harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

various input filter fixes

Browse Source
This commit is contained in:
zotlabs 2017-03-18 16:41:43 -07:00
parent d903758940
commit 4afeefb5ce
13 changed files with 3925 additions and 4247 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
Zotlabs/Lib/MarkdownSoap.php
View File

@ -34,9 +34,13 @@ class MarkdownSoap {
function clean() { function clean() {
$x = $this->extract_code($this->str); $x = $this->extract_code($this->str);
$x = $this->purify($x); $x = $this->purify($x);
$x = $this->putback_code($x); $x = $this->putback_code($x);
$x = $this->escape($x); $x = $this->escape($x);
return $x; return $x;
@ -60,7 +64,7 @@ class MarkdownSoap {
} }
function encode_code($matches) { function encode_code($matches) {
return $this->token . ';' . base64_encode($matches[1]) . ';' ; return $this->token . ';' . base64_encode($matches[0]) . ';' ;
} }
function decode_code($matches) { function decode_code($matches) {
@ -73,7 +77,13 @@ class MarkdownSoap {
} }
function purify($s) { function purify($s) {
return purify_html($s); $s = str_replace("\n",'<br>',$s);
$s = str_replace("\t",'&nbsp;&nbsp;&nbsp;&nbsp;',$s);
$s = str_replace(' ','&nbsp;',$s);
$s = purify_html($s);
$s = str_replace('&nbsp;'," ",$s);
$s = str_replace(['<br>','<br />'],["\n","\n"],$s);
return $s;
} }
function escape($s) { function escape($s) {

31
Zotlabs/Lib/NativeWikiPage.php
View File

@ -323,13 +323,6 @@ class NativeWikiPage {
} }
$mimetype = $w['mimeType']; $mimetype = $w['mimeType'];
if($mimetype === 'text/markdown') {
$x = new Zlib\MarkdownSoap($content);
$content = $x->clean();
}
else {
$content = escape_tags($content);
}
// fetch the most recently saved revision. // fetch the most recently saved revision.
@ -348,6 +341,7 @@ class NativeWikiPage {
$item['author_xchan'] = $observer_hash; $item['author_xchan'] = $observer_hash;
$item['revision'] = (($arr['revision']) ? intval($arr['revision']) + 1 : intval($item['revision']) + 1); $item['revision'] = (($arr['revision']) ? intval($arr['revision']) + 1 : intval($item['revision']) + 1);
$item['edited'] = datetime_convert(); $item['edited'] = datetime_convert();
$item['mimetype'] = $mimetype;
if($item['iconfig'] && is_array($item['iconfig']) && count($item['iconfig'])) { if($item['iconfig'] && is_array($item['iconfig']) && count($item['iconfig'])) {
for($x = 0; $x < count($item['iconfig']); $x ++) { for($x = 0; $x < count($item['iconfig']); $x ++) {
@ -516,6 +510,29 @@ class NativeWikiPage {
return $s; return $s;
} }
static public function render_page_history($arr) {
$pageUrlName = ((array_key_exists('pageUrlName', $arr)) ? $arr['pageUrlName'] : '');
$resource_id = ((array_key_exists('resource_id', $arr)) ? $arr['resource_id'] : '');
$pageHistory = self::page_history([
'channel_id' => \App::$profile_uid,
'observer_hash' => get_observer_hash(),
'resource_id' => $resource_id,
'pageUrlName' => $pageUrlName
]);
return replace_macros(get_markup_template('nwiki_page_history.tpl'), array(
'$pageHistory' => $pageHistory['history'],
'$permsWrite' => $arr['permsWrite'],
'$name_lbl' => t('Name'),
'$msg_label' => t('Message','wiki_history')
));
}
/** /**
* Replace the instances of the string [toc] with a list element that will be populated by * Replace the instances of the string [toc] with a list element that will be populated by
* a table of contents by the JavaScript library * a table of contents by the JavaScript library

