harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

input filter updates

Browse Source
This commit is contained in:
zotlabs
2017-03-14 17:07:29 -07:00
parent 2f5f1a4d64
commit 2c73b457ef
6 changed files with 59 additions and 105 deletions
Download Patch File Download Diff File Expand all files Collapse all files

91
include/items.php
View File

@@ -334,18 +334,6 @@ function post_activity_item($arr,$allow_code = false,$deliver = true) {
if(! array_key_exists('mimetype',$arr))
$arr['mimetype'] = 'text/bbcode';
if(array_key_exists('item_private',$arr) && $arr['item_private']) {
$arr['body'] = trim(z_input_filter($arr['uid'],$arr['body'],$arr['mimetype']));
if($channel) {
if($channel['channel_hash'] === $arr['author_xchan']) {
$arr['sig'] = base64url_encode(rsa_sign($arr['body'],$channel['channel_prvkey']));
$arr['item_verified'] = 1;
}
}
}
$arr['mid'] = ((x($arr,'mid')) ? $arr['mid'] : item_message_id());
$arr['parent_mid'] = ((x($arr,'parent_mid')) ? $arr['parent_mid'] : $arr['mid']);
$arr['thr_parent'] = ((x($arr,'thr_parent')) ? $arr['thr_parent'] : $arr['mid']);
@@ -1483,35 +1471,36 @@ function item_store($arr, $allow_exec = false, $deliver = true) {
// obsolete, but needed so as not to throw not-null constraints on some database driveres
$arr['item_flags'] = ((x($arr,'item_flags')) ? intval($arr['item_flags']) : 0 );
// only detect language if we have text content, and if the post is private but not yet
// obscured, make it so.
if((! array_key_exists('item_obscured',$arr)) || $arr['item_obscured'] == 0) {
$arr['lang'] = detect_language($arr['body']);
// apply the input filter here - if it is obscured it has been filtered already
$arr['body'] = trim(z_input_filter($arr['uid'],$arr['body'],$arr['mimetype']));
$arr['lang'] = detect_language($arr['body']);
// apply the input filter here
$arr['body'] = trim(z_input_filter($arr['body'],$arr['mimetype'],$allow_exec));
if(local_channel() && (local_channel() == $arr['uid']) && (! $arr['sig'])) {
if(local_channel() && (local_channel() == $arr['uid'])) {
if(! $arr['sig']) {
$channel = App::get_channel();
if($channel['channel_hash'] === $arr['author_xchan']) {
$arr['sig'] = base64url_encode(rsa_sign($arr['body'],$channel['channel_prvkey']));
$arr['item_verified'] = 1;
}
}
}
$allowed_languages = get_pconfig($arr['uid'],'system','allowed_languages');
if(! array_key_exists('sig',$arr))
$arr['sig'] = '';
if((is_array($allowed_languages)) && ($arr['lang']) && (! array_key_exists($arr['lang'],$allowed_languages))) {
$translate = array('item' => $arr, 'from' => $arr['lang'], 'to' => $allowed_languages, 'translated' => false);
call_hooks('item_translate', $translate);
if((! $translate['translated']) && (intval(get_pconfig($arr['uid'],'system','reject_disallowed_languages')))) {
logger('item_store: language ' . $arr['lang'] . ' not accepted for uid ' . $arr['uid']);
$ret['message'] = 'language not accepted';
return $ret;
}
$arr = $translate['item'];
$allowed_languages = get_pconfig($arr['uid'],'system','allowed_languages');
if((is_array($allowed_languages)) && ($arr['lang']) && (! array_key_exists($arr['lang'],$allowed_languages))) {
$translate = array('item' => $arr, 'from' => $arr['lang'], 'to' => $allowed_languages, 'translated' => false);
call_hooks('item_translate', $translate);
if((! $translate['translated']) && (intval(get_pconfig($arr['uid'],'system','reject_disallowed_languages')))) {
logger('item_store: language ' . $arr['lang'] . ' not accepted for uid ' . $arr['uid']);
$ret['message'] = 'language not accepted';
return $ret;
}
$arr = $translate['item'];
}
if((x($arr,'obj')) && is_array($arr['obj'])) {
@@ -1907,35 +1896,33 @@ function item_store_update($arr,$allow_exec = false, $deliver = true) {
return $ret;
}
if((! array_key_exists('item_obscured', $arr)) || $arr['item_obscured'] == 0) {
$arr['lang'] = detect_language($arr['body']);
$arr['lang'] = detect_language($arr['body']);
// apply the input filter here - if it is obscured it has been filtered already
$arr['body'] = trim(z_input_filter($arr['uid'],$arr['body'],$arr['mimetype']));
// apply the input filter here
$arr['body'] = trim($arr['body'],$arr['mimetype'],$allow_exec);
if(local_channel() && (local_channel() == $arr['uid']) && (! $arr['sig'])) {
$channel = App::get_channel();
if($channel['channel_hash'] === $arr['author_xchan']) {
$arr['sig'] = base64url_encode(rsa_sign($arr['body'],$channel['channel_prvkey']));
$arr['item_verified'] = 1;
}
}
$allowed_languages = get_pconfig($arr['uid'],'system','allowed_languages');
if((is_array($allowed_languages)) && ($arr['lang']) && (! array_key_exists($arr['lang'],$allowed_languages))) {
$translate = array('item' => $arr, 'from' => $arr['lang'], 'to' => $allowed_languages, 'translated' => false);
call_hooks('item_translate', $translate);
if((! $translate['translated']) && (intval(get_pconfig($arr['uid'],'system','reject_disallowed_languages')))) {
logger('item_store: language ' . $arr['lang'] . ' not accepted for uid ' . $arr['uid']);
$ret['message'] = 'language not accepted';
return $ret;
}
$arr = $translate['item'];
if(local_channel() && (local_channel() == $arr['uid']) && (! $arr['sig'])) {
$channel = App::get_channel();
if($channel['channel_hash'] === $arr['author_xchan']) {
$arr['sig'] = base64url_encode(rsa_sign($arr['body'],$channel['channel_prvkey']));
$arr['item_verified'] = 1;
}
}
$allowed_languages = get_pconfig($arr['uid'],'system','allowed_languages');
if((is_array($allowed_languages)) && ($arr['lang']) && (! array_key_exists($arr['lang'],$allowed_languages))) {
$translate = array('item' => $arr, 'from' => $arr['lang'], 'to' => $allowed_languages, 'translated' => false);
call_hooks('item_translate', $translate);
if((! $translate['translated']) && (intval(get_pconfig($arr['uid'],'system','reject_disallowed_languages')))) {
logger('item_store: language ' . $arr['lang'] . ' not accepted for uid ' . $arr['uid']);
$ret['message'] = 'language not accepted';
return $ret;
}
$arr = $translate['item'];
}
if((x($arr,'obj')) && is_array($arr['obj'])) {
activity_sanitise($arr['obj']);
$arr['obj'] = json_encode($arr['obj']);

