)); if($reverted['success']) { json_return_and_die(array('content' => $reverted['content'], 'message' => '', 'success' => true)); } else { @@ -420,6 +433,31 @@ class Wiki extends \Zotlabs\Web\Controller { } } + // Compare page revisions + if ((argc() === 4) && (argv(2) === 'compare') && (argv(3) === 'page')) { + $resource_id = $_POST['resource_id']; + $pageUrlName = $_POST['name']; + $compareCommit = $_POST['compareCommit']; + $currentCommit = $_POST['currentCommit']; + // Determine if observer has permission to revert pages + $nick = argv(1); + $channel = get_channel_by_nick($nick); + if (local_channel() !== intval($channel['channel_id'])) { + $observer_hash = get_observer_hash(); + $perms = wiki_get_permissions($resource_id, intval($channel['channel_id']), $observer_hash); + if(!$perms['read']) { + logger('Wiki read permission denied.' . EOL); + json_return_and_die(array('success' => false)); + } + } + $compare = wiki_compare_page(array('currentCommit' => $currentCommit, 'compareCommit' => $compareCommit, 'resource_id' => $resource_id, 'pageUrlName' => $pageUrlName)); + if($compare['success']) { + json_return_and_die(array('diff' => $compare['diff'], 'message' => '', 'success' => true)); + } else { + json_return_and_die(array('diff' => '', 'message' => 'Error comparing page', 'success' => false)); + } + } + // Rename a page if ((argc() === 4) && (argv(2) === 'rename') && (argv(3) === 'page')) { $resource_id = $_POST['resource_id']; -- cgit v1.2.3 From a3ec9f394068d7dccef44c8f27c085cb380e54d5 Mon Sep 17 00:00:00 2001 From: Andrew Manning Date: Mon, 20 Jun 2016 13:27:05 -0400 Subject: Add formatted heading for revision comparison viewer --- Zotlabs/Module/Wiki.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'Zotlabs/Module/Wiki.php') diff --git a/Zotlabs/Module/Wiki.php b/Zotlabs/Module/Wiki.php index 83fa0e337..bef831de8 100644 --- a/Zotlabs/Module/Wiki.php +++ b/Zotlabs/Module/Wiki.php @@ -452,7 +452,8 @@ class Wiki extends \Zotlabs\Web\Controller { } $compare = wiki_compare_page(array('currentCommit' => $currentCommit, 'compareCommit' => $compareCommit, 'resource_id' => $resource_id, 'pageUrlName' => $pageUrlName)); if($compare['success']) { - json_return_and_die(array('diff' => $compare['diff'], 'message' => '', 'success' => true)); + $diffHTML = '
Current RevisionSelected Revision
' . $compare['diff']; + json_return_and_die(array('diff' => $diffHTML, 'message' => '', 'success' => true)); } else { json_return_and_die(array('diff' => '', 'message' => 'Error comparing page', 'success' => false)); } -- cgit v1.2.3 From 780f83a118146cf67509574ac88024c2cb03cf3a Mon Sep 17 00:00:00 2001 From: Andrew Manning Date: Sat, 25 Jun 2016 06:27:14 -0500 Subject: Post generation about new wiki is optional, default is NOT to post. Fixed bug in wiki creation. Added embed image dialog and album browser. --- Zotlabs/Module/Wiki.php | 31 ++++++++++++++----------------- 1 file changed, 14 insertions(+), 17 deletions(-) (limited to 'Zotlabs/Module/Wiki.php') diff --git a/Zotlabs/Module/Wiki.php b/Zotlabs/Module/Wiki.php index bef831de8..1c3add38f 100644 --- a/Zotlabs/Module/Wiki.php +++ b/Zotlabs/Module/Wiki.php @@ -145,7 +145,7 @@ class Wiki extends \Zotlabs\Web\Controller { '$cancel' => t('Cancel') ) ); - + $o .