Friendica/friendica-github
1
0
Fork 0
mirror of https://github.com/friendica/friendica synced 2024-11-09 15:42:55 +00:00
Code Issues Projects Releases Packages Wiki Activity

Escape output of PermissionTooltip module

Browse source 
- Create AclReceivers and AddressedReceivers entities to collect contact names
- Create privacy/permission_tooltip.tpl to escape contact names
- Move PermissionTooltip module to Privacy namespace
- Thanks to @apexrabbit for the report!
This commit is contained in:
Hypolite Petovan 2024-05-09 20:46:49 -04:00
parent c19a68dc64
commit a6cb3ed903
5 changed files with 218 additions and 84 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

158
src/Module/PermissionTooltip.php → src/Module/Privacy/PermissionTooltip.php
View file

@ -19,18 +19,21 @@
* *
*/ */
namespace Friendica\Module; namespace Friendica\Module\Privacy;
use Friendica\App; use Friendica\App;
use Friendica\Core\Config\Capability\IManageConfigValues; use Friendica\Core\Config\Capability\IManageConfigValues;
use Friendica\Core\Hook; use Friendica\Core\Hook;
use Friendica\Core\L10n; use Friendica\Core\L10n;
use Friendica\Core\Protocol; use Friendica\Core\Protocol;
use Friendica\Core\Renderer;
use Friendica\Core\Session\Capability\IHandleUserSessions; use Friendica\Core\Session\Capability\IHandleUserSessions;
use Friendica\Database\Database; use Friendica\Database\Database;
use Friendica\Model; use Friendica\Model;
use Friendica\Module\Response;
use Friendica\Network\HTTPException; use Friendica\Network\HTTPException;
use Friendica\Network\HTTPException\InternalServerErrorException; use Friendica\Network\HTTPException\InternalServerErrorException;
use Friendica\Privacy\Entity;
use Friendica\Security\PermissionSet\Repository\PermissionSet; use Friendica\Security\PermissionSet\Repository\PermissionSet;
use Friendica\Util\ACLFormatter; use Friendica\Util\ACLFormatter;
use Friendica\Util\Profiler; use Friendica\Util\Profiler;
@ -101,109 +104,111 @@ class PermissionTooltip extends \Friendica\BaseModule
// Kept for backwards compatibility // Kept for backwards compatibility
Hook::callAll('lockview_content', $model); Hook::callAll('lockview_content', $model);
if ($type == 'item') { $aclReceivers = new Entity\AclReceivers();
$receivers = $this->fetchReceivers($model['uri-id']); $addressedReceivers = new Entity\AddressedReceivers();
if (empty($receivers)) { if (!empty($model['allow_cid']) || !empty($model['allow_gid']) || !empty($model['deny_cid']) || !empty($model['deny_gid'])) {
switch ($model['private']) { $aclReceivers = $this->fetchReceiversFromACL($model);
case Model\Item::PUBLIC: } elseif ($type == 'item') {
$receivers = $this->t('Public'); $addressedReceivers = $this->fetchAddressedReceivers($model['uri-id']);
break;
case Model\Item::UNLISTED:
$receivers = $this->t('Unlisted');
break;
case Model\Item::PRIVATE:
$receivers = $this->t('Limited/Private');
break;
}
}
} else {
$receivers = '';
} }
if (empty($model['allow_cid']) $privacy = '';
&& empty($model['allow_gid']) switch ($model['private'] ?? null) {
