From 0474143b89c0ff08eab262844fcb164f7398586a Mon Sep 17 00:00:00 2001 From: nobody Date: Tue, 2 Feb 2021 14:49:11 -0800 Subject: [PATCH 1/4] html+md+bbcode experiment --- include/bbcode.php | 20 ++++++++++++-------- include/text.php | 7 +++++-- 2 files changed, 17 insertions(+), 10 deletions(-) diff --git a/include/bbcode.php b/include/bbcode.php index 5c6eac54e..2293cfc7f 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -966,7 +966,7 @@ function bb_imgoptions($match) { } function bb_code_preprotect($matches) { - return '[code' . $matches[1] . ']' . 'b64.^8e%.' . base64_encode($matches[2]) . '.b64.$8e%' . '[/code]'; + return '[code' . $matches[1] . ']' . 'b64.^8e%.' . base64_encode(str_replace('
','|+br+|',$matches[2])) . '.b64.$8e%' . '[/code]'; } function bb_code_preunprotect($s) { @@ -975,7 +975,7 @@ function bb_code_preunprotect($s) { function bb_code_protect($s) { - return 'b64.^9e%.' . base64_encode($s) . '.b64.$9e%'; + return 'b64.^9e%.' . base64_encode(str_replace('
','|+br+|',$s)) . '.b64.$9e%'; } function bb_code_unprotect($s) { @@ -983,7 +983,8 @@ function bb_code_unprotect($s) { } function bb_code_unprotect_sub($match) { - return base64_decode($match[1]); + $x = str_replace( [ '<', '>' ], [ '<', '>' ], base64_decode($match[1])); + return str_replace('|+br+|','
', $x); } function bb_colorbox($match) { @@ -1326,8 +1327,8 @@ function bbcode($Text, $options = []) { // experimental.... not yet working // $Text = purify_html($Text); - $Text = str_replace("<", "<", $Text); - $Text = str_replace(">", ">", $Text); +// $Text = str_replace("<", "<", $Text); +// $Text = str_replace(">", ">", $Text); // Check for [code] text here, before the linefeeds are messed with. @@ -1343,8 +1344,10 @@ function bbcode($Text, $options = []) { $Text = str_replace("\r\n", "\n", $Text); - - if (! $bbonly) { + if ($bbonly) { + $Text = purify_html($Text); + } + else { // escape some frequently encountered false positives with a zero-width space @@ -1352,11 +1355,12 @@ function bbcode($Text, $options = []) { // We'll do this with a zero-width space between ] and ( $Text = preg_replace("/\[(.*?)\]\((.*?)\)\[\/(.*?)\]/ism", '[$1]' . html_entity_decode('​') . '($2)[/$3]', $Text); - // save code blocks from being interpreted as markdown $Text = preg_replace_callback("/\[code(.*?)\](.*?)\[\/code\]/ism", 'bb_code_preprotect', $Text); + $Text = purify_html($Text); + // Perform some markdown conversions before translating linefeeds so as to keep the regexes manageable $Text = preg_replace('#(?$2',$Text); diff --git a/include/text.php b/include/text.php index f4f51947f..a5a8019a5 100644 --- a/include/text.php +++ b/include/text.php @@ -106,8 +106,11 @@ function escape_tags($string) { function z_input_filter($s,$type = 'text/bbcode',$allow_code = false) { - if($type === 'text/bbcode') - return escape_tags($s); + if($type === 'text/bbcode') { + return ($s); + // purify_html($s); + // return escape_tags($s); + } if($type == 'text/plain') return escape_tags($s); if($type == 'application/x-pdl') From f42be75870b5035ab5323e575ccbf6a0ad9a9665 Mon Sep 17 00:00:00 2001 From: nobody Date: Wed, 3 Feb 2021 18:07:23 -0800 Subject: [PATCH 2/4] updates --- Zotlabs/Lib/System.php | 2 +- boot.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Zotlabs/Lib/System.php b/Zotlabs/Lib/System.php index acd07699c..c4bd5c8fd 100644 --- a/Zotlabs/Lib/System.php +++ b/Zotlabs/Lib/System.php @@ -112,7 +112,7 @@ class System { static public function compatible_project($p) { - if (in_array(strtolower($p),['hubzilla','zap','red','misty','mistpark','redmatrix','osada'])) { + if (in_array(strtolower($p),['hubzilla','zap','red','misty','mistpark','redmatrix','osada', 'roadhouse'])) { return true; } return false; diff --git a/boot.php b/boot.php index 17dc6406d..0d5fd26fe 100755 --- a/boot.php +++ b/boot.php @@ -21,7 +21,7 @@ define ( 'ZOT_REVISION', '6.0' ); define ( 'DB_UPDATE_VERSION', 1247 ); -define ( 'PLATFORM_NAME', 'zap' ); +define ( 'PLATFORM_NAME', 'roadhouse' ); define ( 'PLATFORM_ARCHITECTURE', 'zap' ); define ( 'PROJECT_BASE', __DIR__ ); From 5539a031045d56faddfc1e4b37e2b25c6d65a6a9 Mon Sep 17 00:00:00 2001 From: nobody Date: Wed, 3 Feb 2021 18:12:39 -0800 