input filter updates
This commit is contained in:
zotlabs
parent
2f5f1a4d64
commit
2c73b457ef
@ -5,7 +5,7 @@ namespace Zotlabs\Lib;
|
||||
/**
|
||||
* MarkdownSoap
|
||||
* Purify Markdown for storage
|
||||
* $x = newMarkdownSoap($string_to_be_cleansed);
|
||||
* $x = new MarkdownSoap($string_to_be_cleansed);
|
||||
* $text = $x->clean();
|
||||
*
|
||||
* What this does:
|
||||
|
||||
@ -307,34 +307,6 @@ class NativeWikiPage {
|
||||
return null;
|
||||
}
|
||||
|
||||
|
||||
|
||||
static public function prepare_content($s) {
|
||||
|
||||
$text = preg_replace_callback('{
|
||||
(?:\n\n|\A\n?)
|
||||
( # $1 = the code block -- one or more lines, starting with a space/tab
|
||||
(?>
|
||||
[ ]{'.'4'.'} # Lines must start with a tab or a tab-width of spaces
|
||||
.*\n+
|
||||
)+
|
||||
)
|
||||
((?=^[ ]{0,'.'4'.'}\S)|\Z) # Lookahead for non-space at line-start, or end of doc
|
||||
}xm',
|
||||
'self::nwiki_prepare_content_callback', $s);
|
||||
|
||||
return $text;
|
||||
}
|
||||
|
||||
static public function nwiki_prepare_content_callback($matches) {
|
||||
$codeblock = $matches[1];
|
||||
|
||||
$codeblock = htmlspecialchars($codeblock, ENT_NOQUOTES, UTF8, false);
|
||||
return "\n\n" . $codeblock ;
|
||||
}
|
||||
|
||||
|
||||
|
||||
static public function save_page($arr) {
|
||||
|
||||
$pageUrlName = ((array_key_exists('pageUrlName',$arr)) ? $arr['pageUrlName'] : '');
|
||||
@ -352,7 +324,8 @@ class NativeWikiPage {
|
||||
|
||||
$mimetype = $w['mimeType'];
|
||||
if($mimetype === 'text/markdown') {
|
||||
$content = purify_html(Zlib\NativeWikiPage::prepare_content($content));
|
||||
$x = new Zlib\MarkdownSoap($content);
|
||||
$content = $x->clean();
|
||||
}
|
||||
else {
|
||||
$content = escape_tags($content);
|
||||
|
||||
@ -471,15 +471,16 @@ class Item extends \Zotlabs\Web\Controller {
|
||||
if(! $mimetype)
|
||||
$mimetype = 'text/bbcode';
|
||||
|
||||
|
||||
$execflag = ((intval($uid) == intval($profile_uid)
|
||||
&& ($channel['channel_pageflags'] & PAGE_ALLOWCODE)) ? true : false);
|
||||
|
||||
if($preview) {
|
||||
$body = z_input_filter($profile_uid,$body,$mimetype);
|
||||
$body = z_input_filter($body,$mimetype,$execflag);
|
||||
}
|
||||
|
||||
|
||||
// Verify ability to use html or php!!!
