input filter updates
This commit is contained in:
@@ -307,34 +307,6 @@ class NativeWikiPage {
|
|||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
static public function prepare_content($s) {
|
|
||||||
|
|
||||||
$text = preg_replace_callback('{
|
|
||||||
(?:\n\n|\A\n?)
|
|
||||||
( # $1 = the code block -- one or more lines, starting with a space/tab
|
|
||||||
(?>
|
|
||||||
[ ]{'.'4'.'} # Lines must start with a tab or a tab-width of spaces
|
|
||||||
.*\n+
|
|
||||||
)+
|
|
||||||
)
|
|
||||||
((?=^[ ]{0,'.'4'.'}\S)|\Z) # Lookahead for non-space at line-start, or end of doc
|
|
||||||
}xm',
|
|
||||||
'self::nwiki_prepare_content_callback', $s);
|
|
||||||
|
|
||||||
return $text;
|
|
||||||
}
|
|
||||||
|
|
||||||
static public function nwiki_prepare_content_callback($matches) {
|
|
||||||
$codeblock = $matches[1];
|
|
||||||
|
|
||||||
$codeblock = htmlspecialchars($codeblock, ENT_NOQUOTES, UTF8, false);
|
|
||||||
return "\n\n" . $codeblock ;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
static public function save_page($arr) {
|
static public function save_page($arr) {
|
||||||
|
|
||||||
$pageUrlName = ((array_key_exists('pageUrlName',$arr)) ? $arr['pageUrlName'] : '');
|
$pageUrlName = ((array_key_exists('pageUrlName',$arr)) ? $arr['pageUrlName'] : '');
|
||||||
@@ -352,7 +324,8 @@ class NativeWikiPage {
|
|||||||
|
|
||||||
$mimetype = $w['mimeType'];
|
$mimetype = $w['mimeType'];
|
||||||
if($mimetype === 'text/markdown') {
|
if($mimetype === 'text/markdown') {
|
||||||
$content = purify_html(Zlib\NativeWikiPage::prepare_content($content));
|
$x = new Zlib\MarkdownSoap($content);
|
||||||
|
$content = $x->clean();
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$content = escape_tags($content);
|
$content = escape_tags($content);
|
||||||
|
@@ -471,15 +471,16 @@ class Item extends \Zotlabs\Web\Controller {
|
|||||||
if(! $mimetype)
|
if(! $mimetype)
|
||||||
$mimetype = 'text/bbcode';
|
$mimetype = 'text/bbcode';
|
||||||
|
|
||||||
|
|
||||||
|
$execflag = ((intval($uid) == intval($profile_uid)
|
||||||
|
&& ($channel['channel_pageflags'] & PAGE_ALLOWCODE)) ? true : false);
|
||||||
|
|
||||||
if($preview) {
|
if($preview) {
|
||||||
$body = z_input_filter($profile_uid,$body,$mimetype);
|
$body = z_input_filter($body,$mimetype,$execflag);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
// Verify ability to use html or php!!!
|
// Verify ability to use html or php!!!
|
||||||
|
|
||||||
$execflag = ((intval($channel['channel_id']) == intval($profile_uid) && ($channel['channel_pageflags'] & PAGE_ALLOWCODE)) ? true : false);
|
|
||||||
|
|
||||||
$gacl = $acl->get();
|
$gacl = $acl->get();
|
||||||
$str_contact_allow = $gacl['allow_cid'];
|
$str_contact_allow = $gacl['allow_cid'];
|
||||||
$str_group_allow = $gacl['allow_gid'];
|
$str_group_allow = $gacl['allow_gid'];
|
||||||
@@ -843,18 +844,6 @@ class Item extends \Zotlabs\Web\Controller {
|
|||||||
if(mb_strlen($datarray['title']) > 255)
|
if(mb_strlen($datarray['title']) > 255)
|
||||||
$datarray['title'] = mb_substr($datarray['title'],0,255);
|
$datarray['title'] = mb_substr($datarray['title'],0,255);
|
||||||
|
|
||||||
if(array_key_exists('item_private',$datarray) && $datarray['item_private']) {
|
|
||||||
|
|
||||||
$datarray['body'] = trim(z_input_filter($datarray['uid'],$datarray['body'],$datarray['mimetype']));
|
|
||||||
|
|
||||||
if($uid) {
|
|
||||||
