harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add gen_link_id() function to selectively encode/decode the message-id component of /display/ links for message-ids that contain troublesome characters

Browse Source
This commit is contained in:
Hubzilla 2017-01-19 15:37:30 -08:00
parent 5ce96b9b95
commit 96f196febd
10 changed files with 31 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Zotlabs/Lib/ThreadItem.php
View File

@ -409,7 +409,7 @@ class ThreadItem {
'comment' => $this->get_comment_box($indent), 'comment' => $this->get_comment_box($indent),
'previewing' => ($conv->is_preview() ? ' preview ' : ''), 'previewing' => ($conv->is_preview() ? ' preview ' : ''),
'wait' => t('Please wait'), 'wait' => t('Please wait'),
'submid' => substr($item['mid'],0,32), 'submid' => base64_encode(substr($item['mid'],0,32)),
'thread_level' => $thread_level 'thread_level' => $thread_level
); );

10
Zotlabs/Module/Display.php
View File

@ -30,11 +30,9 @@ class Display extends \Zotlabs\Web\Controller {
if(argc() > 1 && argv(1) !== 'load') if(argc() > 1 && argv(1) !== 'load')
$item_hash = argv(1); $item_hash = argv(1);
if($_REQUEST['mid']) if($_REQUEST['mid'])
$item_hash = $_REQUEST['mid']; $item_hash = $_REQUEST['mid'];
if(! $item_hash) { if(! $item_hash) {
\App::$error = 404; \App::$error = 404;
notice( t('Item not found.') . EOL); notice( t('Item not found.') . EOL);
@ -94,8 +92,14 @@ class Display extends \Zotlabs\Web\Controller {
$target_item = null; $target_item = null;
if(strpos($item_hash,'b64.') === 0)
$decoded = @base64url_decode(substr($item_hash,4));
if($decoded)
$item_hash = $decoded;
$r = q("select id, uid, mid, parent_mid, item_type, item_deleted from item where mid like '%s' limit 1", $r = q("select id, uid, mid, parent_mid, item_type, item_deleted from item where mid like '%s' limit 1",
dbesc($item_hash . '%') dbesc($item_hash . '%'),
dbesc($decoded . '%')
); );
if($r) { if($r) {

8
Zotlabs/Module/Item.php
View File

@ -724,6 +724,8 @@ class Item extends \Zotlabs\Web\Controller {
if(! $mid) { if(! $mid) {
$mid = (($message_id) ? $message_id : item_message_id()); $mid = (($message_id) ? $message_id : item_message_id());
} }
if(! $parent_mid) { if(! $parent_mid) {
$parent_mid = $mid; $parent_mid = $mid;
} }
@ -935,7 +937,7 @@ class Item extends \Zotlabs\Web\Controller {
'from_xchan' => $datarray['author_xchan'], 'from_xchan' => $datarray['author_xchan'],
'to_xchan' => $datarray['owner_xchan'], 'to_xchan' => $datarray['owner_xchan'],
'item' => $datarray, 'item' => $datarray,
'link' => z_root() . '/display/' . urlencode($datarray['mid']), 'link' => z_root() . '/display/' . gen_link_id($datarray['mid']),
'verb' => ACTIVITY_POST, 'verb' => ACTIVITY_POST,
'otype' => 'item', 'otype' => 'item',
'parent' => $parent, 'parent' => $parent,
@ -953,7 +955,7 @@ class Item extends \Zotlabs\Web\Controller {
'from_xchan' => $datarray['author_xchan'], 'from_xchan' => $datarray['author_xchan'],
'to_xchan' => $datarray['owner_xchan'], 'to_xchan' => $datarray['owner_xchan'],
'item' => $datarray, 'item' => $datarray,
'link' => z_root() . '/display/' . urlencode($datarray['mid']), 'link' => z_root() . '/display/' . gen_link_id($datarray['mid']),
'verb' => ACTIVITY_POST, 'verb' => ACTIVITY_POST,
'otype' => 'item' 'otype' => 'item'
)); ));
@ -1005,7 +1007,7 @@ class Item extends \Zotlabs\Web\Controller {
} }
$datarray['id'] = $post_id; $datarray['id'] = $post_id;
$datarray['llink'] = z_root() . '/display/' . urlencode($datarray['mid']); $datarray['llink'] = z_root() . '/display/' . gen_link_id($datarray['mid']);
call_hooks('post_local_end', $datarray); call_hooks('post_local_end', $datarray);

2
Zotlabs/Module/Like.php
View File

@ -447,7 +447,7 @@ class Like extends \Zotlabs\Web\Controller {
$arr['thr_parent'] = $item['mid']; $arr['thr_parent'] = $item['mid'];
$ulink = '[zrl=' . $item_author['xchan_url'] . ']' . $item_author['xchan_name'] . '[/zrl]'; $ulink = '[zrl=' . $item_author['xchan_url'] . ']' . $item_author['xchan_name'] . '[/zrl]';
$alink = '[zrl=' . $observer['xchan_url'] . ']' . $observer['xchan_name'] . '[/zrl]'; $alink = '[zrl=' . $observer['xchan_url'] . ']' . $observer['xchan_name'] . '[/zrl]';
$plink = '[zrl=' . z_root() . '/display/' . urlencode($item['mid']) . ']' . $post_type . '[/zrl]'; $plink = '[zrl=' . z_root() . '/display/' . gen_link_id($item['mid']) . ']' . $post_type . '[/zrl]';
$allow_cid = $item['allow_cid']; $allow_cid = $item['allow_cid'];
$allow_gid = $item['allow_gid']; $allow_gid = $item['allow_gid'];
$deny_cid = $item['deny_cid']; $deny_cid = $item['deny_cid'];