|
||||
|
||||
$execflag = ((intval($channel['channel_id']) == intval($profile_uid) && ($channel['channel_pageflags'] & PAGE_ALLOWCODE)) ? true : false);
|
||||
|
||||
$gacl = $acl->get();
|
||||
$str_contact_allow = $gacl['allow_cid'];
|
||||
$str_group_allow = $gacl['allow_gid'];
|
||||
@ -843,18 +844,6 @@ class Item extends \Zotlabs\Web\Controller {
|
||||
if(mb_strlen($datarray['title']) > 255)
|
||||
$datarray['title'] = mb_substr($datarray['title'],0,255);
|
||||
|
||||
if(array_key_exists('item_private',$datarray) && $datarray['item_private']) {
|
||||
|
||||
$datarray['body'] = trim(z_input_filter($datarray['uid'],$datarray['body'],$datarray['mimetype']));
|
||||
|
||||
if($uid) {
|
||||
if($channel['channel_hash'] === $datarray['author_xchan']) {
|
||||
$datarray['sig'] = base64url_encode(rsa_sign($datarray['body'],$channel['channel_prvkey']));
|
||||
$datarray['item_verified'] = 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if($webpage) {
|
||||
Zlib\IConfig::Set($datarray,'system', webpage_to_namespace($webpage),
|
||||
(($pagetitle) ? $pagetitle : substr($datarray['mid'],0,16)),true);
|
||||
|
||||
@ -243,6 +243,7 @@ class Wiki extends \Zotlabs\Web\Controller {
|
||||
$renderedContent = Zlib\NativeWikiPage::convert_links(zidify_links(smilies(bbcode($content))), argv(0) . '/' . argv(1) . '/' . $wikiUrlName);
|
||||
}
|
||||
else {
|
||||
$content = Zlib\MarkdownSoap::unescape($content);
|
||||
$html = Zlib\NativeWikiPage::generate_toc(zidify_text(purify_html(MarkdownExtra::defaultTransform(Zlib\NativeWikiPage::bbcode($content)))));
|
||||
$renderedContent = Zlib\NativeWikiPage::convert_links($html, argv(0) . '/' . argv(1) . '/' . $wikiUrlName);
|
||||
}
|
||||
|
||||
@ -334,18 +334,6 @@ function post_activity_item($arr,$allow_code = false,$deliver = true) {
|
||||
if(! array_key_exists('mimetype',$arr))
|
||||
$arr['mimetype'] = 'text/bbcode';
|
||||
|
||||
if(array_key_exists('item_private',$arr) && $arr['item_private']) {
|
||||
|
||||
$arr['body'] = trim(z_input_filter($arr['uid'],$arr['body'],$arr['mimetype']));
|
||||
|
||||
if($channel) {
|
||||
if($channel['channel_hash'] === $arr['author_xchan']) {
|
||||
$arr['sig'] = base64url_encode(rsa_sign($arr['body'],$channel['channel_prvkey']));
|
||||
$arr['item_verified'] = 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$arr['mid'] = ((x($arr,'mid')) ? $arr['mid'] : item_message_id());
|
||||
$arr['parent_mid'] = ((x($arr,'parent_mid')) ? $arr['parent_mid'] : $arr['mid']);
|
||||
$arr['thr_parent'] = ((x($arr,'thr_parent')) ? $arr['thr_parent'] : $arr['mid']);
|
||||
@ -1483,35 +1471,36 @@ function item_store($arr, $allow_exec = false, $deliver = true) {
|
||||
// obsolete, but needed so as not to throw not-null constraints on some database driveres
|
||||
$arr['item_flags'] = ((x($arr,'item_flags')) ? intval($arr['item_flags']) : 0 );
|
||||
|
||||
// only detect language if we have text content, and if the post is private but not yet
|
||||
// obscured, make it so.
