Streams/streams
Streams/streams
1
0
Fork 0
mirror of https://codeberg.org/streams/streams.git synced 2024-09-19 21:55:15 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

more work on mixed format messages

Browse source
This commit is contained in:
nobody 2021-02-04 14:45:07 -08:00
parent 0474143b89
commit 6d2f9b4cac
3 changed files with 17 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
include/bbcode.php
View file

@ -1324,11 +1324,9 @@ function bbcode($Text, $options = []) {
// Replace any html brackets with HTML Entities to prevent executing HTML or script
// Don't use strip_tags here because it breaks [url] search by replacing & with amp
// experimental.... not yet working
// $Text = purify_html($Text);
// $Text = str_replace("<", "&lt;", $Text);
// $Text = str_replace(">", "&gt;", $Text);
// These are no longer needed since we run the content through purify_html()
// $Text = str_replace("<", "&lt;", $Text);
// $Text = str_replace(">", "&gt;", $Text);
// Check for [code] text here, before the linefeeds are messed with.
@ -1359,7 +1357,7 @@ function bbcode($Text, $options = []) {
$Text = preg_replace_callback("/\[code(.*?)\](.*?)\[\/code\]/ism", 'bb_code_preprotect', $Text);
$Text = purify_html($Text);
$Text = purify_html($Text, [ 'escape' ]);
// Perform some markdown conversions before translating linefeeds so as to keep the regexes manageable

2
include/oembed.php
View file

@ -263,7 +263,7 @@ function oembed_fetch_url($embedurl){
// logger('frame src: ' . $j['html'], LOGGER_DATA);
$j['html'] = purify_html($j['html'],$allow_position);
$j['html'] = purify_html($j['html'], (($allow_position) ? [ 'allow_position' ] : []));
if($j['html'] != $orig) {
// logger('oembed html was purified. original: ' . $orig . ' purified: ' . $j['html'], LOGGER_DEBUG, LOG_INFO);
}

15
include/text.php
View file

@ -150,7 +150,7 @@ function z_input_filter($s,$type = 'text/bbcode',$allow_code = false) {
* @param boolean $allow_position allow CSS position
* @return string standards compliant filtered HTML
*/
function purify_html($s, $allow_position = false) {
function purify_html($s, $opts = []) {
/**
* @FIXME this function has html output, not bbcode - so safely purify these
@ -163,6 +163,15 @@ function purify_html($s, $allow_position = false) {
$config->set('Cache.DefinitionImpl', null);
$config->set('Attr.EnableID', true);
// This will escape invalid tags in the output instead of removing.
// This is necessary for mixed format (text+bbcode+html+markdown) messages or
// some angle brackets in plaintext may get stripped if they look like an HTML tag
if (in_array('escape',$opts)) {
$config->set('Core.EscapeInvalidChildren', true);
$config->set('Core.EscapeInvalidTags', true);
}
// If enabled, target=blank attributes are added to all links.
//$config->set('HTML.TargetBlank', true);
//$config->set('Attr.AllowedFrameTargets', ['_blank', '_self', '_parent', '_top']);
@ -190,7 +199,7 @@ function purify_html($s, $allow_position = false) {
//responsive navigation
$def->info_global_attr['data-responsive-menu'] = new HTMLPurifier_AttrDef_Text;
$def->info_global_attr['data-responsive-toggle'] = new HTMLPurifier_AttrDef_Text;
//magellan
//magellan
$def->info_global_attr['data-magellan'] = new HTMLPurifier_AttrDef_Text;
$def->info_global_attr['data-magellan-target'] = new HTMLPurifier_AttrDef_Text;
@ -285,7 +294,7 @@ function purify_html($s, $allow_position = false) {
$def->addElement('button', 'Inline', 'Inline', 'Common');
if($allow_position) {
if(in_array('allow_position', $opts)) {
$cssDefinition = $config->getCSSDefinition();
$cssDefinition->info['position'] = new HTMLPurifier_AttrDef_Enum(array('absolute', 'fixed', 'relative', 'static', 'inherit'), false);