18
include/text.php
View File

@@ -3,6 +3,7 @@
* @file include/text.php
*/
use \Zotlabs\Lib as Zlib;
use \Michelf\MarkdownExtra;
require_once("include/bbcode.php");
@@ -89,12 +90,10 @@ function escape_tags($string) {
}
function z_input_filter($channel_id,$s,$type = 'text/bbcode') {
function z_input_filter($s,$type = 'text/bbcode',$allow_code = false) {
if($type === 'text/bbcode')
return escape_tags($s);
if($type === 'text/markdown')
return escape_tags($s);
if($type == 'text/plain')
return escape_tags($s);
if($type == 'application/x-pdl')
@@ -104,13 +103,17 @@ function z_input_filter($channel_id,$s,$type = 'text/bbcode') {
return $s;
}
$r = q("select channel_pageflags from channel where channel_id = %d limit 1",
intval($channel_id)
);
if(($r) && (local_channel() == $channel_id) && ($r[0]['channel_pageflags'] & PAGE_ALLOWCODE)) {
if($allow_code) {
if($type === 'text/markdown')
return htmlspecialchars($s,ENT_QUOTES);
return $s;
}
if($type === 'text/markdown') {
$x = new Zlib\MarkdownSoap($s);
return $x->clean();
}
if($type === 'text/html')
return purify_html($s);
@@ -1636,6 +1639,7 @@ function prepare_text($text, $content_type = 'text/bbcode', $cache = false) {
break;
case 'text/markdown':
$text = Zlib\MarkdownSoap::unescape($text);
$s = MarkdownExtra::defaultTransform($text);
break;