|
||||
|
||||
if((! array_key_exists('item_obscured',$arr)) || $arr['item_obscured'] == 0) {
|
||||
|
||||
$arr['lang'] = detect_language($arr['body']);
|
||||
// apply the input filter here - if it is obscured it has been filtered already
|
||||
$arr['body'] = trim(z_input_filter($arr['uid'],$arr['body'],$arr['mimetype']));
|
||||
$arr['lang'] = detect_language($arr['body']);
|
||||
// apply the input filter here
|
||||
$arr['body'] = trim(z_input_filter($arr['body'],$arr['mimetype'],$allow_exec));
|
||||
|
||||
if(local_channel() && (local_channel() == $arr['uid']) && (! $arr['sig'])) {
|
||||
if(local_channel() && (local_channel() == $arr['uid'])) {
|
||||
if(! $arr['sig']) {
|
||||
$channel = App::get_channel();
|
||||
if($channel['channel_hash'] === $arr['author_xchan']) {
|
||||
$arr['sig'] = base64url_encode(rsa_sign($arr['body'],$channel['channel_prvkey']));
|
||||
$arr['item_verified'] = 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$allowed_languages = get_pconfig($arr['uid'],'system','allowed_languages');
|
||||
if(! array_key_exists('sig',$arr))
|
||||
$arr['sig'] = '';
|
||||
|
||||
if((is_array($allowed_languages)) && ($arr['lang']) && (! array_key_exists($arr['lang'],$allowed_languages))) {
|
||||
$translate = array('item' => $arr, 'from' => $arr['lang'], 'to' => $allowed_languages, 'translated' => false);
|
||||
call_hooks('item_translate', $translate);
|
||||
if((! $translate['translated']) && (intval(get_pconfig($arr['uid'],'system','reject_disallowed_languages')))) {
|
||||
logger('item_store: language ' . $arr['lang'] . ' not accepted for uid ' . $arr['uid']);
|
||||
$ret['message'] = 'language not accepted';
|
||||
return $ret;
|
||||
}
|
||||
$arr = $translate['item'];
|
||||
$allowed_languages = get_pconfig($arr['uid'],'system','allowed_languages');
|
||||
|
||||
if((is_array($allowed_languages)) && ($arr['lang']) && (! array_key_exists($arr['lang'],$allowed_languages))) {
|
||||
$translate = array('item' => $arr, 'from' => $arr['lang'], 'to' => $allowed_languages, 'translated' => false);
|
||||
call_hooks('item_translate', $translate);
|
||||
if((! $translate['translated']) && (intval(get_pconfig($arr['uid'],'system','reject_disallowed_languages')))) {
|
||||
logger('item_store: language ' . $arr['lang'] . ' not accepted for uid ' . $arr['uid']);
|
||||
$ret['message'] = 'language not accepted';
|
||||
return $ret;
|
||||
}
|
||||
$arr = $translate['item'];
|
||||
}
|
||||
|
||||
if((x($arr,'obj')) && is_array($arr['obj'])) {
|
||||
@ -1907,35 +1896,33 @@ function item_store_update($arr,$allow_exec = false, $deliver = true) {
|
||||
return $ret;
|
||||
}
|
||||
|
||||
if((! array_key_exists('item_obscured', $arr)) || $arr['item_obscured'] == 0) {
|
||||
|
||||
$arr['lang'] = detect_language($arr['body']);
|
||||
$arr['lang'] = detect_language($arr['body']);
|
||||
|
||||
// apply the input filter here - if it is obscured it has been filtered already
|
||||
$arr['body'] = trim(z_input_filter($arr['uid'],$arr['body'],$arr['mimetype']));
|
||||
// apply the input filter here
|
||||
$arr['body'] = trim($arr['body'],$arr['mimetype'],$allow_exec);
|
||||
|
||||
if(local_channel() && (local_channel() == $arr['uid']) && (! $arr['sig'])) {
|
||||
$channel = App::get_channel();
|
||||
if($channel['channel_hash'] === $arr['author_xchan']) {
|
||||
$arr['sig'] = base64url_encode(rsa_sign($arr['body'],$channel['channel_prvkey']));
|
||||
$arr['item_verified'] = 1;
|
||||
}
|
||||
}
|
||||
|
||||
$allowed_languages = get_pconfig($arr['uid'],'system','allowed_languages');