if($channel['channel_hash'] === $datarray['author_xchan']) {
|
|
||||||
$datarray['sig'] = base64url_encode(rsa_sign($datarray['body'],$channel['channel_prvkey']));
|
|
||||||
$datarray['item_verified'] = 1;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if($webpage) {
|
if($webpage) {
|
||||||
Zlib\IConfig::Set($datarray,'system', webpage_to_namespace($webpage),
|
Zlib\IConfig::Set($datarray,'system', webpage_to_namespace($webpage),
|
||||||
(($pagetitle) ? $pagetitle : substr($datarray['mid'],0,16)),true);
|
(($pagetitle) ? $pagetitle : substr($datarray['mid'],0,16)),true);
|
||||||
|
@@ -243,6 +243,7 @@ class Wiki extends \Zotlabs\Web\Controller {
|
|||||||
$renderedContent = Zlib\NativeWikiPage::convert_links(zidify_links(smilies(bbcode($content))), argv(0) . '/' . argv(1) . '/' . $wikiUrlName);
|
$renderedContent = Zlib\NativeWikiPage::convert_links(zidify_links(smilies(bbcode($content))), argv(0) . '/' . argv(1) . '/' . $wikiUrlName);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
$content = Zlib\MarkdownSoap::unescape($content);
|
||||||
$html = Zlib\NativeWikiPage::generate_toc(zidify_text(purify_html(MarkdownExtra::defaultTransform(Zlib\NativeWikiPage::bbcode($content)))));
|
$html = Zlib\NativeWikiPage::generate_toc(zidify_text(purify_html(MarkdownExtra::defaultTransform(Zlib\NativeWikiPage::bbcode($content)))));
|
||||||
$renderedContent = Zlib\NativeWikiPage::convert_links($html, argv(0) . '/' . argv(1) . '/' . $wikiUrlName);
|
$renderedContent = Zlib\NativeWikiPage::convert_links($html, argv(0) . '/' . argv(1) . '/' . $wikiUrlName);
|
||||||
}
|
}
|
||||||
|
@@ -334,18 +334,6 @@ function post_activity_item($arr,$allow_code = false,$deliver = true) {
|
|||||||
if(! array_key_exists('mimetype',$arr))
|
if(! array_key_exists('mimetype',$arr))
|
||||||
$arr['mimetype'] = 'text/bbcode';
|
$arr['mimetype'] = 'text/bbcode';
|
||||||
|
|
||||||
if(array_key_exists('item_private',$arr) && $arr['item_private']) {
|
|
||||||
|
|
||||||
$arr['body'] = trim(z_input_filter($arr['uid'],$arr['body'],$arr['mimetype']));
|
|
||||||
|
|
||||||
if($channel) {
|
|
||||||
if($channel['channel_hash'] === $arr['author_xchan']) {
|
|
||||||
$arr['sig'] = base64url_encode(rsa_sign($arr['body'],$channel['channel_prvkey']));
|
|
||||||
$arr['item_verified'] = 1;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
$arr['mid'] = ((x($arr,'mid')) ? $arr['mid'] : item_message_id());
|
$arr['mid'] = ((x($arr,'mid')) ? $arr['mid'] : item_message_id());
|
||||||
$arr['parent_mid'] = ((x($arr,'parent_mid')) ? $arr['parent_mid'] : $arr['mid']);
|
$arr['parent_mid'] = ((x($arr,'parent_mid')) ? $arr['parent_mid'] : $arr['mid']);
|
||||||
$arr['thr_parent'] = ((x($arr,'thr_parent')) ? $arr['thr_parent'] : $arr['mid']);
|
$arr['thr_parent'] = ((x($arr,'thr_parent')) ? $arr['thr_parent'] : $arr['mid']);
|
||||||
@@ -1483,22 +1471,24 @@ function item_store($arr, $allow_exec = false, $deliver = true) {
|
|||||||
// obsolete, but needed so as not to throw not-null constraints on some database driveres
|
// obsolete, but needed so as not to throw not-null constraints on some database driveres
|
||||||
$arr['item_flags'] = ((x($arr,'item_flags')) ? intval($arr['item_flags']) : 0 );
|
$arr['item_flags'] = ((x($arr,'item_flags')) ? intval($arr['item_flags']) : 0 );
|
||||||
|
|
||||||
// only detect language if we have text content, and if the post is private but not yet
|
|
||||||
// obscured, make it so.