2
Zotlabs/Module/Subthread.php
View File

@ -138,7 +138,7 @@ class Subthread extends \Zotlabs\Web\Controller {
$ulink = '[zrl=' . $item_author['xchan_url'] . ']' . $item_author['xchan_name'] . '[/zrl]'; $ulink = '[zrl=' . $item_author['xchan_url'] . ']' . $item_author['xchan_name'] . '[/zrl]';
$alink = '[zrl=' . $observer['xchan_url'] . ']' . $observer['xchan_name'] . '[/zrl]'; $alink = '[zrl=' . $observer['xchan_url'] . ']' . $observer['xchan_name'] . '[/zrl]';
$plink = '[zrl=' . z_root() . '/display/' . urlencode($item['mid']) . ']' . $post_type . '[/zrl]'; $plink = '[zrl=' . z_root() . '/display/' . gen_link_id($item['mid']) . ']' . $post_type . '[/zrl]';
$arr['body'] = sprintf( $bodyverb, $alink, $ulink, $plink ); $arr['body'] = sprintf( $bodyverb, $alink, $ulink, $plink );

2
Zotlabs/Module/Tagger.php
View File

@ -60,7 +60,7 @@ class Tagger extends \Zotlabs\Web\Controller {
$links = array(array('rel' => 'alternate','type' => 'text/html', $links = array(array('rel' => 'alternate','type' => 'text/html',
'href' => z_root() . '/display/' . urlencode($item['mid']))); 'href' => z_root() . '/display/' . gen_link_id($item['mid'])));
$target = json_encode(array( $target = json_encode(array(
'type' => $targettype, 'type' => $targettype,

2
include/conversation.php
View File

@ -733,7 +733,7 @@ function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional', $
'like' => '', 'like' => '',
'dislike' => '', 'dislike' => '',
'comment' => '', 'comment' => '',
'conv' => (($preview) ? '' : array('href'=> z_root() . '/display/' . urlencode($item['mid']), 'title'=> t('View in context'))), 'conv' => (($preview) ? '' : array('href'=> z_root() . '/display/' . gen_link_id($item['mid']), 'title'=> t('View in context'))),
'previewing' => $previewing, 'previewing' => $previewing,
'wait' => t('Please wait'), 'wait' => t('Please wait'),
'thread_level' => 1, 'thread_level' => 1,

2
include/event.php
View File

@ -1018,7 +1018,7 @@ function event_store_item($arr, $event) {
if($wall) if($wall)
$item_arr['plink'] = z_root() . '/channel/' . $z[0]['channel_address'] . '/?f=&mid=' . urlencode($item_arr['mid']); $item_arr['plink'] = z_root() . '/channel/' . $z[0]['channel_address'] . '/?f=&mid=' . urlencode($item_arr['mid']);
else else
$item_arr['plink'] = z_root() . '/display/' . urlencode($item_arr['mid']); $item_arr['plink'] = z_root() . '/display/' . gen_link_id($item_arr['mid']);
$x = q("select * from xchan where xchan_hash = '%s' limit 1", $x = q("select * from xchan where xchan_hash = '%s' limit 1",
dbesc($arr['event_xchan']) dbesc($arr['event_xchan'])

4
include/items.php
View File

@ -1624,7 +1624,7 @@ logger('revision: ' . $arr['revision']);
if($d2 > $d1) if($d2 > $d1)
$arr['item_delayed'] = 1; $arr['item_delayed'] = 1;
$arr['llink'] = z_root() . '/display/' . urlencode($arr['mid']); $arr['llink'] = z_root() . '/display/' . gen_link_id($arr['mid']);
if(! $arr['plink']) if(! $arr['plink'])
$arr['plink'] = $arr['llink']; $arr['plink'] = $arr['llink'];
@ -2279,7 +2279,7 @@ function send_status_notifications($post_id,$item) {
if($unfollowed) if($unfollowed)
return; return;
$link = z_root() . '/display/' . urlencode($item['mid']); $link = z_root() . '/display/' . gen_link_id($item['mid']);
$y = q("select id from notify where link = '%s' and uid = %d limit 1", $y = q("select id from notify where link = '%s' and uid = %d limit 1",
dbesc($link), dbesc($link),

7
include/text.php
View File

@ -3124,6 +3124,12 @@ function cleanup_bbcode($body) {
} }
function gen_link_id($mid) {
if(strpbrk($mid,':/&?<>"\'') !== false)
return 'b64.' . base64url_encode($mid);
return $mid;
}
// callback for array_walk // callback for array_walk
function array_trim(&$v,$k) { function array_trim(&$v,$k) {
@ -3133,3 +3139,4 @@ function array_trim(&$v,$k) {
function array_escape_tags(&$v,$k) { function array_escape_tags(&$v,$k) {
$v = escape_tags($v); $v = escape_tags($v);
} }