From ecb2e52a7411a8a39b8030964604f0f28f2facce Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 16 Mar 2014 20:34:21 -0700 Subject: little fixes of hopefully nil significance --- include/api.php | 14 ++++---------- include/bbcode.php | 9 ++++++--- include/oembed.php | 2 +- include/reddav.php | 4 ++-- include/text.php | 5 +++++ 5 files changed, 18 insertions(+), 16 deletions(-) (limited to 'include') diff --git a/include/api.php b/include/api.php index dd6733fe0..57551a3b0 100644 --- a/include/api.php +++ b/include/api.php @@ -533,12 +533,6 @@ require_once('include/items.php'); api_register_func('api/red/channel/export/basic','api_export_basic', true); - - - - - - function api_channel_stream(&$a, $type) { if(api_user() === false) { logger('api_channel_stream: no user'); @@ -700,12 +694,12 @@ require_once('include/items.php'); function red_item_new(&$a, $type) { if (api_user() === false) { - logger('api_statuses_update: no user'); + logger('api_red_item_new: no user'); return false; } - logger('api_statuses_update: REQUEST ' . print_r($_REQUEST,true)); - logger('api_statuses_update: FILES ' . print_r($_FILES,true)); + logger('api_red_item_new: REQUEST ' . print_r($_REQUEST,true)); + logger('api_red_item_new: FILES ' . print_r($_FILES,true)); // set this so that the item_post() function is quiet and doesn't redirect or emit json @@ -1698,7 +1692,7 @@ require_once('include/items.php'); 'broughtbyurl' => '', 'timezone' => 'UTC', 'closed' => $closed, 'inviteonly' => 'false', 'private' => $private, 'textlimit' => $textlimit, 'sslserver' => $sslserver, 'ssl' => $ssl, 'shorturllength' => '30', - 'friendica' => array( + 'redmatrix' => array( 'RED_PLATFORM' => RED_PLATFORM, 'RED_VERSION' => RED_VERSION, 'ZOT_REVISION' => ZOT_REVISION, diff --git a/include/bbcode.php b/include/bbcode.php index cd0bf527e..c8d1ab425 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -229,9 +229,12 @@ function bb_location($match) { function bbiframe($match) { $a = get_app(); - if(strpos($match[1],get_app()->get_hostname())) - return '' . $match[1] . ''; - return ''; + + // use sandbox mode to prevent malicious goings on rather than host restriction + // if(strpos($match[1],get_app()->get_hostname())) + // return '' . $match[1] . ''; + + return ''; } function bb_ShareAttributesSimple($match) { diff --git a/include/oembed.php b/include/oembed.php index 57631b051..46b1d72c4 100755 --- a/include/oembed.php +++ b/include/oembed.php @@ -165,7 +165,7 @@ function oembed_iframe($src,$width,$height) { $a = get_app(); $s = $a->get_baseurl()."/oembed/".base64url_encode($src); - return ''; + return ''; } diff --git a/include/reddav.php b/include/reddav.php index 2a26ac42a..a39a84e21 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -708,7 +708,7 @@ function RedFileData($file, &$auth,$test = false) { $r = q("select id, uid, hash, filename, filetype, filesize, revision, folder, flags, created, edited from attach where folder = '%s' and filename = '%s' and uid = %d $perms group by filename limit 1", dbesc($folder), - basename($file), + dbesc(basename($file)), intval($channel_id) ); @@ -719,7 +719,7 @@ function RedFileData($file, &$auth,$test = false) { $r = q("select id, uid, hash, filename, filetype, filesize, revision, folder, flags, created, edited from attach where folder = '%s' and filename = '%s' and uid = %d group by filename limit 1", dbesc($folder), - basename($file), + dbesc(basename($file)), intval($channel_id) ); if($r) diff --git a/include/text.php b/include/text.php index 53b92c05f..e3b1f1c4e 100755 --- a/include/text.php +++ b/include/text.php @@ -278,6 +278,11 @@ function hex2bin($s) { if(! (is_string($s) && strlen($s))) return ''; + if(strlen($s) & 1) { + logger('hex2bin: illegal hex string: ' . $s); + return $s; + } + if(! ctype_xdigit($s)) { return($s); } -- cgit v1.2.3