prevent json-ld bombing, turn off browser autocomplete on channel sources creation

This commit is contained in:
zotlabs
2018-08-11 16:16:54 -07:00
parent 1d13cc1601
commit 5afe779ffc
3 changed files with 18 additions and 2 deletions

View File

@@ -111,7 +111,7 @@ class Sources extends \Zotlabs\Web\Controller {
'$title' => t('New Source'), '$title' => t('New Source'),
'$desc' => t('Import all or selected content from the following channel into this channel and distribute it according to your channel settings.'), '$desc' => t('Import all or selected content from the following channel into this channel and distribute it according to your channel settings.'),
'$words' => array( 'words', t('Only import content with these words (one per line)'),'',t('Leave blank to import all public content')), '$words' => array( 'words', t('Only import content with these words (one per line)'),'',t('Leave blank to import all public content')),
'$name' => array( 'name', t('Channel Name'), '', ''), '$name' => array( 'name', t('Channel Name'), '', '', '', 'autocomplete="off"'),
'$tags' => array('tags', t('Add the following categories to posts imported from this source (comma separated)'),'',t('Optional')), '$tags' => array('tags', t('Add the following categories to posts imported from this source (comma separated)'),'',t('Optional')),
'$resend' => [ 'resend', t('Resend posts with this channel as author'), 0, t('Copyrights may apply'), [ t('No'), t('Yes') ]], '$resend' => [ 'resend', t('Resend posts with this channel as author'), 0, t('Copyrights may apply'), [ t('No'), t('Yes') ]],
'$submit' => t('Submit') '$submit' => t('Submit')

View File

@@ -2042,6 +2042,22 @@ function jsonld_document_loader($url) {
require_once('library/jsonld/jsonld.php'); require_once('library/jsonld/jsonld.php');
$recursion = 0;
$x = debug_backtrace();
if($x) {
foreach($x as $n) {
if($n['function'] === __FUNCTION__) {
$recursion ++;
}
}
}
if($recursion > 5) {
logger('jsonld bomb detected at: ' . $url);
killme();
}
$cachepath = 'store/[data]/ldcache'; $cachepath = 'store/[data]/ldcache';
if(! is_dir($cachepath)) if(! is_dir($cachepath))
os_mkdir($cachepath, STORAGE_DEFAULT_PERMISSIONS, true); os_mkdir($cachepath, STORAGE_DEFAULT_PERMISSIONS, true);

View File

@@ -3,7 +3,7 @@
<div class="descriptive-text">{{$desc}}</div> <div class="descriptive-text">{{$desc}}</div>
<form action="sources" method="post"> <form action="sources" method="post" autocomplete="off" >
<input type="hidden" id="id_abook" name="abook" value="{{$abook}}" /> <input type="hidden" id="id_abook" name="abook" value="{{$abook}}" />
{{include file="field_input.tpl" field=$name}} {{include file="field_input.tpl" field=$name}}
{{include file="field_input.tpl" field=$tags}} {{include file="field_input.tpl" field=$tags}}