From 5921dc6f1679afdcc0551da248f94d24db9ed360 Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 29 Mar 2012 16:01:44 -0700 Subject: typo in function name --- include/dba.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'include') diff --git a/include/dba.php b/include/dba.php index 138e82b58..76cc0bc7b 100755 --- a/include/dba.php +++ b/include/dba.php @@ -209,9 +209,8 @@ function q($sql) { if($db && $db->connected) { $stmt = vsprintf($sql,$args); if($stmt === false) - logger('dba: vsprintf error: ' . print_r(debug_bracktrace(),true)); - $ret = $db->q($stmt); - return $ret; + logger('dba: vsprintf error: ' . print_r(debug_backtrace(),true)); + return $db->q($stmt); } /** -- cgit v1.2.3 From bb8beb26b4d87c27ce4c8dce3e1229a27a2d1a7e Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 29 Mar 2012 20:58:32 -0700 Subject: use zrl to get home again --- include/conversation.php | 43 ++++++++++++++++++++++++++----------------- include/nav.php | 2 ++ include/security.php | 1 + include/text.php | 2 ++ 4 files changed, 31 insertions(+), 17 deletions(-) (limited to 'include') diff --git a/include/conversation.php b/include/conversation.php index 5de4fcb51..37856651e 100755 --- a/include/conversation.php +++ b/include/conversation.php @@ -94,9 +94,9 @@ function localize_item(&$item){ } - $A = '[url=' . $Alink . ']' . $Aname . '[/url]'; - $B = '[url=' . $Blink . ']' . $Bname . '[/url]'; - if ($Bphoto!="") $Bphoto = '[url=' . $Blink . '][img]' . $Bphoto . '[/img][/url]'; + $A = '[url=' . zrl($Alink) . ']' . $Aname . '[/url]'; + $B = '[url=' . zrl($Blink) . ']' . $Bname . '[/url]'; + if ($Bphoto!="") $Bphoto = '[url=' . zrl($Blink) . '][img]' . $Bphoto . '[/img][/url]'; $item['body'] = sprintf( t('%1$s is now friends with %2$s'), $A, $B)."\n\n\n".$Bphoto; @@ -108,8 +108,8 @@ function localize_item(&$item){ if(count($r)==0) return; $obj=$r[0]; - $author = '[url=' . $item['author-link'] . ']' . $item['author-name'] . '[/url]'; - $objauthor = '[url=' . $obj['author-link'] . ']' . $obj['author-name'] . '[/url]'; + $author = '[url=' . zrl($item['author-link']) . ']' . $item['author-name'] . '[/url]'; + $objauthor = '[url=' . zrl($obj['author-link']) . ']' . $obj['author-name'] . '[/url]'; switch($obj['verb']){ case ACTIVITY_POST: @@ -158,8 +158,8 @@ function localize_item(&$item){ $target = $r[0]; $Bname = $target['author-name']; $Blink = $target['author-link']; - $A = '[url=' . $Alink . ']' . $Aname . '[/url]'; - $B = '[url=' . $Blink . ']' . $Bname . '[/url]'; + $A = '[url=' . zrl($Alink) . ']' . $Aname . '[/url]'; + $B = '[url=' . zrl($Blink) . ']' . $Bname . '[/url]'; $P = '[url=' . $target['plink'] . ']' . t('post/item') . '[/url]'; $item['body'] = sprintf( t('%1$s marked %2$s\'s %3$s as favorite'), $A, $B, $P)."\n"; @@ -276,13 +276,16 @@ function conversation(&$a, $items, $mode, $update, $preview = false) { if($item['author-link'] && (! $item['author-name'])) $profile_name = $item['author-link']; + + $sp = false; $profile_link = best_link_url($item,$sp); - if($sp) - $sparkle = ' sparkle'; if($profile_link === 'mailbox') $profile_link = ''; - + if($sp) + $sparkle = ' sparkle'; + else + $profile_link = zrl($profile_link); $normalised = normalise_link((strlen($item['author-link'])) ? $item['author-link'] : $item['url']); if(($normalised != 'mailbox') && (x($a->contacts[$normalised]))) @@ -484,7 +487,7 @@ function conversation(&$a, $items, $mode, $update, $preview = false) { // This will have been stored in $a->page_contact by our calling page. // Put this person on the left of the wall-to-wall notice. - $owner_url = $a->page_contact['url']; + $owner_url = zrl($a->page_contact['url']); $owner_photo = $a->page_contact['thumb']; $owner_name = $a->page_contact['name']; $template = $wallwall; @@ -501,10 +504,12 @@ function conversation(&$a, $items, $mode, $update, $preview = false) { $commentww = 'ww'; // If it is our