From 36f8e84c72f398e8659c004af63013592f72f43b Mon Sep 17 00:00:00 2001 From: Mike Macgirvin Date: Wed, 28 Aug 2024 05:34:20 +1000 Subject: [PATCH 1/4] improve detection --- src/Lib/Activity.php | 5 +++-- src/Lib/Channel.php | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/src/Lib/Activity.php b/src/Lib/Activity.php index 34ebbfeec..a50ddaae9 100644 --- a/src/Lib/Activity.php +++ b/src/Lib/Activity.php @@ -4816,7 +4816,8 @@ class Activity $alt = htmlspecialchars($a['name'], ENT_QUOTES, 'UTF-8', false); // Escape brackets by converting to unicode full-width bracket since regular brackets will confuse multicode/bbcode parsing. // The full width bracket isn't quite as alien looking as most other unicode bracket replacements. - $alt = str_replace(['[', ']', '"'], ['[', ']', '\"'], $alt); + // Do the same for double-quotes; which may present issues with the HTML purifier and when rendered as HTML attributes. + $alt = str_replace(['[', ']', '\"', '"', '"'], ['[', ']', '"', '"', '"'], $alt); $item['body'] .= "\n\n" . '[img alt="' . $alt . '"]' . $a['href'] . '[/img]'; } else { $item['body'] .= "\n\n" . '[img]' . $a['href'] . '[/img]'; @@ -4829,7 +4830,7 @@ class Activity $alt = htmlspecialchars($a['name'], ENT_QUOTES, 'UTF-8', false); // Escape brackets by converting to unicode full-width bracket since regular brackets will confuse multicode/bbcode parsing. // The full width bracket isn't quite as alien looking as most other unicode bracket replacements. - $alt = str_replace(['[', ']', '"'], ['[', ']', '\"'], $alt); + $alt = str_replace(['[', ']', '\"', '"', '"'], ['[', ']', '"', '"', '"'], $alt); $item['body'] .= "\n\n" . '[img alt="' . $alt . '"]' . $a['href'] . '[/img]'; } else { $item['body'] .= "\n\n" . '[img]' . $a['href'] . '[/img]'; diff --git a/src/Lib/Channel.php b/src/Lib/Channel.php index 4ec7a6dc7..7b6997faf 100644 --- a/src/Lib/Channel.php +++ b/src/Lib/Channel.php @@ -2084,7 +2084,7 @@ class Channel { $pubkey = (new Multibase())->publicKey($channel['channel_epubkey']); $nomadic = PConfig::Get($channel['channel_id'], 'system', 'nomadicAP'); - if (!str_contains($id, '/.well-known/apgateway/')) { + if (!str_contains($id, '/.well-known/apgateway/') && !str_starts_with($id,'ap://')) { $nomadic = false; } return (($nomadic) ? Channel::getDid($channel) : Channel::url($channel) . '#' . $pubkey); From 27ac124c594cf15a811a67b925552833ac018897 Mon Sep 17 00:00:00 2001 From: Mike Macgirvin Date: Wed, 28 Aug 2024 08:50:08 +1000 Subject: [PATCH 2/4] more alt-text quotes --- src/Lib/Activity.php | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/Lib/Activity.php b/src/Lib/Activity.php index a50ddaae9..a9516d525 100644 --- a/src/Lib/Activity.php +++ b/src/Lib/Activity.php @@ -4813,11 +4813,10 @@ class Activity if (isset($a['image'])) { if (self::media_not_in_body($a['image'], $item['body']) && self::media_not_in_body($a['href'], $item['body'])) { if (isset($a['name']) && $a['name']) { - $alt = htmlspecialchars($a['name'], ENT_QUOTES, 'UTF-8', false); // Escape brackets by converting to unicode full-width bracket since regular brackets will confuse multicode/bbcode parsing. // The full width bracket isn't quite as alien looking as most other unicode bracket replacements. // Do the same for double-quotes; which may present issues with the HTML purifier and when rendered as HTML attributes. - $alt = str_replace(['[', ']', '\"', '"', '"'], ['[', ']', '"', '"', '"'], $alt); + $alt = str_replace(['[', ']', '\\"', '\"', '"', '"'], ['[', ']', '"', '"', '"', '"'], $a['name']); $alt = htmlspecialchars($alt, ENT_QUOTES, 'UTF-8', false); $item['body'] .= "\n\n" . '[img alt="' . $alt . '"]' . $a['href'] . '[/img]'; } else { $item['body'] .