= replace_macros(get_markup_template('wiki.tpl'),array( '$wikiheaderName' => $wikiheaderName, '$wikiheaderPage' => $wikiheaderPage, @@ -170,7 +170,17 @@ class Wiki extends \Zotlabs\Web\Controller { '$pageHistory' => $pageHistory['history'], '$wikiModal' => $wikiModal, '$wikiModalID' => $wikiModalID, - '$commit' => 'HEAD' + '$commit' => 'HEAD', + '$embedPhotos' => t('Embed image from photo albums'), + '$embedPhotosModalTitle' => t('Embed an image from your albums'), + '$embedPhotosModalCancel' => t('Cancel'), + '$embedPhotosModalOK' => t('OK'), + '$modalchooseimages' => t('Choose images to embed'), + '$modalchoosealbum' => t('Choose an album'), + '$modaldiffalbum' => t('Choose a different album...'), + '$modalerrorlist' => t('Error getting album list'), + '$modalerrorlink' => t('Error getting photo link'), + '$modalerroralbum' => t('Error getting album'), )); head_add_js('library/ace/ace.js'); // Ace Code Editor return $o; @@ -202,6 +212,7 @@ class Wiki extends \Zotlabs\Web\Controller { } $wiki = array(); // Generate new wiki info from input name + $wiki['postVisible'] = ((intval($_POST['postVisible']) === 0) ? 0 : 1); $wiki['rawName'] = $_POST['wikiName']; $wiki['htmlName'] = escape_tags($_POST['wikiName']); $wiki['urlName'] = urlencode($_POST['wikiName']); @@ -235,20 +246,7 @@ class Wiki extends \Zotlabs\Web\Controller { if (local_channel() !== intval($channel['channel_id'])) { logger('Wiki delete permission denied.' . EOL); json_return_and_die(array('message' => 'Wiki delete permission denied.', 'success' => false)); - } else { - /* - $channel = get_channel_by_nick($nick); - $observer_hash = get_observer_hash(); - // Figure out who the page owner is. - $perms = get_all_perms(intval($channel['channel_id']), $observer_hash); - // TODO: Create a new permission setting for wiki analogous to webpages. Until - // then, use webpage permissions - if (!$perms['write_pages']) { - logger('Wiki delete permission denied.' . EOL); - json_return_and_die(array('success' => false)); - } - */ - } + } $resource_id = $_POST['resource_id']; $deleted = wiki_delete_wiki($resource_id); if ($deleted['success']) { @@ -482,7 +480,6 @@ class Wiki extends \Zotlabs\Web\Controller { } } $renamed = wiki_rename_page(array('resource_id' => $resource_id, 'pageUrlName' => $pageUrlName, 'pageNewName' => $pageNewName)); - logger('$renamed: ' . json_encode($renamed)); if($renamed['success']) { $ob = \App::get_observer(); $commit = wiki_git_commit(array( -- cgit v1.2.3 From 0df3978cc5891f1383dd0dbcdc1c6b4c0010e645 Mon Sep 17 00:00:00 2001 From: Andrew Manning Date: Sat, 25 Jun 2016 14:29:52 -0500 Subject: A page name wrapped in double brackets is converted into a link to another page in the current wiki --- Zotlabs/Module/Wiki.php | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) (limited to 'Zotlabs/Module/Wiki.php') diff --git a/Zotlabs/Module/Wiki.php b/Zotlabs/Module/Wiki.php index 1c3add38f..de5863d2e 100644 --- a/Zotlabs/Module/Wiki.php +++ b/Zotlabs/Module/Wiki.php @@ -74,7 +74,9 @@ class Wiki extends \Zotlabs\Web\Controller { // Configure page template $wikiheaderName = t('Wiki'); $wikiheaderPage = t('Sandbox'); - $content = '"# Wiki Sandbox\n\nContent you **edit** and **preview** here *will not be saved*."'; + require_once('library/markdown.php'); + $content = t('"# Wiki Sandbox\n\nContent you **edit** and **preview** here *will not be saved*."'); + $renderedContent = Markdown(json_decode($content)); $hide_editor = false; $showPageControls = false; $showNewWikiButton = $wiki_owner; @@ -122,6 +124,9 @@ class Wiki extends \Zotlabs\Web\Controller { goaway('/'.argv(0).'/'.argv(1).'/'.$wikiUrlName); } $content = ($p['content'] !