better handling of html special chars in wiki and wikipage names
This commit is contained in:
zotlabs
parent
f7f39cf6c0
commit
22839e48d0
@ -10,7 +10,8 @@ class NativeWiki {
|
|||||||
static public function listwikis($channel, $observer_hash) {
|
static public function listwikis($channel, $observer_hash) {
|
||||||
|
|
||||||
$sql_extra = item_permissions_sql($channel['channel_id'], $observer_hash);
|
$sql_extra = item_permissions_sql($channel['channel_id'], $observer_hash);
|
||||||
$wikis = q("SELECT * FROM item WHERE resource_type = '%s' AND mid = parent_mid AND uid = %d AND item_deleted = 0 $sql_extra",
|
$wikis = q("SELECT * FROM item
|
||||||
|
WHERE resource_type = '%s' AND mid = parent_mid AND uid = %d AND item_deleted = 0 $sql_extra",
|
||||||
dbesc(NWIKI_ITEM_RESOURCE_TYPE),
|
dbesc(NWIKI_ITEM_RESOURCE_TYPE),
|
||||||
intval($channel['channel_id'])
|
intval($channel['channel_id'])
|
||||||
);
|
);
|
||||||
@ -18,8 +19,8 @@ class NativeWiki {
|
|||||||
if($wikis) {
|
if($wikis) {
|
||||||
foreach($wikis as &$w) {
|
foreach($wikis as &$w) {
|
||||||
$w['rawName'] = get_iconfig($w, 'wiki', 'rawName');
|
$w['rawName'] = get_iconfig($w, 'wiki', 'rawName');
|
||||||
$w['htmlName'] = get_iconfig($w, 'wiki', 'htmlName');
|
$w['htmlName'] = escape_tags($w['rawName']);
|
||||||
$w['urlName'] = get_iconfig($w, 'wiki', 'urlName');
|
$w['urlName'] = urlencode(urlencode($w['rawName']));
|
||||||
$w['mimeType'] = get_iconfig($w, 'wiki', 'mimeType');
|
$w['mimeType'] = get_iconfig($w, 'wiki', 'mimeType');
|
||||||
$w['lock'] = (($w['item_private'] || $w['allow_cid'] || $w['allow_gid'] || $w['deny_cid'] || $w['deny_gid']) ? true : false);
|
$w['lock'] = (($w['item_private'] || $w['allow_cid'] || $w['allow_gid'] || $w['deny_cid'] || $w['deny_gid']) ? true : false);
|
||||||
}
|
}
|
||||||
@ -61,7 +62,7 @@ class NativeWiki {
|
|||||||
$arr['author_xchan'] = $observer_hash;
|
$arr['author_xchan'] = $observer_hash;
|
||||||
$arr['plink'] = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . urlencode($arr['mid']);
|
$arr['plink'] = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . urlencode($arr['mid']);
|
||||||
$arr['llink'] = $arr['plink'];
|
$arr['llink'] = $arr['plink'];
|
||||||
$arr['title'] = $wiki['htmlName']; // name of new wiki;
|
$arr['title'] = $wiki['htmlName']; // name of new wiki;
|
||||||
$arr['allow_cid'] = $ac['allow_cid'];
|
$arr['allow_cid'] = $ac['allow_cid'];
|
||||||
$arr['allow_gid'] = $ac['allow_gid'];
|
$arr['allow_gid'] = $ac['allow_gid'];
|
||||||
$arr['deny_cid'] = $ac['deny_cid'];
|
$arr['deny_cid'] = $ac['deny_cid'];
|
||||||
@ -78,17 +79,12 @@ class NativeWiki {
|
|||||||
if(! set_iconfig($arr, 'wiki', 'rawName', $wiki['rawName'], true)) {
|
if(! set_iconfig($arr, 'wiki', 'rawName', $wiki['rawName'], true)) {
|
||||||
return array('item' => null, 'success' => false);
|
return array('item' => null, 'success' => false);
|
||||||
}
|
}
|
||||||
if(! set_iconfig($arr, 'wiki', 'htmlName', $wiki['htmlName'], true)) {
|
|
||||||
return array('item' => null, 'success' => false);
|
|
||||||