contact, use a friendly redirect link if((link_compare($item['owner-link'],$item['url'])) - && ($item['network'] === 'dfrn')) { + && ($item['network'] === NETWORK_DFRN)) { $owner_url = $redirect_url; $osparkle = ' sparkle'; } + else + $owner_url = zrl($owner_url); } } @@ -596,14 +601,14 @@ function conversation(&$a, $items, $mode, $update, $preview = false) { if($item['author-link'] && (! $item['author-name'])) $profile_name = $item['author-link']; - $sp = false; $profile_link = best_link_url($item,$sp); - if($sp) - $sparkle = ' sparkle'; - if($profile_link === 'mailbox') $profile_link = ''; + if($sp) + $sparkle = ' sparkle'; + else + $profile_link = zrl($profile_link); $normalised = normalise_link((strlen($item['author-link'])) ? $item['author-link'] : $item['url']); if(($normalised != 'mailbox') && (x($a->contacts,$normalised))) @@ -767,8 +772,10 @@ function item_photo_menu($item){ $photos_link = $profile_link . "?url=photos"; $profile_link = $profile_link . "?url=profile"; $pm_url = $a->get_baseurl($ssl_state) . '/message/new/' . $cid; + $zurl = ''; } else { + $profile_link = zrl($profile_link); if(local_user() && local_user() == $item['uid'] && link_compare($item['url'],$item['author-link'])) { $cid = $item['contact-id']; } @@ -795,7 +802,7 @@ function item_photo_menu($item){ $menu = Array( t("View status") => $status_link, t("View profile") => $profile_link, - t("View photos") => $photos_link, + t("View photos") => $photos_link, t("View recent") => $posts_link, t("Edit contact") => $contact_url, t("Send PM") => $pm_url, @@ -828,6 +835,8 @@ function like_puller($a,$item,&$arr,$mode) { $url = $a->get_baseurl(true) . '/redir/' . $item['contact-id']; $sparkle = ' class="sparkle" '; } + else + $url = zrl($url); if(! ((isset($arr[$item['parent'] . '-l'])) && (is_array($arr[$item['parent'] . '-l'])))) $arr[$item['parent'] . '-l'] = array(); if(! isset($arr[$item['parent']])) diff --git a/include/nav.php b/include/nav.php index f40e92dbc..d4f22e7ee 100755 --- a/include/nav.php +++ b/include/nav.php @@ -70,6 +70,8 @@ function nav(&$a) { */ $homelink = ((x($_SESSION,'visitor_home')) ? $_SESSION['visitor_home'] : ''); + if(get_my_url()) + $homelink = get_my_url(); if(($a->module != 'home') && (! (local_user()))) $nav['home'] = array($homelink, t('Home'), "", t('Home Page')); diff --git a/include/security.php b/include/security.php index 19e91eb63..66622fd33 100755 --- a/include/security.php +++ b/include/security.php @@ -9,6 +9,7 @@ function authenticate_success($user_record, $login_initial = false, $interactive $_SESSION['authenticated'] = 1; $_SESSION['page_flags'] = $user_record['page-flags']; $_SESSION['my_url'] = $a->get_baseurl() . '/profile/' . $user_record['nickname']; + $_SESSION['my_address'] = $user_record['nickname'] . '@' . substr($a->get_baseurl(),strpos($a->get_baseurl(),'://')+3); $_SESSION['addr'] = $_SERVER['REMOTE_ADDR']; $a->user = $user_record; diff --git a/include/text.php b/include/text.php index 6d557ed84..0b825cc39 100644 --- a/include/text.php +++ b/include/text.php @@ -610,6 +610,8 @@ function micropro($contact, $redirect = false, $class = '', $textmode = false) { $url = $redirect_url; $sparkle = ' sparkle'; } + else + $url = zrl($url); } $click = ((x($contact,'click')) ? ' onclick="' . $contact['click'] . '" ' : ''); if($click) -- cgit v1.2.3 From 168cf3b9d4ca004dd589d14f4c8f31cd0d7e1265 Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 29 Mar 2012 21:08:10 -0700 Subject: zrl on mentions --- include/conversation.php | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'include') diff --git a/include/conversation.php b/include/conversation.php index 37856651e..6283cfe0a 100755 --- a/include/conversation.php +++ b/include/conversation.php @@ -166,6 +166,12 @@ function localize_item(&$item){ } } } + $matches = null; + if(preg_match_all('/@[url=(.*?)]