== '' ? $p['content'] : '"# New page\n"'); + // Render the Markdown-formatted page content in HTML + require_once('library/markdown.php'); + $renderedContent = wiki_convert_links(Markdown(json_decode($content)),argv(0).'/'.argv(1).'/'.$wikiUrlName); $hide_editor = false; $showPageControls = $wiki_editor; $showNewWikiButton = $wiki_owner; @@ -133,8 +138,6 @@ class Wiki extends \Zotlabs\Web\Controller { default: // Strip the extraneous URL components goaway('/'.argv(0).'/'.argv(1).'/'.$wikiUrlName.'/'.$pageUrlName); } - // Render the Markdown-formatted page content in HTML - require_once('library/markdown.php'); $wikiModalID = random_string(3); $wikiModal = replace_macros( @@ -162,7 +165,7 @@ class Wiki extends \Zotlabs\Web\Controller { '$acl' => $x['acl'], '$bang' => $x['bang'], '$content' => $content, - '$renderedContent' => Markdown(json_decode($content)), + '$renderedContent' => $renderedContent, '$wikiName' => array('wikiName', t('Enter the name of your new wiki:'), '', ''), '$pageName' => array('pageName', t('Enter the name of the new page:'), '', ''), '$pageRename' => array('pageRename', t('Enter the new name:'), '', ''), @@ -193,8 +196,12 @@ class Wiki extends \Zotlabs\Web\Controller { // Render mardown-formatted text in HTML for preview if((argc() > 2) && (argv(2) === 'preview')) { $content = $_POST['content']; + $resource_id = $_POST['resource_id']; require_once('library/markdown.php'); $html = purify_html(Markdown($content)); + $w = wiki_get_wiki($resource_id); + $wikiURL = argv(0).'/'.argv(1).'/'.$w['urlName']; + $html = wiki_convert_links($html,$wikiURL); json_return_and_die(array('html' => $html, 'success' => true)); } -- cgit v1.2.3 From b96edd8b9ab86d84a2e67515a87de13f660d5cb1 Mon Sep 17 00:00:00 2001 From: Andrew Manning Date: Sun, 26 Jun 2016 15:04:47 -0400 Subject: Added table of contents generator. Table is inserted wherever [toc] is encountered. --- Zotlabs/Module/Wiki.php | 1 + 1 file changed, 1 insertion(+) (limited to 'Zotlabs/Module/Wiki.php') diff --git a/Zotlabs/Module/Wiki.php b/Zotlabs/Module/Wiki.php index de5863d2e..a11960b51 100644 --- a/Zotlabs/Module/Wiki.php +++ b/Zotlabs/Module/Wiki.php @@ -198,6 +198,7 @@ class Wiki extends \Zotlabs\Web\Controller { $content = $_POST['content']; $resource_id = $_POST['resource_id']; require_once('library/markdown.php'); + $content = wiki_generate_toc($content); $html = purify_html(Markdown($content)); $w = wiki_get_wiki($resource_id); $wikiURL = argv(0).'/'.argv(1).'/'.$w['urlName']; -- cgit v1.2.3 From 216f034b6dd0d26282035218126d312080a9adc3 Mon Sep 17 00:00:00 2001 From: Andrew Manning Date: Sun, 26 Jun 2016 15:27:55 -0400 Subject: Also generate table of contents when loading the page --- Zotlabs/Module/Wiki.php | 1 + 1 file changed, 1 insertion(+) (limited to 'Zotlabs/Module/Wiki.php') diff --git a/Zotlabs/Module/Wiki.php b/Zotlabs/Module/Wiki.php index a11960b51..9b89ed967 100644 --- a/Zotlabs/Module/Wiki.php +++ b/Zotlabs/Module/Wiki.php @@ -126,6 +126,7 @@ class Wiki extends \Zotlabs\Web\Controller { $content = ($p['content'] !== '' ? $p['content'] : '"# New page\n"'); // Render the Markdown-formatted page content in HTML require_once('library/markdown.php'); + $content = wiki_generate_toc($content); $renderedContent = wiki_convert_links(Markdown(json_decode($content)),argv(0).'/'.argv(1).'/'.