}
|
|
||||||
if(! set_iconfig($arr, 'wiki', 'urlName', $wiki['urlName'], true)) {
|
|
||||||
return array('item' => null, 'success' => false);
|
|
||||||
}
|
|
||||||
if(! set_iconfig($arr, 'wiki', 'mimeType', $wiki['mimeType'], true)) {
|
if(! set_iconfig($arr, 'wiki', 'mimeType', $wiki['mimeType'], true)) {
|
||||||
return array('item' => null, 'success' => false);
|
return array('item' => null, 'success' => false);
|
||||||
}
|
}
|
||||||
|
|
||||||
$post = item_store($arr);
|
$post = item_store($arr);
|
||||||
|
|
||||||
$item_id = $post['item_id'];
|
$item_id = $post['item_id'];
|
||||||
|
|
||||||
if($item_id) {
|
if($item_id) {
|
||||||
@ -151,15 +147,13 @@ class NativeWiki {
|
|||||||
$w = $item[0]; // wiki item table record
|
$w = $item[0]; // wiki item table record
|
||||||
// Get wiki metadata
|
// Get wiki metadata
|
||||||
$rawName = get_iconfig($w, 'wiki', 'rawName');
|
$rawName = get_iconfig($w, 'wiki', 'rawName');
|
||||||
$htmlName = get_iconfig($w, 'wiki', 'htmlName');
|
|
||||||
$urlName = get_iconfig($w, 'wiki', 'urlName');
|
|
||||||
$mimeType = get_iconfig($w, 'wiki', 'mimeType');
|
$mimeType = get_iconfig($w, 'wiki', 'mimeType');
|
||||||
|
|
||||||
return array(
|
return array(
|
||||||
'wiki' => $w,
|
'wiki' => $w,
|
||||||
'rawName' => $rawName,
|
'rawName' => $rawName,
|
||||||
'htmlName' => $htmlName,
|
'htmlName' => escape_tags($rawName),
|
||||||
'urlName' => $urlName,
|
'urlName' => urlencode(urlencode($rawName)),
|
||||||
'mimeType' => $mimeType
|
'mimeType' => $mimeType
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
@ -170,10 +164,11 @@ class NativeWiki {
|
|||||||
|
|
||||||
$sql_extra = item_permissions_sql($uid);
|
$sql_extra = item_permissions_sql($uid);
|
||||||
|
|
||||||
$item = q("SELECT id, resource_id FROM item WHERE resource_type = '%s' AND title = '%s' AND uid = %d
|
$item = q("SELECT item.id, resource_id FROM item left join iconfig on iconfig.iid = item.id
|
||||||
|
WHERE resource_type = '%s' AND iconfig.v = '%s' AND uid = %d
|
||||||
AND item_deleted = 0 $sql_extra limit 1",
|
AND item_deleted = 0 $sql_extra limit 1",
|
||||||
dbesc(NWIKI_ITEM_RESOURCE_TYPE),
|
dbesc(NWIKI_ITEM_RESOURCE_TYPE),
|
||||||
dbesc(escape_tags(urldecode($urlName))),
|
dbesc(urldecode($urlName)),
|
||||||
intval($uid)
|
intval($uid)
|
||||||
);
|
);
|
||||||
|
|
||||||
|
|||||||
@ -32,8 +32,8 @@ class NativeWikiPage {
|
|||||||
if(urldecode($title) !== 'Home') {
|
if(urldecode($title) !== 'Home') {
|
||||||
$pages[] = [
|
$pages[] = [
|
||||||
'resource_id' => $resource_id,
|
'resource_id' => $resource_id,
|
||||||
'title' => urldecode($title),
|
'title' => escape_tags($title),
|
||||||
'url' => $title,
|
'url' => urlencode(urlencode($title)),
|
||||||
'link_id' => 'id_' . substr($resource_id, 0, 10) . '_' . $page_item['id']
|
'link_id' => 'id_' . substr($resource_id, 0, 10) . '_' . $page_item['id']
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
@ -59,7 +59,7 @@ class NativeWikiPage {
|
|||||||
// We may wish to change this some day.
|
// We may wish to change this some day.