&& empty($model['deny_cid']) case Model\Item::PUBLIC: $privacy = $this->t('Public'); break;
&& empty($model['deny_gid']) case Model\Item::UNLISTED: $privacy = $this->t('Unlisted'); break;
&& empty($receivers)) case Model\Item::PRIVATE: $privacy = $this->t('Limited/Private'); break;
}
if ($aclReceivers->isEmpty() && $addressedReceivers->isEmpty() && empty($privacy))
{ {
echo $this->t('Remote privacy information not available.'); echo $this->t('Remote privacy information not available.');
exit; exit;
} }
if (!empty($model['allow_cid']) || !empty($model['allow_gid']) || !empty($model['deny_cid']) || !empty($model['deny_gid'])) { $tpl = Renderer::getMarkupTemplate('privacy/permission_tooltip.tpl');
$receivers = $this->fetchReceiversFromACL($model); $output = Renderer::replaceMacros($tpl, [
} '$l10n' => [
'visible_to' => $this->t('Visible to:'),
'to' => $this->t('To:'),
'cc' => $this->t('CC:'),
'bcc' => $this->t('BCC:'),
'audience' => $this->t('Audience:'),
'attributed' => $this->t('Attributed To:'),
],
'$aclReceivers' => $aclReceivers,
'$addressedReceivers' => $addressedReceivers,
'$privacy' => $privacy,
]);
$this->httpExit($this->t('Visible to:') . '<br />' . $receivers); $this->httpExit($output);
} }
/** /**
* Fetch a list of receivers based on the ACL data
* @throws \Exception * @throws \Exception
*/ */
private function fetchReceiversFromACL(array $model): string private function fetchReceiversFromACL(array $model): Entity\AclReceivers
{ {
$allowed_users = $model['allow_cid']; $allow_cid = $model['allow_cid'];
$allowed_circles = $model['allow_gid']; $allow_gid = $model['allow_gid'];
$deny_users = $model['deny_cid']; $deny_cid = $model['deny_cid'];
$deny_circles = $model['deny_gid']; $deny_gid = $model['deny_gid'];
$l = []; $allowContacts = [];
$allowCircles = [];
$denyContacts = [];
$denyCircles = [];
if (count($allowed_circles)) { if (count($allow_gid)) {
$key = array_search(Model\Circle::FOLLOWERS, $allowed_circles); $key = array_search(Model\Circle::FOLLOWERS, $allow_gid);
if ($key !== false) { if ($key !== false) {
$l[] = '<b>' . $this->t('Followers') . '</b>'; $allowCircles[] = $this->t('Followers');
unset($allowed_circles[$key]); unset($allow_gid[$key]);
} }
$key = array_search(Model\Circle::MUTUALS, $allowed_circles); $key = array_search(Model\Circle::MUTUALS, $allow_gid);
if ($key !== false) { if ($key !== false) {
$l[] = '<b>' . $this->t('Mutuals') . '</b>'; $allowCircles[] = $this->t('Mutuals');
unset($allowed_circles[$key]); unset($allow_gid[$key]);
} }
foreach ($this->dba->selectToArray('group', ['name'], ['id' => $allowed_circles]) as $circle) { foreach ($this->dba->selectToArray('group', ['name'], ['id' => $allow_gid]) as $circle) {
$l[] = '<b>' . $circle['name'] . '</b>'; $allowCircles[] = $circle['name'];
} }
} }
foreach ($this->dba->selectToArray('contact', ['name'], ['id' => $allowed_users]) as $contact) { foreach ($this->dba->selectToArray('contact', ['name'], ['id' => $allow_cid]) as $contact) {
$l[] = $contact['name']; $allowContacts[] = $contact['name'];
} }
if (count($deny_circles)) { if (count($deny_gid)) {
