add basic input filtering to the simple activity posting
This commit is contained in:
parent
75e4d446ef
commit
aa1eb2d89e
15
boot.php
15
boot.php
@ -590,6 +590,13 @@ class App {
|
|||||||
|
|
||||||
startup();
|
startup();
|
||||||
|
|
||||||
|
set_include_path(
|
||||||
|
'include' . PATH_SEPARATOR
|
||||||
|
. 'library' . PATH_SEPARATOR
|
||||||
|
. 'library/phpsec' . PATH_SEPARATOR
|
||||||
|
. 'library/langdet' . PATH_SEPARATOR
|
||||||
|
. '.' );
|
||||||
|
|
||||||
|
|
||||||
$this->scheme = 'http';
|
$this->scheme = 'http';
|
||||||
if(x($_SERVER,'HTTPS') && $_SERVER['HTTPS'])
|
if(x($_SERVER,'HTTPS') && $_SERVER['HTTPS'])
|
||||||
@ -612,13 +619,7 @@ class App {
|
|||||||
$this->path = $path;
|
$this->path = $path;
|
||||||
}
|
}
|
||||||
|
|
||||||
set_include_path(
|
set_include_path("include/$this->hostname" . PATH_SEPARATOR . get_include_path());
|
||||||
"include/$this->hostname" . PATH_SEPARATOR
|
|
||||||
. 'include' . PATH_SEPARATOR
|
|
||||||
. 'library' . PATH_SEPARATOR
|
|
||||||
. 'library/phpsec' . PATH_SEPARATOR
|
|
||||||
. 'library/langdet' . PATH_SEPARATOR
|
|
||||||
. '.' );
|
|
||||||
|
|
||||||
if((x($_SERVER,'QUERY_STRING')) && substr($_SERVER['QUERY_STRING'],0,2) === "q=") {
|
if((x($_SERVER,'QUERY_STRING')) && substr($_SERVER['QUERY_STRING'],0,2) === "q=") {
|
||||||
$this->query_string = substr($_SERVER['QUERY_STRING'],2);
|
$this->query_string = substr($_SERVER['QUERY_STRING'],2);
|
||||||
|
@ -113,6 +113,12 @@ function post_activity_item($arr) {
|
|||||||
return $ret;
|
return $ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if(array_key_exists('content_type',$arr) && $arr['content_type'] == 'text/html')
|
||||||
|
$arr['body'] = purify_html($arr['body']);
|
||||||
|
else
|
||||||
|
$arr['body'] = escape_tags($arr['body']);
|
||||||
|
|
||||||
|
|
||||||
$arr['mid'] = ((x($arr,'mid')) ? $arr['mid'] : item_message_id());
|
$arr['mid'] = ((x($arr,'mid')) ? $arr['mid'] : item_message_id());
|
||||||
$arr['parent_mid'] = ((x($arr,'parent_mid')) ? $arr['parent_mid'] : $arr['mid']);
|
$arr['parent_mid'] = ((x($arr,'parent_mid')) ? $arr['parent_mid'] : $arr['mid']);
|
||||||
$arr['thr_parent'] = ((x($arr,'thr_parent')) ? $arr['thr_parent'] : $arr['mid']);
|
$arr['thr_parent'] = ((x($arr,'thr_parent')) ? $arr['thr_parent'] : $arr['mid']);
|
||||||
@ -160,6 +166,20 @@ function post_activity_item($arr) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
function purify_html($s) {
|
||||||
|
require_once('library/HTMLPurifier.auto.php');
|
||||||
|
require_once('include/html2bbcode.php');
|
||||||
|
|
||||||
|
// FIXME this function has html output, not bbcode - so safely purify these
|
||||||
|
// $s = html2bb_video($s);
|
||||||
|
// $s = oembed_html2bbcode($s);
|
||||||
|
|
||||||
|
$config = HTMLPurifier_Config::createDefault();
|
||||||
|
$config->set('Cache.DefinitionImpl', null);
|
||||||
|
|
||||||
|
$purifier = new HTMLPurifier($config);
|
||||||
|
return $purifier->purify($s);
|
||||||
|
}
|
||||||
|
|
||||||
function get_public_feed($channel,$params) {
|
function get_public_feed($channel,$params) {
|
||||||
|
|
||||||
|
@ -1 +1 @@
|
|||||||
2013-05-21.320
|
2013-05-22.321
|
||||||
|
Reference in New Issue
Block a user