|
||||
|
||||
if((is_array($allowed_languages)) && ($arr['lang']) && (! array_key_exists($arr['lang'],$allowed_languages))) {
|
||||
$translate = array('item' => $arr, 'from' => $arr['lang'], 'to' => $allowed_languages, 'translated' => false);
|
||||
call_hooks('item_translate', $translate);
|
||||
if((! $translate['translated']) && (intval(get_pconfig($arr['uid'],'system','reject_disallowed_languages')))) {
|
||||
logger('item_store: language ' . $arr['lang'] . ' not accepted for uid ' . $arr['uid']);
|
||||
$ret['message'] = 'language not accepted';
|
||||
return $ret;
|
||||
}
|
||||
$arr = $translate['item'];
|
||||
if(local_channel() && (local_channel() == $arr['uid']) && (! $arr['sig'])) {
|
||||
$channel = App::get_channel();
|
||||
if($channel['channel_hash'] === $arr['author_xchan']) {
|
||||
$arr['sig'] = base64url_encode(rsa_sign($arr['body'],$channel['channel_prvkey']));
|
||||
$arr['item_verified'] = 1;
|
||||
}
|
||||
}
|
||||
|
||||
$allowed_languages = get_pconfig($arr['uid'],'system','allowed_languages');
|
||||
|
||||
if((is_array($allowed_languages)) && ($arr['lang']) && (! array_key_exists($arr['lang'],$allowed_languages))) {
|
||||
$translate = array('item' => $arr, 'from' => $arr['lang'], 'to' => $allowed_languages, 'translated' => false);
|
||||
call_hooks('item_translate', $translate);
|
||||
if((! $translate['translated']) && (intval(get_pconfig($arr['uid'],'system','reject_disallowed_languages')))) {
|
||||
logger('item_store: language ' . $arr['lang'] . ' not accepted for uid ' . $arr['uid']);
|
||||
$ret['message'] = 'language not accepted';
|
||||
return $ret;
|
||||
}
|
||||
$arr = $translate['item'];
|
||||
}
|
||||
|
||||
if((x($arr,'obj')) && is_array($arr['obj'])) {
|
||||
activity_sanitise($arr['obj']);
|
||||
$arr['obj'] = json_encode($arr['obj']);
|
||||
|
||||
@ -3,6 +3,7 @@
|
||||
* @file include/text.php
|
||||
*/
|
||||
|
||||
use \Zotlabs\Lib as Zlib;
|
||||
use \Michelf\MarkdownExtra;
|
||||
|
||||
require_once("include/bbcode.php");
|
||||
@ -89,12 +90,10 @@ function escape_tags($string) {
|
||||
}
|
||||
|
||||
|
||||
function z_input_filter($channel_id,$s,$type = 'text/bbcode') {
|
||||
function z_input_filter($s,$type = 'text/bbcode',$allow_code = false) {
|
||||
|
||||
if($type === 'text/bbcode')
|
||||
return escape_tags($s);
|
||||
if($type === 'text/markdown')
|
||||
return escape_tags($s);
|
||||
if($type == 'text/plain')
|
||||
return escape_tags($s);
|
||||
if($type == 'application/x-pdl')
|
||||
@ -104,13 +103,17 @@ function z_input_filter($channel_id,$s,$type = 'text/bbcode') {
|
||||
return $s;
|
||||
}
|
||||
|
||||
$r = q("select channel_pageflags from channel where channel_id = %d limit 1",
|
||||
intval($channel_id)
|
||||
);
|
||||
if(($r) && (local_channel() == $channel_id) && ($r[0]['channel_pageflags'] & PAGE_ALLOWCODE)) {
|
||||
if($allow_code) {
|
||||
if($type === 'text/markdown')
|
||||
return htmlspecialchars($s,ENT_QUOTES);
|
||||
return $s;
|
||||
}
|
||||
|
||||
if($type === 'text/markdown') {
|
||||
$x = new Zlib\MarkdownSoap($s);
|
||||
return $x->clean();
|
||||
}
|
||||
|
||||
if($type === 'text/html')
|
||||
return purify_html($s);
|
||||
|
||||
@ -1636,6 +1639,7 @@ function prepare_text($text, $content_type = 'text/bbcode', $cache = false) {
|
||||
break;
|
||||
|
||||
case 'text/markdown':
|
||||
$text = Zlib\MarkdownSoap::unescape($text);
|
||||
$s = MarkdownExtra::defaultTransform($text);
|
||||
break;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user