$key = array_search(Model\Circle::FOLLOWERS, $deny_circles); $key = array_search(Model\Circle::FOLLOWERS, $deny_gid);
if ($key !== false) { if ($key !== false) {
$l[] = '<b><strike>' . $this->t('Followers') . '</strike></b>'; $denyCircles[] = $this->t('Followers');
unset($deny_circles[$key]); unset($deny_gid[$key]);
} }
$key = array_search(Model\Circle::MUTUALS, $deny_circles); $key = array_search(Model\Circle::MUTUALS, $deny_gid);
if ($key !== false) { if ($key !== false) {
$l[] = '<b><strike>' . $this->t('Mutuals') . '</strike></b>'; $denyCircles[] = $this->t('Mutuals');
unset($deny_circles[$key]); unset($deny_gid[$key]);
} }
foreach ($this->dba->selectToArray('group', ['name'], ['id' => $allowed_circles]) as $circle) { foreach ($this->dba->selectToArray('group', ['name'], ['id' => $allow_gid]) as $circle) {
$l[] = '<b><strike>' . $circle['name'] . '</strike></b>'; $denyCircles[] = $circle['name'];
} }
} }
foreach ($this->dba->selectToArray('contact', ['name'], ['id' => $deny_users]) as $contact) { foreach ($this->dba->selectToArray('contact', ['name'], ['id' => $deny_cid]) as $contact) {
$l[] = '<strike>' . $contact['name'] . '</strike>'; $denyContacts[] = $contact['name'];
} }
return implode(', ', $l); return new Entity\AclReceivers($allowContacts, $allowCircles, $denyContacts, $denyCircles);
} }
/** /**
* Fetch a list of receivers
* @throws InternalServerErrorException * @throws InternalServerErrorException
*/ */
private function fetchReceivers(int $uriId): string private function fetchAddressedReceivers(int $uriId): Entity\AddressedReceivers
{ {
$own_url = ''; $own_url = '';
$uid = $this->session->getLocalUserId(); $uid = $this->session->getLocalUserId();
@ -242,34 +247,21 @@ class PermissionTooltip extends \Friendica\BaseModule
} }
} }
$output = '';
foreach ($receivers as $type => $receiver) { foreach ($receivers as $type => $receiver) {
$max = $this->config->get('system', 'max_receivers'); $max = $this->config->get('system', 'max_receivers');
$total = count($receiver); $total = count($receiver);
if ($total > $max) { if ($total > $max) {
$receiver = array_slice($receiver, 0, $max); $receivers[$type] = array_slice($receiver, 0, $max);
$receiver[] = $this->t('%d more', $total - $max); $receivers[$type][] = $this->t('%d more', $total - $max);
}
switch ($type) {
case Model\Tag::TO:
$output .= $this->t('<b>To:</b> %s<br>', implode(', ', $receiver));
break;
case Model\Tag::CC:
$output .= $this->t('<b>CC:</b> %s<br>', implode(', ', $receiver));
break;
case Model\Tag::BCC:
$output .= $this->t('<b>BCC:</b> %s<br>', implode(', ', $receiver));
break;
case Model\Tag::AUDIENCE:
$output .= $this->t('<b>Audience:</b> %s<br>', implode(', ', $receiver));
break;
case Model\Tag::ATTRIBUTED:
$output .= $this->t('<b>Attributed To:</b> %s<br>', implode(', ', $receiver));
break;
} }
} }
return $output; return new Entity\AddressedReceivers(
$receivers[Model\Tag::TO] ?? [],
$receivers[Model\Tag::CC] ?? [],
$receivers[Model\Tag::BCC] ?? [],
$receivers[Model\Tag::AUDIENCE] ?? [],
$receivers[Model\Tag::ATTRIBUTED] ?? [],
);
} }
} }