7
Zotlabs/Module/Editblock.php
View File

@ -98,6 +98,11 @@ class Editblock extends \Zotlabs\Web\Controller {
$mimetype = $itm[0]['mimetype']; $mimetype = $itm[0]['mimetype'];
$content = $itm[0]['body'];
if($itm[0]['mimetype'] === 'text/markdown')
$content = \Zotlabs\Lib\MarkdownSoap::unescape($itm[0]['body']);
$rp = 'blocks/' . $channel['channel_address']; $rp = 'blocks/' . $channel['channel_address'];
$x = array( $x = array(
@ -117,7 +122,7 @@ class Editblock extends \Zotlabs\Web\Controller {
'ptyp' => $itm[0]['type'], 'ptyp' => $itm[0]['type'],
'mimeselect' => true, 'mimeselect' => true,
'mimetype' => $itm[0]['mimetype'], 'mimetype' => $itm[0]['mimetype'],
'body' => undo_post_tagging($itm[0]['body']), 'body' => undo_post_tagging($content),
'post_id' => $post_id, 'post_id' => $post_id,
'visitor' => true, 'visitor' => true,
'title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'), 'title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'),

1
Zotlabs/Module/Editlayout.php
View File

@ -119,6 +119,7 @@ class Editlayout extends \Zotlabs\Web\Controller {
'hide_weblink' => true, 'hide_weblink' => true,
'hide_attach' => true, 'hide_attach' => true,
'hide_preview' => true, 'hide_preview' => true,
'disable_comments' => true,
'ptyp' => $itm[0]['obj_type'], 'ptyp' => $itm[0]['obj_type'],
'body' => undo_post_tagging($itm[0]['body']), 'body' => undo_post_tagging($itm[0]['body']),
'post_id' => $post_id, 'post_id' => $post_id,

6
Zotlabs/Module/Editwebpage.php
View File

@ -130,6 +130,10 @@ class Editwebpage extends \Zotlabs\Web\Controller {
$layout = $itm[0]['layout_mid']; $layout = $itm[0]['layout_mid'];
$content = $itm[0]['body'];
if($itm[0]['mimetype'] === 'text/markdown')
$content = \Zotlabs\Lib\MarkdownSoap::unescape($itm[0]['body']);
$rp = 'webpages/' . $which; $rp = 'webpages/' . $which;
$x = array( $x = array(
@ -145,7 +149,7 @@ class Editwebpage extends \Zotlabs\Web\Controller {
'hide_location' => true, 'hide_location' => true,
'hide_voting' => true, 'hide_voting' => true,
'ptyp' => $itm[0]['type'], 'ptyp' => $itm[0]['type'],
'body' => undo_post_tagging($itm[0]['body']), 'body' => undo_post_tagging($content),
'post_id' => $post_id, 'post_id' => $post_id,
'visitor' => ($is_owner) ? true : false, 'visitor' => ($is_owner) ? true : false,
'acl' => populate_acl($itm[0],false,\Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_pages')), 'acl' => populate_acl($itm[0],false,\Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_pages')),

8
Zotlabs/Module/Hcard.php
View File

@ -59,12 +59,10 @@ class Hcard extends \Zotlabs\Web\Controller {
} }
function get() { function get() {
require_once('include/widgets.php');
return widget_profile(array());
$x = new \Zotlabs\Widget\Profile();
return $x->widget(array());
} }

1
Zotlabs/Module/Layouts.php
View File

@ -125,6 +125,7 @@ class Layouts extends \Zotlabs\Web\Controller {
'hide_weblink' => true, 'hide_weblink' => true,
'hide_attach' => true, 'hide_attach' => true,
'hide_preview' => true, 'hide_preview' => true,
'disable_comments' => true,
'ptlabel' => t('Layout Name'), 'ptlabel' => t('Layout Name'),
'profile_uid' => intval($owner), 'profile_uid' => intval($owner),
'expanded' => true, 'expanded' => true,

4
Zotlabs/Module/Settings/Permcats.php
View File

@ -42,8 +42,6 @@ class Permcats {
function get() { function get() {
logger('cmd: ' . \App::$cmd);
if(! local_channel()) if(! local_channel())
return; return;
@ -85,7 +83,7 @@ logger('cmd: ' . \App::$cmd);
if($existing[$k]) if($existing[$k])
$thisperm = "1"; $thisperm = "1";
$perms[] = array('perms_' . $k, $v, ((array_key_exists($k,$their_perms)) ? intval($their_perms[$k]) : ''),$thisperm, 1, (($checkinherited & PERMS_SPECIFIC) ? '' : '1'), '', $checkinherited); $perms[] = array('perms_' . $k, $v, '',$thisperm, 1, (($checkinherited & PERMS_SPECIFIC) ? '' : '1'), '', $checkinherited);
} }