$wikiUrlName); $hide_editor = false; $showPageControls = $wiki_editor; -- cgit v1.2.3 From 81da9f99e4ee111623a1ba302a6ab18e369756e9 Mon Sep 17 00:00:00 2001 From: Andrew Manning Date: Sun, 26 Jun 2016 15:41:25 -0400 Subject: Fixed bug with rendering table of contents upon page load --- Zotlabs/Module/Wiki.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'Zotlabs/Module/Wiki.php') diff --git a/Zotlabs/Module/Wiki.php b/Zotlabs/Module/Wiki.php index 9b89ed967..a5039fa23 100644 --- a/Zotlabs/Module/Wiki.php +++ b/Zotlabs/Module/Wiki.php @@ -126,8 +126,9 @@ class Wiki extends \Zotlabs\Web\Controller { $content = ($p['content'] !== '' ? $p['content'] : '"# New page\n"'); // Render the Markdown-formatted page content in HTML require_once('library/markdown.php'); - $content = wiki_generate_toc($content); - $renderedContent = wiki_convert_links(Markdown(json_decode($content)),argv(0).'/'.argv(1).'/'.$wikiUrlName); + $toc_content = wiki_generate_toc(json_decode($content)); + $html = purify_html(Markdown($toc_content)); + $renderedContent = wiki_convert_links($html,argv(0).'/'.argv(1).'/'.$wikiUrlName); $hide_editor = false; $showPageControls = $wiki_editor; $showNewWikiButton = $wiki_owner; -- cgit v1.2.3 From 3035c792dcef91cd679034ee67eb2b28ed6f3d35 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Sun, 26 Jun 2016 22:13:59 -0700 Subject: remove the app $a passed to profile_load, also add profile_load to mod_wiki which should fix issue #431 --- Zotlabs/Module/Wiki.php | 2 ++ 1 file changed, 2 insertions(+) (limited to 'Zotlabs/Module/Wiki.php') diff --git a/Zotlabs/Module/Wiki.php b/Zotlabs/Module/Wiki.php index de5863d2e..6a8bdf0db 100644 --- a/Zotlabs/Module/Wiki.php +++ b/Zotlabs/Module/Wiki.php @@ -20,6 +20,8 @@ class Wiki extends \Zotlabs\Web\Controller { notice(t('You must be logged in to see this page.') . EOL); goaway('/login'); } + profile_load($nick); + } function get() { -- cgit v1.2.3 From 8d298d5a068845856c9827c0d2ea3f02f1399d72 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Sun, 26 Jun 2016 22:26:45 -0700 Subject: fix for the rendering side of issue #412. We traditionally store all "user generated" content with ENT_COMPAT encoding to reduce the attack vector for JS CSS exploits. This may present compatibility issues sharing wikis to platforms which do not provide such CSS protection. We can either decide that wikis are inherently insecure and filter them on render (with an associated performance penalty), or keep the existing method of filtering on store. I'm not making that choice. I'm merely fixing the obvious rendering issue in mono-platform viewing. --- Zotlabs/Module/Wiki.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs/Module/Wiki.php') diff --git a/Zotlabs/Module/Wiki.php b/Zotlabs/Module/Wiki.php index 6a8bdf0db..38b49effc 100644 --- a/Zotlabs/Module/Wiki.php +++ b/Zotlabs/Module/Wiki.php @@ -125,7 +125,7 @@ class Wiki extends \Zotlabs\Web\Controller { notice('Error retrieving page content' . EOL); goaway('/'.argv(0).'/'.argv(1).'/'.$wikiUrlName); } - $content = ($p['content'] !== '' ? $p['content'] : '"# New page\n"'); + $content = ($p['content'] !== '' ? htmlspecialchars_decode($p['content'],ENT_COMPAT) : '"# New page\n"'); // Render the Markdown-formatted page content in HTML require_once('library/markdown.php'); $renderedContent = wiki_convert_links(Markdown(json_decode($content)),argv(0).'/'.argv(1).'/'.