/is',$item['body'],$matches,PREG_SET_ORDER)) { + foreach($matches as $mtch) { + $item['body'] = str_replace($mtch[0],'@[url=' . zrl($mtch[1]). ']',$item['body']); + } + } } -- cgit v1.2.3 From 9332312ce93cd4b7113f31109d4c1dd1656f6189 Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 29 Mar 2012 21:18:47 -0700 Subject: silly mistake --- include/conversation.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/conversation.php b/include/conversation.php index 6283cfe0a..1c3ee43b0 100755 --- a/include/conversation.php +++ b/include/conversation.php @@ -167,9 +167,10 @@ function localize_item(&$item){ } } $matches = null; - if(preg_match_all('/@[url=(.*?)]/is',$item['body'],$matches,PREG_SET_ORDER)) { + if(preg_match_all('/@\[url=(.*?)\]/is',$item['body'],$matches,PREG_SET_ORDER)) { foreach($matches as $mtch) { - $item['body'] = str_replace($mtch[0],'@[url=' . zrl($mtch[1]). ']',$item['body']); + if(! strpos($mtch[1],'zrl=')) + $item['body'] = str_replace($mtch[0],'@[url=' . zrl($mtch[1]). ']',$item['body']); } } -- cgit v1.2.3 From e2c295c01f92cf9a1550a231296ff4723172592b Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 29 Mar 2012 21:44:30 -0700 Subject: another silly mistake --- include/nav.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'include') diff --git a/include/nav.php b/include/nav.php index d4f22e7ee..2c9c643a9 100755 --- a/include/nav.php +++ b/include/nav.php @@ -69,9 +69,9 @@ function nav(&$a) { * "Home" should also take you home from an authenticated remote profile connection */ - $homelink = ((x($_SESSION,'visitor_home')) ? $_SESSION['visitor_home'] : ''); - if(get_my_url()) - $homelink = get_my_url(); + $homelink = get_my_url(); + if(! $homelink) + $homelink = ((x($_SESSION,'visitor_home')) ? $_SESSION['visitor_home'] : ''); if(($a->module != 'home') && (! (local_user()))) $nav['home'] = array($homelink, t('Home'), "", t('Home Page')); -- cgit v1.2.3 From 87539dbec4b73039f7f5e4fa58c3398d9e496834 Mon Sep 17 00:00:00 2001 From: friendica Date: Fri, 30 Mar 2012 02:22:57 -0700 Subject: bug #352 - qcomment plugin disabled, qcomments still allowed --- include/conversation.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/conversation.php b/include/conversation.php index 1c3ee43b0..402713b32 100755 --- a/include/conversation.php +++ b/include/conversation.php @@ -532,9 +532,12 @@ function conversation(&$a, $items, $mode, $update, $preview = false) { if ($shareable) $likebuttons['share'] = array( t('Share this'), t('share')); } + $qc = $qcomment = null; - $qc = ((local_user()) ? get_pconfig(local_user(),'qcomment','words') : null); - $qcomment = (($qc) ? explode("\n",$qc) : null); + if(in_array('qcomment',$a->plugins)) { + $qc = ((local_user()) ? get_pconfig(local_user(),'qcomment','words') : null); + $qcomment = (($qc) ? explode("\n",$qc) : null); + } if(($show_comment_box) || (($show_comment_box == false) && ($override_comment_box == false) && ($item['last-child']))) { $comment = replace_macros($cmnt_tpl,array( -- cgit v1.2.3 From bcc58016089c5e5c0e1e5e247d9253b4ac664c2c Mon Sep 17 00:00:00 2001 From: friendica Date: Fri, 30 Mar 2012 02:42:36 -0700 Subject: rename "file as" to "save to folder" --- include/contact_widgets.php | 2 +- include/conversation.php | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'include') diff --git a/include/contact_widgets.php b/include/contact_widgets.php index 9d7085d20..1f70e536f 100755 --- a/include/contact_widgets.php +++ b/include/contact_widgets.php @@ -93,7 +93,7 @@ function fileas_widget($baseurl,$selected = '') { } return replace_macros(get_markup_template('fileas_widget.tpl'),array( - '$title' => t('File Selections'), + '$title' => t('Saved Folders'), '$desc' => '', '$sel_all' => (($selected == '') ? 