23
Zotlabs/Module/Wiki.php
View File

@ -237,6 +237,8 @@ class Wiki extends \Zotlabs\Web\Controller {
$rawContent = htmlspecialchars_decode(json_decode($p['content']),ENT_COMPAT); $rawContent = htmlspecialchars_decode(json_decode($p['content']),ENT_COMPAT);
$rawContent = $p['content'];
$content = ($p['content'] !== '' ? $rawContent : '"# New page\n"'); $content = ($p['content'] !== '' ? $rawContent : '"# New page\n"');
// Render the Markdown-formatted page content in HTML // Render the Markdown-formatted page content in HTML
if($mimeType == 'text/bbcode') { if($mimeType == 'text/bbcode') {
@ -244,7 +246,7 @@ class Wiki extends \Zotlabs\Web\Controller {
} }
else { else {
$content = Zlib\MarkdownSoap::unescape($content); $content = Zlib\MarkdownSoap::unescape($content);
$html = Zlib\NativeWikiPage::generate_toc(zidify_text(purify_html(MarkdownExtra::defaultTransform(Zlib\NativeWikiPage::bbcode($content))))); $html = Zlib\NativeWikiPage::generate_toc(zidify_text(MarkdownExtra::defaultTransform(Zlib\NativeWikiPage::bbcode($content))));
$renderedContent = Zlib\NativeWikiPage::convert_links($html, argv(0) . '/' . argv(1) . '/' . $wikiUrlName); $renderedContent = Zlib\NativeWikiPage::convert_links($html, argv(0) . '/' . argv(1) . '/' . $wikiUrlName);
} }
$showPageControls = $wiki_editor; $showPageControls = $wiki_editor;
@ -328,9 +330,12 @@ class Wiki extends \Zotlabs\Web\Controller {
$html = Zlib\NativeWikiPage::convert_links(zidify_links(smilies(bbcode($content))),$wikiURL); $html = Zlib\NativeWikiPage::convert_links(zidify_links(smilies(bbcode($content))),$wikiURL);
} }
else { else {
require_once('library/markdown.php'); $bb = Zlib\NativeWikiPage::bbcode($content);
$content = Zlib\NativeWikiPage::bbcode($content); $x = new ZLib\MarkdownSoap($bb);
$html = Zlib\NativeWikiPage::generate_toc(zidify_text(purify_html(Markdown($content)))); $md = $x->clean();
$md = ZLib\MarkdownSoap::unescape($md);
$html = MarkdownExtra::defaultTransform($md);
$html = Zlib\NativeWikiPage::generate_toc(zidify_text($html));
$html = Zlib\NativeWikiPage::convert_links($html,$wikiURL); $html = Zlib\NativeWikiPage::convert_links($html,$wikiURL);
} }
json_return_and_die(array('html' => $html, 'success' => true)); json_return_and_die(array('html' => $html, 'success' => true));
@ -455,7 +460,11 @@ class Wiki extends \Zotlabs\Web\Controller {
json_return_and_die(array('pages' => null, 'message' => 'Permission denied.', 'success' => false)); json_return_and_die(array('pages' => null, 'message' => 'Permission denied.', 'success' => false));
} }
$page_list_html = widget_wiki_pages(array( // @FIXME - we shouldn't invoke this if it isn't in the PDL or has been over-ridden
$x = new \Zotlabs\Widget\Wiki_pages();
$page_list_html = $x->widget(array(
'resource_id' => $resource_id, 'resource_id' => $resource_id,
'refresh' => true, 'refresh' => true,
'channel' => argv(1))); 'channel' => argv(1)));
@ -513,7 +522,6 @@ class Wiki extends \Zotlabs\Web\Controller {
$resource_id = $_POST['resource_id']; $resource_id = $_POST['resource_id'];
$pageUrlName = $_POST['name']; $pageUrlName = $_POST['name'];
// Determine if observer has permission to read content // Determine if observer has permission to read content
$perms = Zlib\NativeWiki::get_permissions($resource_id, intval($owner['channel_id']), $observer_hash); $perms = Zlib\NativeWiki::get_permissions($resource_id, intval($owner['channel_id']), $observer_hash);
@ -522,11 +530,12 @@ class Wiki extends \Zotlabs\Web\Controller {
json_return_and_die(array('historyHTML' => '', 'message' => 'Permission denied.', 'success' => false)); json_return_and_die(array('historyHTML' => '', 'message' => 'Permission denied.', 'success' => false));
} }
$historyHTML = widget_wiki_page_history(array( $historyHTML = \Zotlabs\Lib\NativeWikiPage::render_page_history(array(
'resource_id' => $resource_id, 'resource_id' => $resource_id,
'pageUrlName' => $pageUrlName, 'pageUrlName' => $pageUrlName,
'permsWrite' => $perms['write'] 'permsWrite' => $perms['write']
)); ));
json_return_and_die(array('historyHTML' => $historyHTML, 'message' => '', 'success' => true)); json_return_and_die(array('historyHTML' => $historyHTML, 'message' => '', 'success' => true));
} }