|
||||||
$arr['item_unpublished'] = 1;
|
$arr['item_unpublished'] = 1;
|
||||||
|
|
||||||
set_iconfig($arr,'nwikipage','pagetitle',urlencode(($name) ? $name : t('(No Title)')),true);
|
set_iconfig($arr,'nwikipage','pagetitle',(($name) ? $name : t('(No Title)')),true);
|
||||||
|
|
||||||
$p = post_activity_item($arr, false, false);
|
$p = post_activity_item($arr, false, false);
|
||||||
|
|
||||||
@ -67,11 +67,11 @@ class NativeWikiPage {
|
|||||||
$page = [
|
$page = [
|
||||||
'rawName' => $name,
|
'rawName' => $name,
|
||||||
'htmlName' => escape_tags($name),
|
'htmlName' => escape_tags($name),
|
||||||
'urlName' => urlencode(escape_tags($name)),
|
'urlName' => urlencode($name),
|
||||||
'fileName' => urlencode(escape_tags($name)) . Zlib\NativeWikiPage::get_file_ext($w)
|
|
||||||
];
|
];
|
||||||
|
|
||||||
return array('page' => $page, 'item_id' => $p['item_id'], 'wiki' => $w, 'message' => '', 'success' => true);
|
return array('page' => $page, 'item_id' => $p['item_id'], 'item' => $p['activity'], 'wiki' => $w, 'message' => '', 'success' => true);
|
||||||
}
|
}
|
||||||
return [ 'success' => false, 'message' => t('Wiki page create failed.') ];
|
return [ 'success' => false, 'message' => t('Wiki page create failed.') ];
|
||||||
}
|
}
|
||||||
@ -134,6 +134,7 @@ class NativeWikiPage {
|
|||||||
$channel_id = ((array_key_exists('channel_id',$arr)) ? intval($arr['channel_id']) : 0);
|
$channel_id = ((array_key_exists('channel_id',$arr)) ? intval($arr['channel_id']) : 0);
|
||||||
$revision = ((array_key_exists('revision',$arr)) ? intval($arr['revision']) : (-1));
|
$revision = ((array_key_exists('revision',$arr)) ? intval($arr['revision']) : (-1));
|
||||||
|
|
||||||
|
|
||||||
$w = Zlib\NativeWiki::get_wiki($channel_id, $observer_hash, $resource_id);
|
$w = Zlib\NativeWiki::get_wiki($channel_id, $observer_hash, $resource_id);
|
||||||
if (! $w['wiki']) {
|
if (! $w['wiki']) {
|
||||||
return array('content' => null, 'message' => 'Error reading wiki', 'success' => false);
|
return array('content' => null, 'message' => 'Error reading wiki', 'success' => false);
|
||||||
|
|||||||
@ -189,8 +189,8 @@ class Wiki extends \Zotlabs\Web\Controller {
|
|||||||
// GET /wiki/channel/wiki/page
|
// GET /wiki/channel/wiki/page
|
||||||
// Fetch the wiki info and determine observer permissions
|
// Fetch the wiki info and determine observer permissions
|
||||||
|
|
||||||
$wikiUrlName = urlencode(argv(2));
|
$wikiUrlName = urldecode(argv(2));
|
||||||
$pageUrlName = urlencode(argv(3));
|
$pageUrlName = urldecode(argv(3));
|
||||||
|
|
||||||
$w = Zlib\NativeWiki::exists_by_name($owner['channel_id'], $wikiUrlName);
|
$w = Zlib\NativeWiki::exists_by_name($owner['channel_id'], $wikiUrlName);
|
||||||
|
|
||||||
@ -345,11 +345,11 @@ class Wiki extends \Zotlabs\Web\Controller {
|
|||||||
}
|
}
|
||||||
$wiki = array();
|
$wiki = array();
|
||||||
// Generate new wiki info from input name
|
// Generate new wiki info from input name
|
||||||
$wiki['postVisible'] = ((intval($_POST['postVisible']) === 0) ? 0 : 1);
|
$wiki['postVisible'] = ((intval($_POST['postVisible'])) ? 1 : 0);
|
||||||
$wiki['rawName'] = $_POST['wikiName'];
|
$wiki['rawName'] = $_POST['wikiName'];
|
||||||
$wiki['htmlName'] = escape_tags($_POST['wikiName']);
|
$wiki['htmlName'] = escape_tags($_POST['wikiName']);
|
||||||
