mirror of
https://codeberg.org/streams/streams.git
synced 2024-09-21 23:15:15 +00:00
Merge branch 'dev' of /home/macgirvin/roadhouse into dev
This commit is contained in:
nobody
commit
6cca10d9af
3 changed files with 36 additions and 10 deletions
|
|
@ -30,6 +30,13 @@ class Superblock extends Controller {
|
|||
|
||||
$m = parse_url($blocked);
|
||||
if ($m['scheme'] && $m['host'] && (($type === BLOCKTYPE_SERVER) || (! $m['path']))) {
|
||||
if (strcasecmp($m['host'],App::get_hostname()) === 0) {
|
||||
notice(t('Blocking this site is not permitted.'));
|
||||
if ($inline) {
|
||||
return;
|
||||
}
|
||||
killme();
|
||||
}
|
||||
$type = BLOCKTYPE_SERVER;
|
||||
$blocked = $m['host'];
|
||||
}
|
||||
|
|
@ -40,11 +47,13 @@ class Superblock extends Controller {
|
|||
if ($blocked) {
|
||||
$handled = true;
|
||||
if ($type === BLOCKTYPE_CHANNEL) {
|
||||
$r = q("select xchan_url from xchan where ( xchan_hash = '%s' or xchan_addr = '%s' or xchan_url = '%s' )",
|
||||
|
||||
$r = q("select * from xchan where ( xchan_hash = '%s' or xchan_addr = '%s' or xchan_url = '%s' )",
|
||||
dbesc($blocked),
|
||||
dbesc($blocked),
|
||||
dbesc($blocked)
|
||||
);
|
||||
|
||||
if (! $r) {
|
||||
// not in cache - try discovery
|
||||
$wf = discover_by_webbie($blocked,'',false);
|
||||
|
|
@ -71,6 +80,7 @@ class Superblock extends Controller {
|
|||
|
||||
if ($r) {
|
||||
$r = Libzot::zot_record_preferred($r,'xchan_network');
|
||||
$blocked = $r['xchan_hash'];
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -192,6 +202,7 @@ class Superblock extends Controller {
|
|||
function get() {
|
||||
|
||||
$l = LibBlock::fetch(local_channel(),BLOCKTYPE_CHANNEL);
|
||||
|
||||
$list = ids_to_array($l,'block_entity');
|
||||
|
||||
stringify_array_elms($list,true);
|
||||
|
|
|
|||
|
|
@ -1021,6 +1021,22 @@ function bb_imgoptions($match) {
|
|||
|
||||
}
|
||||
|
||||
function multicode_purify($s) {
|
||||
|
||||
$s = preg_replace_callback("/\[code(.*?)\](.*?)\[\/code\]/ism", function ($match) {
|
||||
return '[code' . $match[1] . ']' . bb_code_protect($match[2]) . '[/code]';
|
||||
}, $s);
|
||||
|
||||
$s = preg_replace_callback('#(^|\n)([`~]{3,})(?: *\.?([a-zA-Z0-9\-.]+))?\n+([\s\S]+?)\n+\2(\n|$)#', function ($match) {
|
||||
return $match[1] . $match[2] . "\n" . bb_code_protect($match[4]) . "\n" . $match[2] . (($match[5]) ? $match[5] : "\n");
|
||||
}, $s);
|
||||
|
||||
$s = purify_html($s, [ 'escape' ]);
|
||||
|
||||
return bb_code_unprotect($s);
|
||||
|
||||
}
|
||||
|
||||
function bb_code_preprotect($matches) {
|
||||
return '[code' . $matches[1] . ']' . 'b64.^8e%.' . base64_encode(str_replace('<br>','|+br+|',$matches[2])) . '.b64.$8e%' . '[/code]';
|
||||
}
|
||||
|
|
@ -1094,7 +1110,7 @@ function md_codeblock($content) {
|
|||
|
||||
$language = !empty($content[3]) ? filter_var($content[3], FILTER_SANITIZE_STRING) : '';
|
||||
$class = !empty($language) ? sprintf(' class="%s language-%s"', $language, $language) : '';
|
||||
// Build one block so that we not create each paragraph.
|
||||
// Build one block so that we not render each paragraph separately.
|
||||
$content = str_replace("\n", '<br>', $content[4]);
|
||||
|
||||
return sprintf('<pre><code%s>%s</code></pre>', $class, bb_code_protect($content));
|
||||
|
|
@ -1417,10 +1433,11 @@ function bbcode($Text, $options = []) {
|
|||
// was moved to rendering code to allow multiple code formats
|
||||
// A proper fix would be to escape any code blocks before purification,
|
||||
// restore them and store the resultant intermediate multicode.
|
||||
// This is now accomplished using multicode_purify()
|
||||
|
||||
if (strpbrk($Text,'<>') !== false) {
|
||||
$Text = purify_html($Text, [ 'escape' ]);
|
||||
}
|
||||
// if (strpbrk($Text,'<>') !== false) {
|
||||
// $Text = purify_html($Text, [ 'escape' ]);
|
||||
// }
|
||||
|
||||
// Perform some markdown conversions before translating linefeeds so as to keep the regexes manageable
|
||||
|
||||
|
|
@ -1948,7 +1965,7 @@ function bbcode($Text, $options = []) {
|
|||
$Text = preg_replace("/\<(.*?)(src|href)=(.*?)\&\;(.*?)\>/ism", '<$1$2=$3&$4>', $Text);
|
||||
|
||||
// This is subtle - it's an XSS filter. It only accepts links with a protocol scheme and where
|
||||
// the scheme begins with z (zhttp), h (http(s)), f (ftp(s)), g (gemini), m (mailto), t (tel) and named anchors.
|
||||
// the scheme begins with z (zhttp), h (http(s)), f (ftp(s)), g (gemini), m (mailto|magnet), t (tel) and named anchors.
|
||||
// data: urls are allowed if exporting to activitypub which allows inline svg to federate, but not
|
||||
// to be used for local display
|
||||
|
||||
|
|
|
|||
|
|
@ -107,9 +107,7 @@ function escape_tags($string) {
|
|||
function z_input_filter($s,$type = 'text/bbcode',$allow_code = false) {
|
||||
|
||||
if($type === 'text/bbcode') {
|
||||
return ($s);
|
||||
// purify_html($s);
|
||||
// return escape_tags($s);
|
||||
return (multicode_purify($s));
|
||||
}
|
||||
if($type == 'text/plain')
|
||||
return escape_tags($s);
|
||||
|
|
|
|||
Loading…
Reference in a new issue