various input filter fixes
This commit is contained in:
zotlabs
Mario Vavti
@@ -98,6 +98,11 @@ class Editblock extends \Zotlabs\Web\Controller {
|
||||
|
||||
$mimetype = $itm[0]['mimetype'];
|
||||
|
||||
$content = $itm[0]['body'];
|
||||
if($itm[0]['mimetype'] === 'text/markdown')
|
||||
$content = \Zotlabs\Lib\MarkdownSoap::unescape($itm[0]['body']);
|
||||
|
||||
|
||||
$rp = 'blocks/' . $channel['channel_address'];
|
||||
|
||||
$x = array(
|
||||
@@ -117,7 +122,7 @@ class Editblock extends \Zotlabs\Web\Controller {
|
||||
'ptyp' => $itm[0]['type'],
|
||||
'mimeselect' => true,
|
||||
'mimetype' => $itm[0]['mimetype'],
|
||||
'body' => undo_post_tagging($itm[0]['body']),
|
||||
'body' => undo_post_tagging($content),
|
||||
'post_id' => $post_id,
|
||||
'visitor' => true,
|
||||
'title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'),
|
||||
|
||||
@@ -119,6 +119,7 @@ class Editlayout extends \Zotlabs\Web\Controller {
|
||||
'hide_weblink' => true,
|
||||
'hide_attach' => true,
|
||||
'hide_preview' => true,
|
||||
'disable_comments' => true,
|
||||
'ptyp' => $itm[0]['obj_type'],
|
||||
'body' => undo_post_tagging($itm[0]['body']),
|
||||
'post_id' => $post_id,
|
||||
|
||||
@@ -129,6 +129,10 @@ class Editwebpage extends \Zotlabs\Web\Controller {
|
||||
}
|
||||
|
||||
$layout = $itm[0]['layout_mid'];
|
||||
|
||||
$content = $itm[0]['body'];
|
||||
if($itm[0]['mimetype'] === 'text/markdown')
|
||||
$content = \Zotlabs\Lib\MarkdownSoap::unescape($itm[0]['body']);
|
||||
|
||||
$rp = 'webpages/' . $which;
|
||||
|
||||
@@ -145,7 +149,7 @@ class Editwebpage extends \Zotlabs\Web\Controller {
|
||||
'hide_location' => true,
|
||||
'hide_voting' => true,
|
||||
'ptyp' => $itm[0]['type'],
|
||||
'body' => undo_post_tagging($itm[0]['body']),
|
||||
'body' => undo_post_tagging($content),
|
||||
'post_id' => $post_id,
|
||||
'visitor' => ($is_owner) ? true : false,
|
||||
'acl' => populate_acl($itm[0],false,\Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_pages')),
|
||||
|
||||
@@ -59,12 +59,10 @@ class Hcard extends \Zotlabs\Web\Controller {
|
||||
}
|
||||
|
||||
|
||||
function get() {
|
||||
|
||||
require_once('include/widgets.php');
|
||||
return widget_profile(array());
|
||||
|
||||
|
||||
function get() {
|
||||
|
||||
$x = new \Zotlabs\Widget\Profile();
|
||||
return $x->widget(array());
|
||||
|
||||
}
|
||||
|
||||
|
||||
@@ -125,6 +125,7 @@ class Layouts extends \Zotlabs\Web\Controller {
|
||||
'hide_weblink' => true,
|
||||
'hide_attach' => true,
|
||||
'hide_preview' => true,
|
||||
'disable_comments' => true,
|
||||
'ptlabel' => t('Layout Name'),
|
||||
'profile_uid' => intval($owner),
|
||||
'expanded' => true,
|
||||
|
||||
@@ -238,6 +238,8 @@ class Wiki extends \Zotlabs\Web\Controller {
|
||||
|
||||
$rawContent = htmlspecialchars_decode(json_decode($p['content']),ENT_COMPAT);
|
||||
|
||||
$rawContent = $p['content'];
|
||||
|
||||
$content = ($p['content'] !== '' ? $rawContent : '"# New page\n"');
|
||||