'selected' : ''), '$all' => t('Everything'), diff --git a/include/conversation.php b/include/conversation.php index 402713b32..a9fb807ad 100755 --- a/include/conversation.php +++ b/include/conversation.php @@ -595,7 +595,7 @@ function conversation(&$a, $items, $mode, $update, $preview = false) { 'classtagger' => "", ); } - $filer = t("file as"); + $filer = t("save to folder"); } @@ -915,7 +915,7 @@ function status_editor($a,$x, $notes_cid = 0, $popup=false) { '$vidurl' => t("Please enter a video link/URL:"), '$audurl' => t("Please enter an audio link/URL:"), '$term' => t('Tag term:'), - '$fileas' => t('File as:'), + '$fileas' => t('Save to Folder:'), '$whereareu' => t('Where are you right now?') )); -- cgit v1.2.3 From 17c908973fc3574eb2d190f3d401e39823b4bb14 Mon Sep 17 00:00:00 2001 From: Tobias Diekershoff Date: Fri, 30 Mar 2012 15:19:17 +0200 Subject: catch OpenID login errors in cases when the OpenID server does not answers --- include/auth.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/auth.php b/include/auth.php index 835616a82..1341f3bb8 100755 --- a/include/auth.php +++ b/include/auth.php @@ -94,13 +94,17 @@ else { // Otherwise it's probably an openid. + try { require_once('library/openid.php'); $openid = new LightOpenID; $openid->identity = $openid_url; $_SESSION['openid'] = $openid_url; $a = get_app(); $openid->returnUrl = $a->get_baseurl(true) . '/openid'; - goaway($openid->authUrl()); + goaway($openid->authUrl()); + } catch (Exception $e) { + notice( t('We encountered a problem while logging in with the OpenID you provided. Please check the correct spelling of the ID.').'

'. t('The error message was:').' '.$e->getMessage()); + } // NOTREACHED } } -- cgit v1.2.3 From 8c928e67ba9f122343f53400cf0f4dae8104ffd7 Mon Sep 17 00:00:00 2001 From: friendica Date: Fri, 30 Mar 2012 23:18:46 -0700 Subject: warning cleanup --- include/text.php | 1 - 1 file changed, 1 deletion(-) (limited to 'include') diff --git a/include/text.php b/include/text.php index 0b825cc39..f758c37ee 100644 --- a/include/text.php +++ b/include/text.php @@ -205,7 +205,6 @@ function hex2bin($s) { return ''; if(! ctype_xdigit($s)) { - logger('hex2bin: illegal input: ' . print_r(debug_backtrace(), true)); return($s); } -- cgit v1.2.3 From 0cf2e051bbe98166e99025bc1f32a6e8e08a26f2 Mon Sep 17 00:00:00 2001 From: friendica Date: Sat, 31 Mar 2012 14:48:35 -0700 Subject: escape % in file_tag_query as it is ultimately embedded in a sprintf --- include/text.php | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'include') diff --git a/include/text.php b/include/text.php index f758c37ee..64f6f72a8 100644 --- a/include/text.php +++ b/include/text.php @@ -1306,6 +1306,10 @@ function file_tag_decode($s) { } function file_tag_file_query($table,$s,$type = 'file') { + + // this is ultimately going into a vsprintf + $s = str_replace('%','%%',$s); + if($type == 'file') $str = preg_quote( '[' . file_tag_encode($s) . ']' ); else -- cgit v1.2.3 From 53f799f2bc125fadf527e3c65e8e9882d53d9aea Mon Sep 17 00:00:00 2001 From: friendica Date: Sat, 31 Mar 2012 15:25:17 -0700 Subject: handle escaped file chars in display and search --- include/contact_widgets.php | 2 +- include/text.php | 11 ++++------- 2 files changed, 5 insertions(+), 8 deletions(-) (limited to 'include') diff --git a/include/contact_widgets.php b/include/contact_widgets.php index 1f70e536f..7346b95af 100755 --- a/include/contact_widgets.php +++ b/include/contact_widgets.php @@ -87,7 +87,7 @@ function fileas_widget($baseurl,$selected = '') { $cnt = preg_match_all('/\[(.*?)\]/',$saved,$matches,PREG_SET_ORDER); if($cnt) { foreach($matches as $mtch) { - $unescaped = file_tag_decode($mtch[1]); + $unescaped = xmlify(file_tag_decode($mtch[1])); $terms[] = array('name' => $unescaped,'selected' => (($selected == $unescaped) ? 'selected' : '')); } } diff --git a/include/text.php b/include/text.php index 64f6f72a8..191f4fca8 100644 --- a/include/text.php +++ b/include/text.php @@ -920,7 +920,7 @@ function prepare_body($item,$attach = false) { foreach($matches as $mtch) { if(strlen($x)) $x .= ','; - $x .= file_tag_decode($mtch[1]); + $x .= xmlify(file_tag_decode($mtch[1])); } if(strlen($x)) $s .= '