|
|
||||||
|
|
||||||
if((! array_key_exists('item_obscured',$arr)) || $arr['item_obscured'] == 0) {
|
|
||||||
|
|
||||||
$arr['lang'] = detect_language($arr['body']);
|
$arr['lang'] = detect_language($arr['body']);
|
||||||
// apply the input filter here - if it is obscured it has been filtered already
|
// apply the input filter here
|
||||||
$arr['body'] = trim(z_input_filter($arr['uid'],$arr['body'],$arr['mimetype']));
|
$arr['body'] = trim(z_input_filter($arr['body'],$arr['mimetype'],$allow_exec));
|
||||||
|
|
||||||
if(local_channel() && (local_channel() == $arr['uid']) && (! $arr['sig'])) {
|
if(local_channel() && (local_channel() == $arr['uid'])) {
|
||||||
|
if(! $arr['sig']) {
|
||||||
$channel = App::get_channel();
|
$channel = App::get_channel();
|
||||||
if($channel['channel_hash'] === $arr['author_xchan']) {
|
if($channel['channel_hash'] === $arr['author_xchan']) {
|
||||||
$arr['sig'] = base64url_encode(rsa_sign($arr['body'],$channel['channel_prvkey']));
|
$arr['sig'] = base64url_encode(rsa_sign($arr['body'],$channel['channel_prvkey']));
|
||||||
$arr['item_verified'] = 1;
|
$arr['item_verified'] = 1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if(! array_key_exists('sig',$arr))
|
||||||
|
$arr['sig'] = '';
|
||||||
|
|
||||||
$allowed_languages = get_pconfig($arr['uid'],'system','allowed_languages');
|
$allowed_languages = get_pconfig($arr['uid'],'system','allowed_languages');
|
||||||
|
|
||||||
@@ -1512,7 +1502,6 @@ function item_store($arr, $allow_exec = false, $deliver = true) {
|
|||||||
}
|
}
|
||||||
$arr = $translate['item'];
|
$arr = $translate['item'];
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
if((x($arr,'obj')) && is_array($arr['obj'])) {
|
if((x($arr,'obj')) && is_array($arr['obj'])) {
|
||||||
activity_sanitise($arr['obj']);
|
activity_sanitise($arr['obj']);
|
||||||
@@ -1907,12 +1896,11 @@ function item_store_update($arr,$allow_exec = false, $deliver = true) {
|
|||||||
return $ret;
|
return $ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
if((! array_key_exists('item_obscured', $arr)) || $arr['item_obscured'] == 0) {
|
|
||||||
|
|
||||||
$arr['lang'] = detect_language($arr['body']);
|
$arr['lang'] = detect_language($arr['body']);
|
||||||
|
|
||||||
// apply the input filter here - if it is obscured it has been filtered already
|
// apply the input filter here
|
||||||
$arr['body'] = trim(z_input_filter($arr['uid'],$arr['body'],$arr['mimetype']));
|
$arr['body'] = trim($arr['body'],$arr['mimetype'],$allow_exec);
|
||||||
|
|
||||||
if(local_channel() && (local_channel() == $arr['uid']) && (! $arr['sig'])) {
|
if(local_channel() && (local_channel() == $arr['uid']) && (! $arr['sig'])) {
|
||||||
$channel = App::get_channel();
|
$channel = App::get_channel();
|
||||||
@@ -1934,7 +1922,6 @@ function item_store_update($arr,$allow_exec = false, $deliver = true) {
|
|||||||
}
|
}
|
||||||
$arr = $translate['item'];
|
$arr = $translate['item'];
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
if((x($arr,'obj')) && is_array($arr['obj'])) {
|
if((x($arr,'obj')) && is_array($arr['obj'])) {
|
||||||
activity_sanitise($arr['obj']);
|
activity_sanitise($arr['obj']);
|
||||||
|
@@ -3,6 +3,7 @@
|
|||||||
* @file include/text.php
|
* @file include/text.php
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
use \Zotlabs\Lib as Zlib;
|
||||||
use \Michelf\MarkdownExtra;
|
use \Michelf\MarkdownExtra;
|
||||||
|
|
||||||
require_once("include/bbcode.php");
|
require_once("include/bbcode.php");
|
||||||
@@ -89,12 +90,10 @@ function escape_tags($string) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
function z_input_filter($channel_id,$s,$type = 'text/bbcode') {
|
function z_input_filter($s,$type = 'text/bbcode',$allow_code = false) {
|
||||||
|
|
||||||
if($type === 'text/bbcode')
|
if($type === 'text/bbcode')
|
||||||
return escape_tags($s);
|
return escape_tags($s);
|
||||||
if($type === 'text/markdown')
|
|
||||||
return escape_tags($s);
|
|
||||||
if($type == 'text/plain')
|
if($type == 'text/plain')
|
||||||
return escape_tags($s);
|
return escape_tags($s);
|
||||||
if($type == 'application/x-pdl')
|
if($type == 'application/x-pdl')
|
||||||
@@ -104,13 +103,17 @@ function z_input_filter($channel_id,$s,$type = 'text/bbcode') {
|
|||||||
return $s;
|
return $s;
|
||||||
}
|
}
|
||||||
|
|
||||||
$r = q("select channel_pageflags from channel where channel_id = %d limit 1",
|
if($allow_code) {
|
||||||
intval($channel_id)
|
if($type === 'text/markdown')
|
||||||
);
|
return htmlspecialchars($s,ENT_QUOTES);
|
||||||
if(($r) && (local_channel() == $channel_id) && ($r[0]['channel_pageflags'] & PAGE_ALLOWCODE)) {
|
|
||||||
return $s;
|
return $s;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if($type === 'text/markdown') {
|
||||||
|
$x = new Zlib\MarkdownSoap($s);
|
||||||
|
return $x->clean();
|
||||||
|
}
|
||||||
|
|
||||||
if($type === 'text/html')
|
if($type === 'text/html')
|
||||||
return purify_html($s);
|
return purify_html($s);
|
||||||
|
|
||||||
@@ -1636,6 +1639,7 @@ function prepare_text($text, $content_type = 'text/bbcode', $cache = false) {
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
case 'text/markdown':
|
case 'text/markdown':
|
||||||
|
$text = Zlib\MarkdownSoap::unescape($text);
|
||||||
$s = MarkdownExtra::defaultTransform($text);
|
$s = MarkdownExtra::defaultTransform($text);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
Reference in New Issue
Block a user