45
src/Privacy/Entity/AclReceivers.php Normal file
View file

@ -0,0 +1,45 @@
<?php
/**
* @copyright Copyright (C) 2010-2024, the Friendica project
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
*/
namespace Friendica\Privacy\Entity;
use Friendica\BaseEntity;
class AclReceivers extends BaseEntity
{
protected array $allowContacts = [];
protected array $allowCircles = [];
protected array $denyContacts = [];
protected array $denyCircles = [];
public function __construct(array $allowContacts = [], array $allowCircles = [], array $denyContacts = [], array $denyCircles = [])
{
$this->allowContacts = $allowContacts;
$this->allowCircles = $allowCircles;
$this->denyContacts = $denyContacts;
$this->denyCircles = $denyCircles;
}
public function isEmpty(): bool
{
return empty($this->allowContacts) && empty($this->allowCircles) && empty($this->denyContacts) && empty($this->denyCircles);
}
}

47
src/Privacy/Entity/AddressedReceivers.php Normal file
View file

@ -0,0 +1,47 @@
<?php
/**
* @copyright Copyright (C) 2010-2024, the Friendica project
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
*/
namespace Friendica\Privacy\Entity;
use Friendica\BaseEntity;
class AddressedReceivers extends BaseEntity
{
protected array $to = [];
protected array $cc = [];
protected array $bcc = [];
protected array $audience = [];
protected array $attributed = [];
public function __construct(array $to = [], array $cc = [], array $bcc = [], array $audience = [], array $attributed = [])
{
$this->to = $to;
$this->cc = $cc;
$this->bcc = $bcc;
$this->audience = $audience;
$this->attributed = $attributed;
}
public function isEmpty(): bool
{
return empty($this->to) && empty($this->cc) && empty($this->bcc) && empty($this->audience) && empty($this->attributed);
}
}

2
static/routes.config.php
View file

@ -565,7 +565,7 @@ return [
'/opensearch' => [Module\OpenSearch::class, [R::GET]], '/opensearch' => [Module\OpenSearch::class, [R::GET]],
'/parseurl' => [Module\ParseUrl::class, [R::GET]], '/parseurl' => [Module\ParseUrl::class, [R::GET]],
'/permission/tooltip/{type}/{id:\d+}' => [Module\PermissionTooltip::class, [R::GET]], '/permission/tooltip/{type}/{id:\d+}' => [Module\Privacy\PermissionTooltip::class, [R::GET]],
'/photo' => [ '/photo' => [
'/{size:thumb_small|scaled_full}_{name}' => [Module\Photo::class, [R::GET]], '/{size:thumb_small|scaled_full}_{name}' => [Module\Photo::class, [R::GET]],

50
view/templates/privacy/permission_tooltip.tpl Normal file
View file

@ -0,0 +1,50 @@
{{$l10n.visible_to}}<br>
{{if !$aclReceivers->isEmpty()}}
{{foreach from=$aclReceivers->allowCircles item=circle name=allowCircles}}
<b>{{$circle}}</b>
{{if !$smarty.foreach.allowCircles.last}}, {{/if}}
{{/foreach}}
{{if $aclReceivers->allowContacts && $aclReceivers->allowCircles}}, {{/if}}
{{foreach from=$aclReceivers->allowContacts item=contact name=allowContacts}}
{{$contact}}
{{if !$smarty.foreach.allowContacts.last}}, {{/if}}
{{/foreach}}
{{if $aclReceivers->denyCircles && ($aclReceivers->allowContacts || $aclReceivers->allowCircles)}}, {{/if}}
{{foreach from=$aclReceivers->denyCircles item=circle name=denyCircles}}
<b><s>{{$circle}}</s></b>
{{if !$smarty.foreach.denyCircles.last}}, {{/if}}
{{/foreach}}
{{if $aclReceivers->denyContacts && ($aclReceivers->denyCircles || $aclReceivers->allowContacts || $aclReceivers->allowCircles)}}, {{/if}}
{{foreach from=$aclReceivers->denyContacts item=contact name=denyContacts}}
<s>{{$contact}}</s>
{{if !$smarty.foreach.denyContacts.last}}, {{/if}}
{{/foreach}}
{{elseif !$addressedReceivers->isEmpty()}}
{{if $addressedReceivers->to}}
<b>{{$l10n.to}}</b>
{{', '|join:$addressedReceivers->to}}
<br>
{{/if}}
{{if $addressedReceivers->cc}}
<b>{{$l10n.cc}}</b>
{{', '|join:$addressedReceivers->cc}}
<br>
{{/if}}
{{if $addressedReceivers->bcc}}
<b>{{$l10n.bcc}}</b>
{{', '|join:$addressedReceivers->bcc}}
<br>
{{/if}}
{{if $addressedReceivers->audience}}
<b>{{$l10n.audience}}</b>
{{', '|join:$addressedReceivers->audience}}
<br>
{{/if}}
{{if $addressedReceivers->attributed}}
<b>{{$l10n.attributed}}</b>
{{', '|join:$addressedReceivers->attributed}}
<br>
{{/if}}
{{else}}
{{$privacy}}
{{/if}}