Subject: [PATCH 3/4] readme --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index dada231d4..15fef1cb4 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ -ZAP -=== +Roadhouse +========= A fediverse server. From 6d2f9b4cacff4d2a3aae836c3559f08134857cdb Mon Sep 17 00:00:00 2001 From: nobody Date: Thu, 4 Feb 2021 14:45:07 -0800 Subject: [PATCH 4/4] more work on mixed format messages --- include/bbcode.php | 10 ++++------ include/oembed.php | 2 +- include/text.php | 15 ++++++++++++--- 3 files changed, 17 insertions(+), 10 deletions(-) diff --git a/include/bbcode.php b/include/bbcode.php index 2293cfc7f..9f41804ba 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -1324,11 +1324,9 @@ function bbcode($Text, $options = []) { // Replace any html brackets with HTML Entities to prevent executing HTML or script // Don't use strip_tags here because it breaks [url] search by replacing & with amp - // experimental.... not yet working - // $Text = purify_html($Text); - -// $Text = str_replace("<", "<", $Text); -// $Text = str_replace(">", ">", $Text); + // These are no longer needed since we run the content through purify_html() + // $Text = str_replace("<", "<", $Text); + // $Text = str_replace(">", ">", $Text); // Check for [code] text here, before the linefeeds are messed with. @@ -1359,7 +1357,7 @@ function bbcode($Text, $options = []) { $Text = preg_replace_callback("/\[code(.*?)\](.*?)\[\/code\]/ism", 'bb_code_preprotect', $Text); - $Text = purify_html($Text); + $Text = purify_html($Text, [ 'escape' ]); // Perform some markdown conversions before translating linefeeds so as to keep the regexes manageable diff --git a/include/oembed.php b/include/oembed.php index bc5069cb5..601b76da2 100644 --- a/include/oembed.php +++ b/include/oembed.php @@ -263,7 +263,7 @@ function oembed_fetch_url($embedurl){ // logger('frame src: ' . $j['html'], LOGGER_DATA); - $j['html'] = purify_html($j['html'],$allow_position); + $j['html'] = purify_html($j['html'], (($allow_position) ? [ 'allow_position' ] : [])); if($j['html'] != $orig) { // logger('oembed html was purified. original: ' . $orig . ' purified: ' . $j['html'], LOGGER_DEBUG, LOG_INFO); } diff --git a/include/text.php b/include/text.php index a5a8019a5..5d74ee036 100644 --- a/include/text.php +++ b/include/text.php @@ -150,7 +150,7 @@ function z_input_filter($s,$type = 'text/bbcode',$allow_code = false) { * @param boolean $allow_position allow CSS position * @return string standards compliant filtered HTML */ -function purify_html($s, $allow_position = false) { +function purify_html($s, $opts = []) { /** * @FIXME this function has html output, not bbcode - so safely purify these @@ -163,6 +163,15 @@ function purify_html($s, $allow_position = false) { $config->set('Cache.DefinitionImpl', null); $config->set('Attr.EnableID', true); + // This will escape invalid tags in the output instead of removing. + // This is necessary for mixed format (text+bbcode+html+markdown) messages or + // some angle brackets in plaintext may get stripped if they look like an HTML tag + + if (in_array('escape',$opts)) { + $config->set('Core.EscapeInvalidChildren', true); + $config->set('Core.EscapeInvalidTags', true); + } + // If enabled, target=blank attributes are added to all links. //$config->set('HTML.TargetBlank', true); //$config->set('Attr.AllowedFrameTargets', ['_blank', '_self', '_parent', '_top']); @@ -190,7 +199,7 @@ function purify_html($s, $allow_position = false) { //responsive navigation $def->info_global_attr['data-responsive-menu'] = new HTMLPurifier_AttrDef_Text; $def->info_global_attr['data-responsive-toggle'] = new HTMLPurifier_AttrDef_Text; - //magellan + //magellan $def->info_global_attr['data-magellan'] = new HTMLPurifier_AttrDef_Text; $def->info_global_attr['data-magellan-target'] = new HTMLPurifier_AttrDef_Text; @@ -285,7 +294,7 @@ function purify_html($s, $allow_position = false) { $def->addElement('button', 'Inline', 'Inline', 'Common'); - if($allow_position) { + if(in_array('allow_position', $opts)) { $cssDefinition = $config->getCSSDefinition(); $cssDefinition->info['position'] = new HTMLPurifier_AttrDef_Enum(array('absolute', 'fixed', 'relative', 'static', 'inherit'), false);