From 503c368f9ec08a70e4dbacd7b729568da6e4ea92 Mon Sep 17 00:00:00 2001 From: Klaus Weidenbach Date: Sat, 25 Feb 2017 19:12:41 +0100 Subject: :arrow_up: :hammer: Upgrade PHP Markdown library. The current version throws deprecated warning with PHP7.1 and PHPUnit. Upgrade the Markdown library to the current PHP Markdown Lib 1.7.0. Used composer to manage this library. --- include/text.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'include/text.php') diff --git a/include/text.php b/include/text.php index eb8147f9a..63248a0a6 100644 --- a/include/text.php +++ b/include/text.php @@ -3,8 +3,9 @@ * @file include/text.php */ -require_once("include/bbcode.php"); +use \Michelf\MarkdownExtra; +require_once("include/bbcode.php"); // random string, there are 86 characters max in text mode, 128 for hex // output is urlsafe @@ -1650,8 +1651,7 @@ function prepare_text($text, $content_type = 'text/bbcode', $cache = false) { break; case 'text/markdown': - require_once('library/markdown.php'); - $s = Markdown($text); + $s = MarkdownExtra::defaultTransform($text); break; case 'application/x-pdl'; @@ -2062,7 +2062,7 @@ function ids_to_array($arr,$idx = 'id') { $t = array(); if($arr) { foreach($arr as $x) { - if(array_key_exists($idx,$x) && strlen($x[$idx]) && (! in_array($x[$idx],$t))) { + if(array_key_exists($idx,$x) && strlen($x[$idx]) && (! in_array($x[$idx],$t))) { $t[] = $x[$idx]; } } @@ -2078,7 +2078,7 @@ function ids_to_querystr($arr,$idx = 'id',$quote = false) { if($arr) { foreach($arr as $x) { if(! in_array($x[$idx],$t)) { - if($quote) + if($quote) $t[] = "'" . dbesc($x[$idx]) . "'"; else $t[] = $x[$idx]; -- cgit v1.2.3 From e58dc726c5e40ff30942739f86d2329fb29f763c Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 2 Mar 2017 17:32:43 -0800 Subject: activity widget - like the forum widget but represents unseen activity by author. Still experimental until it can be tested with diaspora xchans, which may require additional urlencoding. --- include/text.php | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'include/text.php') diff --git a/include/text.php b/include/text.php index 63248a0a6..1abed81bf 100644 --- a/include/text.php +++ b/include/text.php @@ -854,6 +854,11 @@ function tag_sort_length($a,$b) { return((mb_strlen($b) < mb_strlen($a)) ? (-1) : 1); } +function total_sort($a,$b) { + if($a['total'] == $b['total']) + return 0; + return(($b['total'] < $a['total']) ? 1 : (-1)); +} /** -- cgit v1.2.3 From 155844f14260a66ac5476155bb65c5e3035230c8 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 2 Mar 2017 23:02:44 -0800 Subject: reverse sort order --- include/text.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include/text.php') diff --git a/include/text.php b/include/text.php index 1abed81bf..c68bd3591 100644 --- a/include/text.php +++ b/include/text.php @@ -857,7 +857,7 @@ function tag_sort_length($a,$b) { function total_sort($a,$b) { if($a['total'] == $b['total']) return 0; - return(($b['total'] < $a['total']) ? 1 : (-1)); + return(($b['total'] > $a['total']) ? 1 : (-1)); } -- cgit v1.2.3 From 4c0c153b8f23a2e6cbd037591af982232cb77989 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 5 Mar 2017 16:18:09 -0800 Subject: move emoji emoticons (not reactions) to plugin --- include/text.php | 14 -------------- 1 file changed, 14 deletions(-) (limited to 'include/text.php') diff --git a/include/text.php b/include/text.php index c68bd3591..9d76f9d78 100644 --- a/include/text.php +++ b/include/text.php @@ -1224,20 +1224,6 @@ function list_smilies() { ); - $x = get_config('feature','emoji'); - if($x === false) - $x = 1; - if($x) { - if(! App::$emojitab) - App::$emojitab = json_decode(file_get_contents('library/emoji.json'),true); - foreach(App::$emojitab as $e) { - if(strpos($e['shortname'],':tone') === 0) - continue; - $texts[] = $e['shortname']; - $icons[] = '' . $e['name'] . ''; - } - } - $params = array('texts' => $texts, 'icons' => $icons); call_hooks('smilie', $params); -- cgit v1.2.3 From aa33cacb62ef25cbab7c6ee1b253ed58072e6e44 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Wed, 15 Mar 2017 16:42:55 +0100 Subject: style hashtags, mentions and categories. hide expand-aside button if not needed. css and class fixes --- include/text.php | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) (limited to 'include/text.php') diff --git a/include/text.php b/include/text.php index 9d76f9d78..2d1bc4222 100644 --- a/include/text.php +++ b/include/text.php @@ -1460,10 +1460,7 @@ function format_hashtags(&$item) { if(strpos($item['body'], $t['url'])) continue; - if($s) - $s .= ' '; - - $s .= '#' . $term . ''; + $s .= ' ' . $term . ' '; } } @@ -1484,10 +1481,7 @@ function format_mentions(&$item) { if(strpos($item['body'], $t['url'])) continue; - if($s) - $s .= ' '; - - $s .= '@' . $term . ''; + $s .= ' ' . $term . ' '; } } -- cgit v1.2.3 From a73ea134cd09af039e01e4f6ae7f455ecb76279e Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Wed, 15 Mar 2017 21:22:16 +0100 Subject: re-add spaces between tags --- include/text.php | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'include/text.php') diff --git a/include/text.php b/include/text.php index 2d1bc4222..224ba17d0 100644 --- a/include/text.php +++ b/include/text.php @@ -1459,8 +1459,10 @@ function format_hashtags(&$item) { continue; if(strpos($item['body'], $t['url'])) continue; + if($s) + $s .= ' '; - $s .= ' ' . $term . ' '; + $s .= ' ' . $term . ''; } } @@ -1480,8 +1482,9 @@ function format_mentions(&$item) { continue; if(strpos($item['body'], $t['url'])) continue; - - $s .= ' ' . $term . ' '; + if($s) + $s .= ' '; + $s .= ' ' . $term . ''; } } -- cgit v1.2.3 From f718e2b0db0fe3477212a8dd6c3ec067f4432862 Mon Sep 17 00:00:00 2001 From: Klaus Weidenbach Date: Sat, 18 Mar 2017 17:50:05 +0100 Subject: :arrow_up: Update HTML Purifier library. Updated HTML Purifier from 4.6.0 to 4.9.2 with better PHP7 compatibility. Used composer to manage this library. --- include/text.php | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) (limited to 'include/text.php') diff --git a/include/text.php b/include/text.php index 224ba17d0..911334a15 100644 --- a/include/text.php +++ b/include/text.php @@ -122,13 +122,23 @@ function z_input_filter($channel_id,$s,$type = 'text/bbcode') { } - +/** + * @brief Use HTMLPurifier to get standards compliant HTML. + * + * Use the HTMLPurifier + * library to get filtered and standards compliant HTML. + * + * @see HTMLPurifier + * + * @param string $s raw HTML + * @param boolean $allow_position allow CSS position + * @return string standards compliant filtered HTML + */ function purify_html($s, $allow_position = false) { - require_once('library/HTMLPurifier.auto.php'); - require_once('include/html2bbcode.php'); /** * @FIXME this function has html output, not bbcode - so safely purify these + * require_once('include/html2bbcode.php'); * $s = html2bb_video($s); * $s = oembed_html2bbcode($s); */ @@ -137,6 +147,15 @@ function purify_html($s, $allow_position = false) { $config->set('Cache.DefinitionImpl', null); $config->set('Attr.EnableID', true); + // If enabled, target=blank attributes are added to all links. + //$config->set('HTML.TargetBlank', true); + //$config->set('Attr.AllowedFrameTargets', ['_blank', '_self', '_parent', '_top']); + // restore old behavior of HTMLPurifier < 4.8, only used when targets allowed at all + // do not add rel="noreferrer" to all links with target attributes + //$config->set('HTML.TargetNoreferrer', false); + // do not add noopener rel attributes to links which have a target attribute associated with them + //$config->set('HTML.TargetNoopener', false); + //Allow some custom data- attributes used by built-in libs. //In this way members which do