' . t('Categories:') . ' ' . $x . '
'; @@ -935,7 +935,7 @@ function prepare_body($item,$attach = false) { foreach($matches as $mtch) { if(strlen($x)) $x .= '   '; - $x .= file_tag_decode($mtch[1]). ' ' . t('[remove]') . ''; + $x .= xmlify(file_tag_decode($mtch[1])) . ' ' . t('[remove]') . ''; } if(strlen($x) && (local_user() == $item['uid'])) $s .= '
' . t('Filed under:') . ' ' . $x . '
'; @@ -1307,13 +1307,10 @@ function file_tag_decode($s) { function file_tag_file_query($table,$s,$type = 'file') { - // this is ultimately going into a vsprintf - $s = str_replace('%','%%',$s); - if($type == 'file') - $str = preg_quote( '[' . file_tag_encode($s) . ']' ); + $str = preg_quote( '[' . str_replace('%','%%',file_tag_encode($s)) . ']' ); else - $str = preg_quote( '<' . file_tag_encode($s) . '>' ); + $str = preg_quote( '<' . str_replace('%','%%',file_tag_encode($s)) . '>' ); return " AND " . (($table) ? dbesc($table) . '.' : '') . "file regexp '" . dbesc($str) . "' "; } -- cgit v1.2.3 From e6fd6bfd89ada9b5aeea8fcac1614546deba85aa Mon Sep 17 00:00:00 2001 From: friendica Date: Sat, 31 Mar 2012 17:44:34 -0700 Subject: more error handling --- include/conversation.php | 2 +- include/network.php | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/conversation.php b/include/conversation.php index a9fb807ad..5a922b2b5 100755 --- a/include/conversation.php +++ b/include/conversation.php @@ -250,7 +250,7 @@ function conversation(&$a, $items, $mode, $update, $preview = false) { $threads = array(); $threadsid = -1; - if(count($items)) { + if($items && count($items)) { if($mode === 'network-new' || $mode === 'search' || $mode === 'community') { diff --git a/include/network.php b/include/network.php index 22157ff18..9e1ed2091 100755 --- a/include/network.php +++ b/include/network.php @@ -364,6 +364,9 @@ function lrdd($uri, $debug = false) { logger('lrdd: host_meta: ' . $xml, LOGGER_DATA); + if(! stristr($xml,' Date: Sun, 1 Apr 2012 04:52:45 -0300 Subject: line 86: s/Friendika/Friendica/ --- include/api.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/api.php b/include/api.php index 64772d657..065f14cff 100755 --- a/include/api.php +++ b/include/api.php @@ -83,7 +83,7 @@ $record = $r[0]; } else { logger('API_login failure: ' . print_r($_SERVER,true), LOGGER_DEBUG); - header('WWW-Authenticate: Basic realm="Friendika"'); + header('WWW-Authenticate: Basic realm="Friendica"'); header('HTTP/1.0 401 Unauthorized'); die('This api requires login'); } -- cgit v1.2.3 From 5c2fdc795fc5273176a7f81d989ad06e16945f1c Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 1 Apr 2012 00:59:35 -0700 Subject: send unverified private mail using zrl --- include/message.php | 85 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 85 insertions(+) (limited to 'include') diff --git a/include/message.php b/include/message.php index 7ad80ae9c..377d7c715 100755 --- a/include/message.php +++ b/include/message.php @@ -1,4 +1,5 @@ get_baseurl() . ':' . local_user() . ':' . $hash ; + + $convid = 0; + $reply = false; + + require_once('include/Scrape.php'); + + $me = probe_url($replyto); + + if(! $me['name']) + return -2; + + $conv_guid = get_guid(); + + $recip_handle = $recipient['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); + + $sender_nick = basename($replyto); + $sender_host = substr($replyto,strpos($replyto,'://')+3); + $sender_host = substr($sender_host,0,strpos($sender_host,'/')); + $sender_handle = $sender_nick . '@' . $sender_host; + + $handles = $recip_handle . ';' . $sender_handle; + + $r = q("insert into conv (uid,guid,creator,created,updated,subject,recips) values(%d, '%s', '%s', '%s', '%s', '%s', '%s') ", + intval(local_user()), + dbesc($conv_guid), + dbesc($sender_handle), + dbesc(datetime_convert()), + dbesc(datetime_convert()), + dbesc($subject), + dbesc($handles) + ); + + $r = q("select * from conv where guid = '%s' and uid = %d limit 1", + dbesc($conv_guid), + intval($recipient['uid']) + ); + if(count($r)) + $convid = $r[0]['id']; + + if(! $convid) { + logger('send message: conversation not found.'); + return -4; + } + + $r = q("INSERT INTO `mail` ( `uid`, `guid`, `convid`, `from-name`, `from-photo`, `from-url`, + `contact-id`, `title`, `body`, `seen`, `reply`, `replied`, `uri`, `parent-uri`, `created`, `unknown`) + VALUES ( %d, '%s', %d, '%s', '%s', '%s', %d, '%s', '%s', %d, %d, %d, '%s', '%s', '%s', %d )", + intval($recipient['uid']), + dbesc(get_guid()), + intval($convid), + dbesc($me['name']), + dbesc($me['photo']), + dbesc($me['url']), + 0, + dbesc($subject), + dbesc($body), + 0, + 0, + 0, + dbesc($uri), + dbesc($replyto), + datetime_convert(), + 1 + ); + + return 0; + +} -- cgit v1.2.3 From f0b8d016154e274f5bfe4d3ec5ac3950621cc2ce Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 1 Apr 2012 03:19:37 -0700 Subject: try slightly better detection of html in feeds --- include/items.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'include') diff --git a/include/items.php b/include/items.php index 9f7eb84d9..e09b888ca 100755 --- a/include/items.php +++ b/include/items.php @@ -416,7 +416,7 @@ function get_atom_elements($feed,$item) { // the wild, by sanitising it and converting supported tags to bbcode before we rip out any remaining // html. - if((strpos($res['body'],'<') !== false) || (strpos($res['body'],'>') !== false)) { + if((strpos($res['body'],'<') !== false) && (strpos($res['body'],'>') !== false)) { $res['body'] = reltoabs($res['body'],$base_url); @@ -429,13 +429,14 @@ function get_atom_elements($feed,$item) { // we shouldn't need a whitelist, because the bbcode converter // will strip out any unsupported tags. - // $config->set('HTML.Allowed', 'p,b,a[href],i'); $purifier = new HTMLPurifier($config); $res['body'] = $purifier->purify($res['body']); - $res['body'] = html2bbcode($res['body']); + $res['body'] = @html2bbcode($res['body']); } + else + $res['body'] = escape_tags($res['body']); $allow = $item->get_item_tags(NAMESPACE_DFRN,'comment-allow'); if($allow && $allow[0]['data'] == 1) -- cgit v1.2.3 From 9b4bef8ac49131f8138d360805645e2da44913ae Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 1 Apr 2012 06:46:12 -0700 Subject: that didn't quite work out --- include/items.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/items.php b/include/items.php index e09b888ca..8f8b3ccd0 100755 --- a/include/items.php +++ b/include/items.php @@ -435,8 +435,8 @@ function get_atom_elements($feed,$item) { $res['body'] = @html2bbcode($res['body']); } - else - $res['body'] = escape_tags($res['body']); +// else +// $res['body'] = escape_tags($res['body']); $allow = $item->get_item_tags(NAMESPACE_DFRN,'comment-allow'); if($allow && $allow[0]['data'] == 1) -- cgit v1.2.3 From 00bbb9ad362539cc945254eb66af33e2e470440b Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 1 Apr 2012 15:43:57 -0700 Subject: slight improvement in handling of plaintext feeds --- include/items.php | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/items.php b/include/items.php index 8f8b3ccd0..ee6960534 100755 --- a/include/items.php +++ b/include/items.php @@ -435,8 +435,15 @@ function get_atom_elements($feed,$item) { $res['body'] = @html2bbcode($res['body']); } -// else -// $res['body'] = escape_tags($res['body']); + elseif(! $have_real_body) { + + // it's not one of our messages and it has no tags + // so it's probably just text. We'll escape it just to be safe. + + $res['body'] = escape_tags($res['body']); + } + + // this tag is obsolete but we keep it for really old sites $allow = $item->get_item_tags(NAMESPACE_DFRN,'comment-allow'); if($allow && $allow[0]['data'] == 1) -- cgit v1.2.3