$wiki['urlName'] = urlencode($_POST['wikiName']);
|
$wiki['urlName'] = urlencode(urlencode($_POST['wikiName']));
|
||||||
$wiki['mimeType'] = $_POST['mimeType'];
|
$wiki['mimeType'] = $_POST['mimeType'];
|
||||||
|
|
||||||
if($wiki['urlName'] === '') {
|
if($wiki['urlName'] === '') {
|
||||||
notice( t('Error creating wiki. Invalid name.') . EOL);
|
notice( t('Error creating wiki. Invalid name.') . EOL);
|
||||||
@ -367,6 +367,7 @@ class Wiki extends \Zotlabs\Web\Controller {
|
|||||||
notice( t('Wiki created, but error creating Home page.'));
|
notice( t('Wiki created, but error creating Home page.'));
|
||||||
goaway(z_root() . '/wiki/' . $nick . '/' . $wiki['urlName']);
|
goaway(z_root() . '/wiki/' . $nick . '/' . $wiki['urlName']);
|
||||||
}
|
}
|
||||||
|
Zlib\NativeWiki::sync_a_wiki_item($owner['channel_id'],$homePage['item_id'],$r['item']['resource_id']);
|
||||||
goaway(z_root() . '/wiki/' . $nick . '/' . $wiki['urlName'] . '/' . $homePage['page']['urlName']);
|
goaway(z_root() . '/wiki/' . $nick . '/' . $wiki['urlName'] . '/' . $homePage['page']['urlName']);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
@ -427,10 +428,10 @@ class Wiki extends \Zotlabs\Web\Controller {
|
|||||||
|
|
||||||
if($commit['success']) {
|
if($commit['success']) {
|
||||||
Zlib\NativeWiki::sync_a_wiki_item($owner['channel_id'],$commit['item_id'],$resource_id);
|
Zlib\NativeWiki::sync_a_wiki_item($owner['channel_id'],$commit['item_id'],$resource_id);
|
||||||
json_return_and_die(array('url' => '/' . argv(0) . '/' . argv(1) . '/' . $page['wiki']['urlName'] . '/' . $page['page']['urlName'], 'success' => true));
|
json_return_and_die(array('url' => '/' . argv(0) . '/' . argv(1) . '/' . urlencode($page['wiki']['urlName']) . '/' . urlencode($page['page']['urlName']), 'success' => true));
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
json_return_and_die(array('message' => 'Error making git commit','url' => '/' . argv(0) . '/' . argv(1) . '/' . $page['wiki']['urlName'] . '/' . urlencode($page['page']['urlName']),'success' => false));
|
json_return_and_die(array('message' => 'Error making git commit','url' => '/' . argv(0) . '/' . argv(1) . '/' . urlencode($page['wiki']['urlName']) . '/' . urlencode($page['page']['urlName']),'success' => false));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -386,18 +386,18 @@ function post_activity_item($arr,$allow_code = false,$deliver = true) {
|
|||||||
|
|
||||||
if($post['success']) {
|
if($post['success']) {
|
||||||
$post_id = $post['item_id'];
|
$post_id = $post['item_id'];
|
||||||
|
$ret['success'] = true;
|
||||||
$ret['item_id'] = $post_id;
|
$ret['item_id'] = $post_id;
|
||||||
|
$ret['activity'] = $post['item'];
|
||||||
|
call_hooks('post_local_end', $ret['activity']);
|
||||||
}
|
}
|
||||||
|
|
||||||
if($post_id && $deliver) {
|
if($post_id && $deliver) {
|
||||||
$arr['id'] = $post_id;
|
|
||||||
call_hooks('post_local_end', $arr);
|
|
||||||
Zotlabs\Daemon\Master::Summon(array('Notifier','activity',$post_id));
|
Zotlabs\Daemon\Master::Summon(array('Notifier','activity',$post_id));
|
||||||
$ret['success'] = true;
|
|
||||||
//$ret['item_id'] = $post_id;
|
|
||||||
$ret['activity'] = $post['item'];
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
$ret['success'] = true;
|
||||||
return $ret;
|
return $ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user