diff --git a/README.md b/README.md
index d317aec6a..15fef1cb4 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-RedMatrix
+Roadhouse
=========
A fediverse server.
diff --git a/Zotlabs/Lib/System.php b/Zotlabs/Lib/System.php
index acd07699c..c4bd5c8fd 100644
--- a/Zotlabs/Lib/System.php
+++ b/Zotlabs/Lib/System.php
@@ -112,7 +112,7 @@ class System {
static public function compatible_project($p) {
- if (in_array(strtolower($p),['hubzilla','zap','red','misty','mistpark','redmatrix','osada'])) {
+ if (in_array(strtolower($p),['hubzilla','zap','red','misty','mistpark','redmatrix','osada', 'roadhouse'])) {
return true;
}
return false;
diff --git a/include/bbcode.php b/include/bbcode.php
index 848738d3e..9f41804ba 100644
--- a/include/bbcode.php
+++ b/include/bbcode.php
@@ -966,7 +966,7 @@ function bb_imgoptions($match) {
}
function bb_code_preprotect($matches) {
- return '[code' . $matches[1] . ']' . 'b64.^8e%.' . base64_encode($matches[2]) . '.b64.$8e%' . '[/code]';
+ return '[code' . $matches[1] . ']' . 'b64.^8e%.' . base64_encode(str_replace('
','|+br+|',$matches[2])) . '.b64.$8e%' . '[/code]';
}
function bb_code_preunprotect($s) {
@@ -975,7 +975,7 @@ function bb_code_preunprotect($s) {
function bb_code_protect($s) {
- return 'b64.^9e%.' . base64_encode($s) . '.b64.$9e%';
+ return 'b64.^9e%.' . base64_encode(str_replace('
','|+br+|',$s)) . '.b64.$9e%';
}
function bb_code_unprotect($s) {
@@ -983,7 +983,8 @@ function bb_code_unprotect($s) {
}
function bb_code_unprotect_sub($match) {
- return base64_decode($match[1]);
+ $x = str_replace( [ '<', '>' ], [ '<', '>' ], base64_decode($match[1]));
+ return str_replace('|+br+|','
', $x);
}
function bb_colorbox($match) {
@@ -1323,8 +1324,9 @@ function bbcode($Text, $options = []) {
// Replace any html brackets with HTML Entities to prevent executing HTML or script
// Don't use strip_tags here because it breaks [url] search by replacing & with amp
- $Text = str_replace("<", "<", $Text);
- $Text = str_replace(">", ">", $Text);
+ // These are no longer needed since we run the content through purify_html()
+ // $Text = str_replace("<", "<", $Text);
+ // $Text = str_replace(">", ">", $Text);
// Check for [code] text here, before the linefeeds are messed with.
@@ -1340,8 +1342,10 @@ function bbcode($Text, $options = []) {
$Text = str_replace("\r\n", "\n", $Text);
-
- if (! $bbonly) {
+ if ($bbonly) {
+ $Text = purify_html($Text);
+ }
+ else {
// escape some frequently encountered false positives with a zero-width space
@@ -1349,11 +1353,12 @@ function bbcode($Text, $options = []) {
// We'll do this with a zero-width space between ] and (
$Text = preg_replace("/\[(.*?)\]\((.*?)\)\[\/(.*?)\]/ism", '[$1]' . html_entity_decode('') . '($2)[/$3]', $Text);
-
// save code blocks from being interpreted as markdown
$Text = preg_replace_callback("/\[code(.*?)\](.*?)\[\/code\]/ism", 'bb_code_preprotect', $Text);
+ $Text = purify_html($Text, [ 'escape' ]);
+
// Perform some markdown conversions before translating linefeeds so as to keep the regexes manageable
$Text = preg_replace('#(?$2',$Text);
diff --git a/include/oembed.php b/include/oembed.php
index bc5069cb5..601b76da2 100644
--- a/include/oembed.php
+++ b/include/oembed.php
@@ -263,7 +263,7 @@ function oembed_fetch_url($embedurl){
// logger('frame src: ' . $j['html'], LOGGER_DATA);
- $j['html'] = purify_html($j['html'],$allow_position);
+ $j['html'] = purify_html($j['html'], (($allow_position) ? [ 'allow_position' ] : []));
if($j['html'] != $orig) {
// logger('oembed html was purified. original: ' . $orig . ' purified: ' . $j['html'], LOGGER_DEBUG, LOG_INFO);
}
diff --git a/include/text.php b/include/text.php
index f4f51947f..5d74ee036 100644
--- a/include/text.php
+++ b/include/text.php
@@ -106,8 +106,11 @@ function escape_tags($string) {
function z_input_filter($s,$type = 'text/bbcode',$allow_code = false) {
- if($type === 'text/bbcode')
- return escape_tags($s);
+ if($type === 'text/bbcode') {
+ return ($s);
+ // purify_html($s);
+ // return escape_tags($s);
+ }
if($type == 'text/plain')
return escape_tags($s);
if($type == 'application/x-pdl')
@@ -147,7 +150,7 @@ function z_input_filter($s,$type = 'text/bbcode',$allow_code = false) {
* @param boolean $allow_position allow CSS position
* @return string standards compliant filtered HTML
*/
-function purify_html($s, $allow_position = false) {
+function purify_html($s, $opts = []) {
/**
* @FIXME this function has html output, not bbcode - so safely purify these
@@ -160,6 +163,15 @@ function purify_html($s, $allow_position = false) {
$config->set('Cache.DefinitionImpl', null);
$config->set('Attr.EnableID', true);
+ // This will escape invalid tags in the output instead of removing.
+ // This is necessary for mixed format (text+bbcode+html+markdown) messages or
+ // some angle brackets in plaintext may get stripped if they look like an HTML tag
+
+ if (in_array('escape',$opts)) {
+ $config->set('Core.EscapeInvalidChildren', true);
+ $config->set('Core.EscapeInvalidTags', true);
+ }
+
// If enabled, target=blank attributes are added to all links.
//$config->set('HTML.TargetBlank', true);
//$config->set('Attr.AllowedFrameTargets', ['_blank', '_self', '_parent', '_top']);
@@ -187,7 +199,7 @@ function purify_html($s, $allow_position = false) {
//responsive navigation
$def->info_global_attr['data-responsive-menu'] = new HTMLPurifier_AttrDef_Text;
$def->info_global_attr['data-responsive-toggle'] = new HTMLPurifier_AttrDef_Text;
- //magellan
+ //magellan
$def->info_global_attr['data-magellan'] = new HTMLPurifier_AttrDef_Text;
$def->info_global_attr['data-magellan-target'] = new HTMLPurifier_AttrDef_Text;
@@ -282,7 +294,7 @@ function purify_html($s, $allow_position = false) {
$def->addElement('button', 'Inline', 'Inline', 'Common');
- if($allow_position) {
+ if(in_array('allow_position', $opts)) {
$cssDefinition = $config->getCSSDefinition();
$cssDefinition->info['position'] = new HTMLPurifier_AttrDef_Enum(array('absolute', 'fixed', 'relative', 'static', 'inherit'), false);