little fixes of hopefully nil significance

include/api.php

@@ -533,12 +533,6 @@ require_once('include/items.php');
 	api_register_func('api/red/channel/export/basic','api_export_basic', true);
 
 
-
-
-
-
-
-
 	function api_channel_stream(&$a, $type) {
 		if(api_user() === false) {
 			logger('api_channel_stream: no user');
@@ -700,12 +694,12 @@ require_once('include/items.php');
 	function red_item_new(&$a, $type) {
 
 		if (api_user() === false) {
-			logger('api_statuses_update: no user');
+			logger('api_red_item_new: no user');
 			return false;
 		}
 
-		logger('api_statuses_update: REQUEST ' . print_r($_REQUEST,true));
-		logger('api_statuses_update: FILES ' . print_r($_FILES,true));
+		logger('api_red_item_new: REQUEST ' . print_r($_REQUEST,true));
+		logger('api_red_item_new: FILES ' . print_r($_FILES,true));
 
 
 		// set this so that the item_post() function is quiet and doesn't redirect or emit json
@@ -1698,7 +1692,7 @@ require_once('include/items.php');
 			'broughtbyurl' => '', 'timezone' => 'UTC', 'closed' => $closed, 'inviteonly' => 'false',
 			'private' => $private, 'textlimit' => $textlimit, 'sslserver' => $sslserver, 'ssl' => $ssl,
 			'shorturllength' => '30',
-        	'friendica' => array(
+        	'redmatrix' => array(
 				'RED_PLATFORM' => RED_PLATFORM,
 				'RED_VERSION' => RED_VERSION,
 				'ZOT_REVISION' => ZOT_REVISION,

include/bbcode.php

@@ -229,9 +229,12 @@ function bb_location($match) {
 
 function bbiframe($match) {
 	$a = get_app();
-	if(strpos($match[1],get_app()->get_hostname()))
-		return '<a href="' . $match[1] . '">' . $match[1] . '</a>';
-	return '<iframe src="' . $match[1] . '" width="' . $a->videowidth . '" height="' . $a->videoheight . '"><a href="' . $match[1] . '">' . $match[1] . '</a></iframe>';
+
+	// use sandbox mode to prevent malicious goings on rather than host restriction
+	//	if(strpos($match[1],get_app()->get_hostname()))
+	//		return '<a href="' . $match[1] . '">' . $match[1] . '</a>';
+
+	return '<iframe sandbox="allow-same-origin allow-top-navigation" src="' . $match[1] . '" width="' . $a->videowidth . '" height="' . $a->videoheight . '"><a href="' . $match[1] . '">' . $match[1] . '</a></iframe>';
 }
 
 function bb_ShareAttributesSimple($match) {

include/oembed.php

@@ -165,7 +165,7 @@ function oembed_iframe($src,$width,$height) {
 	$a = get_app();
 
 	$s = $a->get_baseurl()."/oembed/".base64url_encode($src);
-	return '<iframe height="' . $height . '" width="' . $width . '" src="' . $s . '" frameborder="no" >' . t('Embedded content') . '</iframe>'; 
+	return '<iframe sandbox="allow-same-origin allow-top-navigation" height="' . $height . '" width="' . $width . '" src="' . $s . '" frameborder="no" >' . t('Embedded content') . '</iframe>'; 
 
 }
 

include/reddav.php

@@ -708,7 +708,7 @@ function RedFileData($file, &$auth,$test = false) {
 			$r = q("select id, uid, hash, filename, filetype, filesize, revision, folder, flags, created, edited from attach 
 				where folder = '%s' and filename = '%s' and uid = %d $perms group by filename limit 1",
 				dbesc($folder),
-				basename($file),
+				dbesc(basename($file)),
 				intval($channel_id)
 
 			);
@@ -719,7 +719,7 @@ function RedFileData($file, &$auth,$test = false) {
 			$r = q("select id, uid, hash, filename, filetype, filesize, revision, folder, flags, created, edited from attach 
 				where folder = '%s' and filename = '%s' and uid = %d group by filename limit 1",
 				dbesc($folder),
-				basename($file),
+				dbesc(basename($file)),
 				intval($channel_id)
 			);
 			if($r)

include/text.php

@@ -278,6 +278,11 @@ function hex2bin($s) {
 	if(! (is_string($s) && strlen($s)))
 		return '';
 
+	if(strlen($s) & 1) {
+		logger('hex2bin: illegal hex string: ' . $s);
+		return $s;
+	}
+
 	if(! ctype_xdigit($s)) {
 		return($s);
 	}