Streams/streams
Streams/streams
1
0
Fork 0
mirror of https://codeberg.org/streams/streams.git synced 2024-09-20 04:15:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'html' into dev

Browse source
This commit is contained in:
nobody 2021-02-04 14:46:16 -08:00
commit 0fd5d7ef81
3 changed files with 31 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
include/bbcode.php
View file

@ -966,7 +966,7 @@ function bb_imgoptions($match) {
}
function bb_code_preprotect($matches) {
return '[code' . $matches[1] . ']' . 'b64.^8e%.' . base64_encode($matches[2]) . '.b64.$8e%' . '[/code]';
return '[code' . $matches[1] . ']' . 'b64.^8e%.' . base64_encode(str_replace('<br>','|+br+|',$matches[2])) . '.b64.$8e%' . '[/code]';
}
function bb_code_preunprotect($s) {
@ -975,7 +975,7 @@ function bb_code_preunprotect($s) {
function bb_code_protect($s) {
return 'b64.^9e%.' . base64_encode($s) . '.b64.$9e%';
return 'b64.^9e%.' . base64_encode(str_replace('<br>','|+br+|',$s)) . '.b64.$9e%';
}
function bb_code_unprotect($s) {
@ -983,7 +983,8 @@ function bb_code_unprotect($s) {
}
function bb_code_unprotect_sub($match) {
return base64_decode($match[1]);
$x = str_replace( [ '<', '>' ], [ '&lt;', '&gt;' ], base64_decode($match[1]));
return str_replace('|+br+|','<br>', $x);
}
function bb_colorbox($match) {
@ -1323,8 +1324,9 @@ function bbcode($Text, $options = []) {
// Replace any html brackets with HTML Entities to prevent executing HTML or script
// Don't use strip_tags here because it breaks [url] search by replacing & with amp
$Text = str_replace("<", "&lt;", $Text);
$Text = str_replace(">", "&gt;", $Text);
// These are no longer needed since we run the content through purify_html()
// $Text = str_replace("<", "&lt;", $Text);
// $Text = str_replace(">", "&gt;", $Text);
// Check for [code] text here, before the linefeeds are messed with.
@ -1340,8 +1342,10 @@ function bbcode($Text, $options = []) {
$Text = str_replace("\r\n", "\n", $Text);
if (! $bbonly) {
if ($bbonly) {
$Text = purify_html($Text);
}
else {
// escape some frequently encountered false positives with a zero-width space
@ -1349,11 +1353,12 @@ function bbcode($Text, $options = []) {
// We'll do this with a zero-width space between ] and (
$Text = preg_replace("/\[(.*?)\]\((.*?)\)\[\/(.*?)\]/ism", '[$1]' . html_entity_decode('&#8203;') . '($2)[/$3]', $Text);
// save code blocks from being interpreted as markdown
$Text = preg_replace_callback("/\[code(.*?)\](.*?)\[\/code\]/ism", 'bb_code_preprotect', $Text);
$Text = purify_html($Text, [ 'escape' ]);
// Perform some markdown conversions before translating linefeeds so as to keep the regexes manageable
$Text = preg_replace('#(?<!\\\)([*_]{3})([^\n]+?)\1#','<strong><em>$2</em></strong>',$Text);

2
include/oembed.php
View file

@ -263,7 +263,7 @@ function oembed_fetch_url($embedurl){
// logger('frame src: ' . $j['html'], LOGGER_DATA);
$j['html'] = purify_html($j['html'],$allow_position);
$j['html'] = purify_html($j['html'], (($allow_position) ? [ 'allow_position' ] : []));
if($j['html'] != $orig) {
// logger('oembed html was purified. original: ' . $orig . ' purified: ' . $j['html'], LOGGER_DEBUG, LOG_INFO);
}

22
include/text.php
View file

@ -106,8 +106,11 @@ function escape_tags($string) {
function z_input_filter($s,$type = 'text/bbcode',$allow_code = false) {
if($type === 'text/bbcode')
return escape_tags($s);
if($type === 'text/bbcode') {
return ($s);
// purify_html($s);
// return escape_tags($s);
}
if($type == 'text/plain')
return escape_tags($s);
if($type == 'application/x-pdl')
@ -147,7 +150,7 @@ function z_input_filter($s,$type = 'text/bbcode',$allow_code = false) {
* @param boolean $allow_position allow CSS position
* @return string standards compliant filtered HTML
*/
function purify_html($s, $allow_position = false) {
function purify_html($s, $opts = []) {
/**
* @FIXME this function has html output, not bbcode - so safely purify these
@ -160,6 +163,15 @@ function purify_html($s, $allow_position = false) {
$config->set('Cache.DefinitionImpl', null);
$config->set('Attr.EnableID', true);
// This will escape invalid tags in the output instead of removing.
// This is necessary for mixed format (text+bbcode+html+markdown) messages or
// some angle brackets in plaintext may get stripped if they look like an HTML tag
if (in_array('escape',$opts)) {
$config->set('Core.EscapeInvalidChildren', true);
$config->set('Core.EscapeInvalidTags', true);
}
// If enabled, target=blank attributes are added to all links.
//$config->set('HTML.TargetBlank', true);
//$config->set('Attr.AllowedFrameTargets', ['_blank', '_self', '_parent', '_top']);
@ -187,7 +199,7 @@ function purify_html($s, $allow_position = false) {
//responsive navigation
$def->info_global_attr['data-responsive-menu'] = new HTMLPurifier_AttrDef_Text;
$def->info_global_attr['data-responsive-toggle'] = new HTMLPurifier_AttrDef_Text;
//magellan
//magellan
$def->info_global_attr['data-magellan'] = new HTMLPurifier_AttrDef_Text;
$def->info_global_attr['data-magellan-target'] = new HTMLPurifier_AttrDef_Text;
@ -282,7 +294,7 @@ function purify_html($s, $allow_position = false) {
$def->addElement('button', 'Inline', 'Inline', 'Common');
if($allow_position) {
if(in_array('allow_position', $opts)) {
$cssDefinition = $config->getCSSDefinition();
$cssDefinition->info['position'] = new HTMLPurifier_AttrDef_Enum(array('absolute', 'fixed', 'relative', 'static', 'inherit'), false);