not have allowcode set can still use the built-in js libs in webpages to some extent. @@ -274,7 +293,6 @@ function purify_html($s, $allow_position = false) { new HTMLPurifier_AttrDef_CSS_Length(), new HTMLPurifier_AttrDef_CSS_Percentage() )); - } $purifier = new HTMLPurifier($config); -- cgit v1.2.3 From 0f7832dc30fb4d8aedd24b6ad8a9e48876a77dd0 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 13 Mar 2017 16:19:47 -0700 Subject: code_allowed is a real mess. Start the cleanup by remving the account level code allow and limiting to specific channels only. This reduces the possibility of cross channel security issues coming into play. Then provide a single function for checking the code permission. This is only partially done as we often need to check against the observer or logged in channel as well as the resource owner to ensure that this only returns true for local channels which also own the requested resource. --- include/text.php | 26 ++++---------------------- 1 file changed, 4 insertions(+), 22 deletions(-) (limited to 'include/text.php') diff --git a/include/text.php b/include/text.php index 911334a15..14ca19cef 100644 --- a/include/text.php +++ b/include/text.php @@ -104,15 +104,11 @@ function z_input_filter($channel_id,$s,$type = 'text/bbcode') { return $s; } - $r = q("select account_id, account_roles, channel_pageflags from account left join channel on channel_account_id = account_id where channel_id = %d limit 1", + $r = q("select channel_pageflags from channel where channel_id = %d limit 1", intval($channel_id) ); - if($r) { - if(($r[0]['account_roles'] & ACCOUNT_ROLE_ALLOWCODE) || ($r[0]['channel_pageflags'] & PAGE_ALLOWCODE)) { - if(local_channel() && (get_account_id() == $r[0]['account_id'])) { - return $s; - } - } + if(($r) && (local_channel() == $channel_id) && ($r[0]['channel_pageflags'] & PAGE_ALLOWCODE)) { + return $s; } if($type === 'text/html') @@ -1812,23 +1808,9 @@ function mimetype_select($channel_id, $current = 'text/bbcode') { ); - if(App::$is_sys) { + if((App::$is_sys) || (channel_codeallowed($channel_id) && $channel_id == local_channel())){ $x[] = 'application/x-php'; } - else { - $r = q("select account_id, account_roles, channel_pageflags from account left join channel on account_id = channel_account_id where - channel_id = %d limit 1", - intval($channel_id) - ); - - if($r) { - if(($r[0]['account_roles'] & ACCOUNT_ROLE_ALLOWCODE) || ($r[0]['channel_pageflags'] & PAGE_ALLOWCODE)) { - if(local_channel() && get_account_id() == $r[0]['account_id']) { - $x[] = 'application/x-php'; - } - } - } - } foreach($x as $y) { $selected = (($y == $current) ? ' selected="selected" ' : ''); -- cgit v1.2.3 From fa629841bd2fd150531a5494504a24b13a0c4503 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 14 Mar 2017 17:07:29 -0700 Subject: input filter updates --- include/text.php | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) (limited to 'include/text.php') diff --git a/include/text.php b/include/text.php index 14ca19cef..c02499625 100644 --- a/include/text.php +++ b/include/text.php @@ -3,6 +3,7 @@ * @file include/text.php */ +use \Zotlabs\Lib as Zlib; use \Michelf\MarkdownExtra; require_once("include/bbcode.php"); @@ -89,12 +90,10 @@ function escape_tags($string) { } -function z_input_filter($channel_id,$s,$type = 'text/bbcode') { +function z_input_filter($s,$type = 'text/bbcode',$allow_code = false) { if($type === 'text/bbcode') return escape_tags($s); - if($type === 'text/markdown') - return escape_tags($s); if($type == 'text/plain') return escape_tags($s); if($type == 'application/x-pdl') @@ -104,13 +103,17 @@ function z_input_filter($channel_id,$s,$type = 'text/bbcode') { return $s; } - $r = q("select channel_pageflags from channel where channel_id = %d limit 1", - intval($channel_id) - ); - if(($r) && (local_channel() == $channel_id) && ($r[0]['channel_pageflags'] & PAGE_ALLOWCODE)) { + if($allow_code) { + if($type === 'text/markdown') + return htmlspecialchars($s,ENT_QUOTES); return $s; } + if($type === 'text/markdown') { + $x = new Zlib\MarkdownSoap($s); + return $x->clean(); + } + if($type === 'text/html') return purify_html($s); @@ -1653,6 +1656,7 @@ function prepare_text($text, $content_type = 'text/bbcode', $cache = false) { break; case 'text/markdown': + $text = Zlib\MarkdownSoap::unescape($text); $s = MarkdownExtra::defaultTransform($text); break; -- cgit v1.2.3 From b03cd330e5fe4ede362d77aa2269a3d0dccde62d Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 21 Mar 2017 20:11:48 -0700 Subject: begin the process of using the relevant attach directory/path for photo albums instead of an album basename which may not be unique. Created an 'ellipsify()' function to shorten long names and keep the beginning and end intact --- include/text.php | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'include/text.php') diff --git a/include/text.php b/include/text.php index c02499625..0a2073272 100644 --- a/include/text.php +++ b/include/text.php @@ -3130,3 +3130,14 @@ function array_escape_tags(&$v,$k) { $v = escape_tags($v); } +function ellipsify($s,$maxlen) { + if($maxlen & 1) + $maxlen --; + if($maxlen < 4) + $maxlen = 4; + + if(mb_strlen($s) < $maxlen) + return $s; + + return mb_substr($s,0,$maxlen / 2) . '...' . mb_substr($s,mb_strlen($s) - ($maxlen / 2)); +} \ No newline at end of file -- cgit v1.2.3 From 2e2f984c459eabf83fc5bfdbd60c892d0f549895 Mon Sep 17 00:00:00 2001 From: Klaus Weidenbach Date: Fri, 24 Mar 2017 23:32:53 +0100 Subject: Add some documentation for import functions. --- include/text.php | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'include/text.php') diff --git a/include/text.php b/include/text.php index 0a2073272..fa9dadc31 100644 --- a/include/text.php +++ b/include/text.php @@ -3050,7 +3050,15 @@ function array2XML($obj, $array) { } } - +/** + * @brief Inserts an array into $table. + * + * @TODO Why is this function in include/text.php? + * + * @param string $table + * @param array $arr + * @return boolean|PDOStatement + */ function create_table_from_array($table, $arr) { if(! ($arr && $table)) -- cgit v1.2.3 From 803bff4043dae142999a34e7d706eea176328c69 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 25 Apr 2017 16:36:37 -0700 Subject: smilies - add param to only list default emoticons --- include/text.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'include/text.php') diff --git a/include/text.php b/include/text.php index fa9dadc31..1fa03edab 100644 --- a/include/text.php +++ b/include/text.php @@ -1166,7 +1166,7 @@ function get_mood_verbs() { * * @return Returns array with keys 'texts' and 'icons' */ -function list_smilies() { +function list_smilies($default_only = false) { $texts = array( '<3', @@ -1242,10 +1242,15 @@ function list_smilies() { ); $params = array('texts' => $texts, 'icons' => $icons); + + if($default_only) + return $params; + call_hooks('smilie', $params); return $params; } + /** * @brief Replaces text emoticons with graphical images. * -- cgit v1.2.3 From c904bd3a628e4bf3c2420ee314277da69828c3b2 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 20 Apr 2017 20:19:15 -0700 Subject: The rest of the library and backend changes to support client-side e2ee and deprecate previous uses of item_obscured. --- include/text.php | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) (limited to 'include/text.php') diff --git a/include/text.php b/include/text.php index 1fa03edab..24c2896ad 100644 --- a/include/text.php +++ b/include/text.php @@ -1379,20 +1379,7 @@ function link_compare($a, $b) { function unobscure(&$item) { - if(array_key_exists('item_obscured',$item) && intval($item['item_obscured'])) { - $key = get_config('system','prvkey'); - if($item['title']) - $item['title'] = crypto_unencapsulate(json_decode($item['title'],true),$key); - if($item['body']) - $item['body'] = crypto_unencapsulate(json_decode($item['body'],true),$key); - if(get_config('system','item_cache')) { - q("update item set title = '%s', body = '%s', item_obscured = 0 where id = %d", - dbesc($item['title']), - dbesc($item['body']), - intval($item['id']) - ); - } - } + return; } function unobscure_mail(&$item) { -- cgit v1.2.3 From 1c304eb8ba5395e62c0245133d58a3f00adaeaac Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Wed, 26 Apr 2017 22:16:23 +0200 Subject: make mastodon happy args --- include/text.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include/text.php') diff --git a/include/text.php b/include/text.php index 24c2896ad..46509aabf 100644 --- a/include/text.php +++ b/include/text.php @@ -3140,4 +3140,4 @@ function ellipsify($s,$maxlen) { return $s; return mb_substr($s,0,$maxlen / 2) . '...' . mb_substr($s,mb_strlen($s) - ($maxlen / 2)); -} \ No newline at end of file +} -- cgit v1.2.3 From 73cb270b14b7cc61074eeaf7469024b800fc582b Mon Sep 17 00:00:00 2001 From: Klaus Weidenbach Date: Fri, 5 May 2017 00:23:57 +0200 Subject: :bulb: correct some Doxygen syntax mistakes. --- include/text.php | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) (limited to 'include/text.php') diff --git a/include/text.php b/include/text.php index 46509aabf..162d7c365 100644 --- a/include/text.php +++ b/include/text.php @@ -774,9 +774,9 @@ function activity_match($haystack,$needle) { } /** - * @brief Pull out all #hashtags and @person tags from $s. + * @brief Pull out all \#hashtags and \@person tags from $s. * - * We also get @person@domain.com - which would make + * We also get \@person\@domain.com - which would make * the regex quite complicated as tags can also * end a sentence. So we'll run through our results * and strip the period from any tags which end with one. @@ -2079,7 +2079,7 @@ function ids_to_querystr($arr,$idx = 'id',$quote = false) { * If $abook is true also include the abook info. This is needed in the API to * save extra per item lookups there. * - * @param array[in,out] &$items + * @param[in,out] array &$items * @param boolean $abook If true also include the abook info * @param number $effective_uid */ @@ -2175,10 +2175,10 @@ function magic_link($s) { } /** - * if $escape is true, dbesc() each element before adding quotes + * @brief If $escape is true, dbesc() each element before adding quotes. * - * @param array[in,out] &$arr - * @param boolean $escape default false + * @param[in,out] array &$arr + * @param boolean $escape (optional) default false */ function stringify_array_elms(&$arr, $escape = false) { for($x = 0; $x < count($arr); $x ++) @@ -2189,7 +2189,6 @@ function stringify_array_elms(&$arr, $escape = false) { * @brief Indents a flat JSON string to make it more human-readable. * * @param string $json The original JSON string to process. - * * @return string Indented version of the original JSON string. */ function jindent($json) { @@ -3140,4 +3139,4 @@ function ellipsify($s,$maxlen) { return $s; return mb_substr($s,0,$maxlen / 2) . '...' . mb_substr($s,mb_strlen($s) - ($maxlen / 2)); -} +} -- cgit v1.2.3 From 93ce1661af6d243aa495cd570c687ea4b9aad04a Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Fri, 19 May 2017 10:47:33 +0200 Subject: smileybutton fixes --- include/text.php | 2 -- 1 file changed, 2 deletions(-) (limited to 'include/text.php') diff --git a/include/text.php b/include/text.php index 162d7c365..d352a61bf 100644 --- a/include/text.php +++ b/include/text.php @@ -1171,7 +1171,6 @@ function list_smilies($default_only = false) { $texts = array( '<3', '</3', - '<\\3', ':-)', ';-)', ':-(', @@ -1207,7 +1206,6 @@ function list_smilies($default_only = false) { $icons = array( '<3', '</3', - '<\\3', ':-)', ';-)', ':-(', -- cgit v1.2.3