= "\n\n" . '[img]' . $a['href'] . '[/img]'; @@ -4827,10 +4826,10 @@ class Activity } elseif (self::media_not_in_body($a['href'], $item['body'])) { if (isset($a['name']) && $a['name']) { - $alt = htmlspecialchars($a['name'], ENT_QUOTES, 'UTF-8', false); // Escape brackets by converting to unicode full-width bracket since regular brackets will confuse multicode/bbcode parsing. // The full width bracket isn't quite as alien looking as most other unicode bracket replacements. - $alt = str_replace(['[', ']', '\"', '"', '"'], ['[', ']', '"', '"', '"'], $alt); + // Do the same for double-quotes; which may present issues with the HTML purifier and when rendered as HTML attributes. + $alt = str_replace(['[', ']', '\\"', '\"', '"', '"'], ['[', ']', '"', '"', '"', '"'], $a['name']); $alt = htmlspecialchars($alt, ENT_QUOTES, 'UTF-8', false); $item['body'] .= "\n\n" . '[img alt="' . $alt . '"]' . $a['href'] . '[/img]'; } else { $item['body'] .= "\n\n" . '[img]' . $a['href'] . '[/img]'; From 875b8777637b2797a91f0e2c553ba963b3f7261f Mon Sep 17 00:00:00 2001 From: Mike Macgirvin Date: Sat, 31 Aug 2024 08:17:04 +1000 Subject: [PATCH 3/4] This should display link attachments now. --- src/Lib/Activity.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/Lib/Activity.php b/src/Lib/Activity.php index a9516d525..4b233e617 100644 --- a/src/Lib/Activity.php +++ b/src/Lib/Activity.php @@ -4839,8 +4839,7 @@ class Activity if (array_key_exists('type', $a) && stripos($a['type'], 'video') !== false) { if (self::media_not_in_body($a['href'], $item['body'])) { if (isset($a['name']) && $a['name']) { - $alt = htmlspecialchars($a['name'], ENT_QUOTES, 'UTF-8', false); - $alt = str_replace(['[', ']'], ['[', ']'], $alt); + $alt = str_replace(['[', ']', '\\"', '\"', '"', '"'], ['[', ']', '"', '"', '"', '"'], $a['name']); $alt = htmlspecialchars($alt, ENT_QUOTES, 'UTF-8', false); $item['body'] .= "\n\n" . '[video title="' . $alt . '"]' . $a['href'] . '[/video]'; } else { $item['body'] .= "\n\n" . '[video]' . $a['href'] . '[/video]'; @@ -4852,7 +4851,7 @@ class Activity $item['body'] .= "\n\n" . '[audio]' . $a['href'] . '[/audio]'; } } - if (!isset($a['type']) && ActivityStreams::is_url($a['href']) && !strpos($item['body'], $a['href'])) { + if ((!isset($a['type']) || $a['type'] === 'Link') && ActivityStreams::is_url($a['href']) && !strpos($item['body'], $a['href'])) { $li = Url::get(z_root() . '/linkinfo?binurl=' . bin2hex($a['href'])); if ($li['success'] && $li['body']) { $item['body'] .= "\n" . $li['body']; From eb225639c6073ad5ba4b56d400a0cacd7562974b Mon Sep 17 00:00:00 2001 From: Mike Macgirvin Date: Sun, 1 Sep 2024 10:26:46 +1000 Subject: [PATCH 4/4] xchan confusion --- src/Module/Inbox.php | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/src/Module/Inbox.php b/src/Module/Inbox.php index 0ac1f1113..e5d96f5b5 100644 --- a/src/Module/Inbox.php +++ b/src/Module/Inbox.php @@ -6,6 +6,7 @@ namespace Code\Module; use App; +use Code\Lib\ActorId; use Code\Lib\Time; use Code\Web\HTTPSig; use Code\Lib\ActivityStreams; @@ -261,7 +262,7 @@ class Inbox extends Controller $collections = Activity::get_actor_collections($observer_hash); - if (is_array($collections) && in_array($collections['followers'], $AS->recips) + if ((is_array($collections) && in_array($collections['followers'], $AS->recips)) || in_array(ACTIVITY_PUBLIC_INBOX, $AS->recips) || in_array('Public', $AS->recips) || in_array('as:Public', $AS->recips)) { @@ -280,14 +281,23 @@ class Inbox extends Controller // deliver to anybody at this site directly addressed $channel_addr = ''; foreach($AS->recips as $recip) { - if (str_starts_with($recip, z_root())) { - $channel_addr .= '\'' . dbesc(basename($recip)) . '\','; + if (!str_starts_with($recip, z_root())) { + continue; + } + $actorId = new ActorId($recip); + if ($actorId->getType() === ActorId::ACTORID_TYPE_URL) { + $query = q("SELECT * from channel left join xchan on channel_hash = xchan_hash where xchan_url = '%s' and channel_removed = 0", + dbesc($recip) + ); + } + else { + $query = q("select * from channel left join xchan on channel_hash = xchan_hash where xchan_epubkey = '%s' and channel_removed = 0", + dbesc(str_replace('did:key:', '', $actorId->getId())) + ); + } + if ($query) { + $channels[] = array_shift($query); } - } - if ($channel_addr) { - $channel_addr = rtrim($channel_addr, ','); - $channels = dbq("SELECT * FROM channel - WHERE channel_address IN ($channel_addr) AND channel_removed = 0"); } }