$wikiUrlName); -- cgit v1.2.3 From 9ef710c557fcc4ea01c87e03fd7a477eb037f09c Mon Sep 17 00:00:00 2001 From: redmatrix Date: Wed, 29 Jun 2016 20:59:00 -0700 Subject: provide wiki as a feature (default is on so there aren't any surprises) and add to channel menu and profile tabs --- Zotlabs/Module/Wiki.php | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'Zotlabs/Module/Wiki.php') diff --git a/Zotlabs/Module/Wiki.php b/Zotlabs/Module/Wiki.php index 38b49effc..2f22f0a81 100644 --- a/Zotlabs/Module/Wiki.php +++ b/Zotlabs/Module/Wiki.php @@ -25,8 +25,18 @@ class Wiki extends \Zotlabs\Web\Controller { } function get() { + + if(observer_prohibited(true)) { + return login(); + } + + $tab = 'wiki'; + + require_once('include/wiki.php'); require_once('include/acl_selectors.php'); + require_once('include/conversation.php'); + // TODO: Combine the interface configuration into a unified object // Something like $interface = array('new_page_button' => false, 'new_wiki_button' => false, ...) $wiki_owner = false; @@ -151,6 +161,11 @@ class Wiki extends \Zotlabs\Web\Controller { ) ); + $is_owner = ((local_channel()) && (local_channel() == \App::$profile['profile_uid']) ? true : false); + + $o .= profile_tabs($a, $is_owner, \App::$profile['channel_address']); + + $o .= replace_macros(get_markup_template('wiki.tpl'),array( '$wikiheaderName' => $wikiheaderName, '$wikiheaderPage' => $wikiheaderPage, -- cgit v1.2.3 From 7124c0aee5486aab74272c81ceb3e383b2e3a7f7 Mon Sep 17 00:00:00 2001 From: Andrew Manning Date: Thu, 30 Jun 2016 21:50:38 -0400 Subject: Replace homemade table of content generator with existing jQuery plugin. Now toc is linked to document headings. --- Zotlabs/Module/Wiki.php | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'Zotlabs/Module/Wiki.php') diff --git a/Zotlabs/Module/Wiki.php b/Zotlabs/Module/Wiki.php index a5039fa23..f30884bfb 100644 --- a/Zotlabs/Module/Wiki.php +++ b/Zotlabs/Module/Wiki.php @@ -126,8 +126,7 @@ class Wiki extends \Zotlabs\Web\Controller { $content = ($p['content'] !== '' ? $p['content'] : '"# New page\n"'); // Render the Markdown-formatted page content in HTML require_once('library/markdown.php'); - $toc_content = wiki_generate_toc(json_decode($content)); - $html = purify_html(Markdown($toc_content)); + $html = wiki_generate_toc(purify_html(Markdown(json_decode($content)))); $renderedContent = wiki_convert_links($html,argv(0).'/'.argv(1).'/'.$wikiUrlName); $hide_editor = false; $showPageControls = $wiki_editor; @@ -200,8 +199,7 @@ class Wiki extends \Zotlabs\Web\Controller { $content = $_POST['content']; $resource_id = $_POST['resource_id']; require_once('library/markdown.php'); - $content = wiki_generate_toc($content); - $html = purify_html(Markdown($content)); + $html = wiki_generate_toc(purify_html(Markdown($content))); $w = wiki_get_wiki($resource_id); $wikiURL = argv(0).'/'.argv(1).'/'.$w['urlName']; $html = wiki_convert_links($html,$wikiURL); -- cgit v1.2.3 From bd403276f2884ce8cd28102aa613a4de40aad6db Mon Sep 17 00:00:00 2001 From: redmatrix Date: Thu, 30 Jun 2016 21:27:59 -0700 Subject: disable wiki if feature disabled, sync updates of delayed publish posts --- Zotlabs/Module/Wiki.php | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'Zotlabs/Module/Wiki.php') diff --git a/Zotlabs/Module/Wiki.php b/Zotlabs/Module/Wiki.php index 6252f7a1a..55a52ea6d 100644 --- a/Zotlabs/Module/Wiki.php +++ b/Zotlabs/Module/Wiki.php @@ -29,6 +29,11 @@ class Wiki extends \Zotlabs\Web\Controller { if(observer_prohibited(true)) { return login(); } + + if(! feature_enabled(\App::$profile_uid,'wiki')) { + notice( t('Not found') . EOL); + return; + } $tab = 'wiki'; -- cgit v1.2.3