From 93a310582f044d35f0a3583671053595fefdbedb Mon Sep 17 00:00:00 2001
From: "M.Dent" <dentm42@dm42.net>
Date: Sun, 7 Oct 2018 19:08:47 -0400
Subject: Implement custom escaping

---
 Zotlabs/Module/Wiki.php | 34 +++++++++++++++++++++-------------
 1 file changed, 21 insertions(+), 13 deletions(-)

(limited to 'Zotlabs/Module')

diff --git a/Zotlabs/Module/Wiki.php b/Zotlabs/Module/Wiki.php
index 6be39214e..3b8f44124 100644
--- a/Zotlabs/Module/Wiki.php
+++ b/Zotlabs/Module/Wiki.php
@@ -237,7 +237,8 @@ class Wiki extends Controller {
 
 				// /wiki/channel/wiki -> No page was specified, so redirect to Home.md
 
-				$wikiUrlName = urlencode(argv(2));
+				//$wikiUrlName = urlencode(argv(2));
+				$wikiUrlName = NativeWiki::name_encode(argv(2));
 				goaway(z_root() . '/' . argv(0) . '/' . argv(1) . '/' . $wikiUrlName . '/Home');
 
 			case 4:
@@ -246,7 +247,8 @@ class Wiki extends Controller {
 				// GET /wiki/channel/wiki/page
 				// Fetch the wiki info and determine observer permissions
 
-				$wikiUrlName = urldecode(argv(2));
+				//$wikiUrlName = urldecode(argv(2));
+				$wikiUrlName = NativeWiki::name_decode(argv(2));
 
 				$page_name = '';
 				$ignore_language = false;
@@ -262,7 +264,8 @@ class Wiki extends Controller {
 					$page_name .= argv($x);
 				}
 
-				$pageUrlName = urldecode($page_name);
+				//$pageUrlName = urldecode($page_name);
+				$pageUrlName = NativeWiki::name_decode($page_name);
 				$langPageUrlName = urldecode(\App::$language . '/' . $page_name);
 
 				$w = NativeWiki::exists_by_name($owner['channel_id'], $wikiUrlName);
@@ -289,8 +292,10 @@ class Wiki extends Controller {
 					$wiki_editor = true;
 				}
 
-				$wikiheaderName = urldecode($wikiUrlName);
-				$wikiheaderPage = urldecode($pageUrlName);
+				//$wikiheaderName = urldecode($wikiUrlName);
+				$wikiheaderName = NativeWiki::name_decode($wikiUrlName);
+				//$wikiheaderPage = urldecode($pageUrlName);
+				$wikiheaderPage = NativeWiki::name_decode($pageUrlName);
 
 				$renamePage = (($wikiheaderPage === 'Home') ? '' : t('Rename page'));
 				$sharePage  = t('Share');
@@ -360,13 +365,14 @@ class Wiki extends Controller {
 		$currenttype = $types[$mimeType];
 
 		$placeholder = t('Short description of your changes (optional)');
-				
+
+		$zrl = urlencode( z_root() . '/wiki/' . argv(1) . '/' . $wikiUrlName . '/' . $pageUrlName );
 		$o .= replace_macros(get_markup_template('wiki.tpl'),array(
 			'$wikiheaderName' => $wikiheaderName,
 			'$wikiheaderPage' => $wikiheaderPage,
 			'$renamePage' => $renamePage,
 			'$sharePage' => $sharePage,
-			'$shareLink' => urlencode('#^[zrl=' . z_root() . '/wiki/' . argv(1) . '/' . $wikiUrlName . '/' . $pageUrlName . ']' . '[ ' . $owner['channel_name'] . ' ] ' . $wikiheaderName . ' - ' . $wikiheaderPage . '[/zrl]'),
+			'$shareLink' => '#^[zrl=' . $zrl . ']' . '[ ' . $owner['channel_name'] . ' ] ' . $wikiheaderName . ' - ' . $wikiheaderPage . '[/zrl]',
 			'$showPageControls' => $showPageControls,
 			'$editOrSourceLabel' => (($showPageControls) ? t('Edit') : t('Source')),
 			'$tools_label' => 'Page Tools',
@@ -465,7 +471,8 @@ class Wiki extends Controller {
 			$wiki['postVisible'] = ((intval($_POST['postVisible'])) ? 1 : 0);
 			$wiki['rawName']     = $name;
 			$wiki['htmlName']    = escape_tags($name);
-			$wiki['urlName']     = urlencode(urlencode($name)); 
+			//$wiki['urlName']     = urlencode(urlencode($name)); 
+			$wiki['urlName']     = NativeWiki::name_encode($name);
 			$wiki['mimeType']    = $_POST['mimeType'];
 			$wiki['typelock']    = $_POST['typelock'];
 
@@ -514,7 +521,8 @@ class Wiki extends Controller {
 
 			$arr = [];
 
-			$arr['urlName'] = urlencode(urlencode($_POST['origRawName']));
+			//$arr['urlName'] = urlencode(urlencode($_POST['origRawName']));
+			$arr['urlName'] = NativeWiki::name_encode($_POST['origRawName']);
 
 			if($_POST['updateRawName'])
 				$arr['updateRawName'] = $_POST['updateRawName'];
@@ -525,7 +533,7 @@ class Wiki extends Controller {
 				return; //not reached
 			}
 
-			$wiki = NativeWiki::exists_by_name($owner['channel_id'], urldecode($arr['urlName']));
+			$wiki = NativeWiki::exists_by_name($owner['channel_id'], $arr['urlName']);
 
 			if($wiki['resource_id']) {
 
@@ -590,7 +598,7 @@ class Wiki extends Controller {
 			// backslashes won't work well in the javascript functions
 			$name = str_replace('\\','',$name);
 
-			if(urlencode(escape_tags($name)) === '') {
+			if(NativeWiki::name_encode(escape_tags($name)) === '') {
 				json_return_and_die(array('message' => 'Error creating page. Invalid name (' . print_r($_POST,true) . ').', 'success' => false));
 			}
 
@@ -798,7 +806,7 @@ class Wiki extends Controller {
 			if ($pageUrlName === 'Home') {
 				json_return_and_die(array('message' => 'Cannot rename Home','success' => false));
 			}
-			if(urlencode(escape_tags($pageNewName)) === '') {				
+			if(NativeWiki::encode_name(escape_tags($pageNewName)) === '') {				
 				json_return_and_die(array('message' => 'Error renaming page. Invalid name.', 'success' => false));
 			}
 			// Determine if observer has permission to rename pages
@@ -814,7 +822,7 @@ class Wiki extends Controller {
 			if($renamed['success']) {
 				$commit = NativeWikiPage::commit(array(
 					'channel_id' => $owner['channel_id'],
-					'commit_msg' => 'Renamed ' . urldecode($pageUrlName) . ' to ' . $renamed['page']['htmlName'], 
+					'commit_msg' => 'Renamed ' . NativeWiki::name_decode($pageUrlName) . ' to ' . $renamed['page']['htmlName'], 
 					'resource_id' => $resource_id, 
 					'observer_hash' => $observer_hash,
 					'pageUrlName' => $pageNewName
-- 
cgit v1.2.3