7
Zotlabs/Widget/Wiki_pages.php
View File

@ -10,6 +10,12 @@ class Wiki_pages {
$channelname = ((array_key_exists('channel',$arr)) ? $arr['channel'] : ''); $channelname = ((array_key_exists('channel',$arr)) ? $arr['channel'] : '');
$c = channelx_by_nick($channelname); $c = channelx_by_nick($channelname);
if(! $c)
$c = \App::get_channel();
if(! $c)
return '';
$wikiname = ''; $wikiname = '';
if(array_key_exists('refresh', $arr)) { if(array_key_exists('refresh', $arr)) {
$not_refresh = (($arr['refresh']=== true) ? false : true); $not_refresh = (($arr['refresh']=== true) ? false : true);
@ -36,6 +42,7 @@ class Wiki_pages {
} }
} }
$can_create = perm_is_allowed(\App::$profile['uid'],get_observer_hash(),'write_wiki'); $can_create = perm_is_allowed(\App::$profile['uid'],get_observer_hash(),'write_wiki');
$can_delete = ((local_channel() && (local_channel() == \App::$profile['uid'])) ? true : false); $can_delete = ((local_channel() && (local_channel() == \App::$profile['uid'])) ? true : false);

6
include/event.php
View File

@ -614,7 +614,7 @@ function parse_vobject($ical, $type) {
$ev['etype'] = $type; $ev['etype'] = $type;
$dtstart = $ical->DTSTART->getDateTime(); $dtstart = $ical->DTSTART->getDateTime();
$ev['adjust'] = (($ical->DTSTART->isFloating()) ? 1 : 0); $ev['adjust'] = (($ical->DTSTART->isFloating()) ? 0 : 1);
$ev['dtstart'] = datetime_convert((($ev['adjust']) ? 'UTC' : date_default_timezone_get()),'UTC', $ev['dtstart'] = datetime_convert((($ev['adjust']) ? 'UTC' : date_default_timezone_get()),'UTC',
$dtstart->format(\DateTime::W3C)); $dtstart->format(\DateTime::W3C));
@ -755,7 +755,7 @@ function event_import_ical($ical, $uid) {
} }
$dtstart = $ical->DTSTART->getDateTime(); $dtstart = $ical->DTSTART->getDateTime();
$ev['adjust'] = (($ical->DTSTART->isFloating()) ? 1 : 0); $ev['adjust'] = (($ical->DTSTART->isFloating()) ? 0 : 1);
// logger('dtstart: ' . var_export($dtstart,true)); // logger('dtstart: ' . var_export($dtstart,true));
@ -858,7 +858,7 @@ function event_import_ical_task($ical, $uid) {
$dtstart = $ical->DTSTART->getDateTime(); $dtstart = $ical->DTSTART->getDateTime();
$ev['adjust'] = (($ical->DTSTART->isFloating()) ? 1 : 0); $ev['adjust'] = (($ical->DTSTART->isFloating()) ? 0 : 1);
// logger('dtstart: ' . var_export($dtstart,true)); // logger('dtstart: ' . var_export($dtstart,true));

8059
util/hmessages.po
View File

File diff suppressed because it is too large Load Diff

3
view/tpl/wiki.tpl
View File

@ -107,7 +107,8 @@
<script> <script>
window.wiki_resource_id = '{{$resource_id}}'; window.wiki_resource_id = '{{$resource_id}}';
window.wiki_page_name = '{{$page}}'; window.wiki_page_name = '{{$page}}';
window.wiki_page_content = `{{$content}}`; // window.wiki_page_content = "{{$content|escape:'javascript'}}";
window.wiki_page_content = {{$content}};
window.wiki_page_commit = '{{$commit}}'; window.wiki_page_commit = '{{$commit}}';
$("#generic-modal-ok-{{$wikiModalID}}").removeClass('btn-primary'); $("#generic-modal-ok-{{$wikiModalID}}").removeClass('btn-primary');