// Render the Markdown-formatted page content in HTML
|
||||
if($mimeType == 'text/bbcode') {
|
||||
@@ -245,7 +247,7 @@ class Wiki extends \Zotlabs\Web\Controller {
|
||||
}
|
||||
else {
|
||||
$content = Zlib\MarkdownSoap::unescape($content);
|
||||
$html = Zlib\NativeWikiPage::generate_toc(zidify_text(purify_html(MarkdownExtra::defaultTransform(Zlib\NativeWikiPage::bbcode($content)))));
|
||||
$html = Zlib\NativeWikiPage::generate_toc(zidify_text(MarkdownExtra::defaultTransform(Zlib\NativeWikiPage::bbcode($content))));
|
||||
$renderedContent = Zlib\NativeWikiPage::convert_links($html, argv(0) . '/' . argv(1) . '/' . $wikiUrlName);
|
||||
}
|
||||
$showPageControls = $wiki_editor;
|
||||
@@ -329,8 +331,12 @@ class Wiki extends \Zotlabs\Web\Controller {
|
||||
$html = Zlib\NativeWikiPage::convert_links(zidify_links(smilies(bbcode($content))),$wikiURL);
|
||||
}
|
||||
else {
|
||||
$content = Zlib\NativeWikiPage::bbcode($content);
|
||||
$html = Zlib\NativeWikiPage::generate_toc(zidify_text(purify_html(MarkdownExtra::defaultTransform($content))));
|
||||
$bb = Zlib\NativeWikiPage::bbcode($content);
|
||||
$x = new ZLib\MarkdownSoap($bb);
|
||||
$md = $x->clean();
|
||||
$md = ZLib\MarkdownSoap::unescape($md);
|
||||
$html = MarkdownExtra::defaultTransform($md);
|
||||
$html = Zlib\NativeWikiPage::generate_toc(zidify_text($html));
|
||||
$html = Zlib\NativeWikiPage::convert_links($html,$wikiURL);
|
||||
}
|
||||
json_return_and_die(array('html' => $html, 'success' => true));
|
||||
@@ -455,7 +461,11 @@ class Wiki extends \Zotlabs\Web\Controller {
|
||||
json_return_and_die(array('pages' => null, 'message' => 'Permission denied.', 'success' => false));
|
||||
}
|
||||
|
||||
$page_list_html = widget_wiki_pages(array(
|
||||
// @FIXME - we shouldn't invoke this if it isn't in the PDL or has been over-ridden
|
||||
|
||||
$x = new \Zotlabs\Widget\Wiki_pages();
|
||||
|
||||
$page_list_html = $x->widget(array(
|
||||
'resource_id' => $resource_id,
|
||||
'refresh' => true,
|
||||
'channel' => argv(1)));
|
||||
@@ -513,7 +523,6 @@ class Wiki extends \Zotlabs\Web\Controller {
|
||||
$resource_id = $_POST['resource_id'];
|
||||
$pageUrlName = $_POST['name'];
|
||||
|
||||
|
||||
// Determine if observer has permission to read content
|
||||
|
||||
$perms = Zlib\NativeWiki::get_permissions($resource_id, intval($owner['channel_id']), $observer_hash);
|
||||
@@ -522,11 +531,12 @@ class Wiki extends \Zotlabs\Web\Controller {
|
||||
json_return_and_die(array('historyHTML' => '', 'message' => 'Permission denied.', 'success' => false));
|
||||
}
|
||||
|
||||
$historyHTML = widget_wiki_page_history(array(
|
||||
$historyHTML = \Zotlabs\Lib\NativeWikiPage::render_page_history(array(
|
||||
'resource_id' => $resource_id,
|
||||
'pageUrlName' => $pageUrlName,
|
||||
'permsWrite' => $perms['write']
|
||||
));
|
||||
|
||||
json_return_and_die(array('historyHTML' => $historyHTML, 'message' => '', 'success' => true));
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user