diff --git a/doc/htconfig.md b/doc/htconfig.md index 64a75eda9..fb257c3da 100644 --- a/doc/htconfig.md +++ b/doc/htconfig.md @@ -16,77 +16,78 @@ Example: To set the directory value please add this line to your .htconfig.php: $a->config['system']['directory'] = 'http://dir.friendi.ca'; -## Jabber ## -* debug (Boolean) - Enable debug level for the jabber account synchronisation. -* logfile - Logfile for the jabber account synchronisation. +## jabber ## +* **debug** (Boolean) - Enable debug level for the jabber account synchronisation. +* **logfile** - Logfile for the jabber account synchronisation. -## System ## +## system ## -* birthday_input_format - Default value is "ymd". -* block_local_dir (Boolean) - Blocks the access to the directory of the local users. -* default_service_class - -* delivery_batch_count - Number of deliveries per process. Default value is 1. (Disabled when using the worker) -* diaspora_test (Boolean) - For development only. Disables the message transfer. -* directory - The path to global directory. If not set then "http://dir.friendi.ca" is used. -* disable_email_validation (Boolean) - Disables the check if a mail address is in a valid format and can be resolved via DNS. -* disable_url_validation (Boolean) - Disables the DNS lookup of an URL. -* event_input_format - Default value is "ymd". -* frontend_worker_timeout - Value in minutes after we think that a frontend task was killed by the webserver. Default value is 10. -* ignore_cache (Boolean) - For development only. Disables the item cache. -* like_no_comment (Boolean) - Don't update the "commented" value of an item when it is liked. -* local_block (Boolean) - Used in conjunction with "block_public". -* local_search (Boolean) - Blocks the search for not logged in users to prevent crawlers from blocking your system. -* max_connections - The poller process isn't started when the maximum level of the possible database connections are used. When the system can't detect the maximum numbers of connection then this value can be used. -* max_connections_level - The maximum level of connections that are allowed to let the poller start. It is a percentage value. Default value is 75. -* max_contact_queue - Default value is 500. -* max_batch_queue - Default value is 1000. -* max_processes_backend - Maximum number of concurrent database processes for background tasks. Default value is 5. -* max_processes_frontend - Maximum number of concurrent database processes for foreground tasks. Default value is 20. -* memcache (Boolean) - Use memcache. To use memcache the PECL extension "memcache" has to be installed and activated. -* memcache_host - Hostname of the memcache daemon. Default is '127.0.0.1'. -* memcache_port- Portnumberof the memcache daemon. Default is 11211. -* no_oembed (Boolean) - Don't use OEmbed to fetch more information about a link. -* no_oembed_rich_content (Boolean) - Don't show the rich content (e.g. embedded PDF). -* no_smilies (Boolean) - Don't show smilies. -* no_view_full_size (Boolean) - Don't add the link "View full size" under a resized image. -* optimize_items (Boolean) - Triggers an SQL command to optimize the item table before expiring items. -* ostatus_poll_timeframe - Defines how old an item can be to try to complete the conversation with it. -* paranoia (Boolean) - Log out users if their IP address changed. -* permit_crawling (Boolean) - Restricts the search for not logged in users to one search per minute. -* profiler (Boolean) - Enable internal timings to help optimize code. Needed for "rendertime" addon. Default is false. -* free_crawls - Number of "free" searches when "permit_crawling" is activated (Default value is 10) -* crawl_permit_period - Period in seconds between allowed searches when the number of free searches is reached and "permit_crawling" is activated (Default value is 60) -* png_quality - Default value is 8. -* proc_windows (Boolean) - Should be enabled if Friendica is running under Windows. -* proxy_cache_time - Time after which the cache is cleared. Default value is one day. -* pushpoll_frequency - -* qsearch_limit - Default value is 100. -* relay_server - Experimental Diaspora feature. Address of the relay server where public posts should be send to. For example https://podrelay.net -* relay_subscribe (Boolean) - Enables the receiving of public posts from the relay. They will be included in the search and on the community page when it is set up to show all public items. -* relay_scope - Can be "all" or "tags". "all" means that every public post should be received. "tags" means that only posts with selected tags should be received. -* relay_server_tags - Comma separated list of tags for the "tags" subscription (see "relay_scrope") -* relay_user_tags (Boolean) - If enabled, the tags from the saved searches will used for the "tags" subscription in addition to the "relay_server_tags". -* remove_multiplicated_lines (Boolean) - If enabled, multiple linefeeds in items are stripped to a single one. -* show_unsupported_addons (Boolean) - Show all addons including the unsupported ones. -* show_unsupported_themes (Boolean) - Show all themes including the unsupported ones. -* throttle_limit_day - Maximum number of posts that a user can send per day with the API. -* throttle_limit_week - Maximum number of posts that a user can send per week with the API. -* throttle_limit_month - Maximum number of posts that a user can send per month with the API. -* wall-to-wall_share (Boolean) - Displays forwarded posts like "wall-to-wall" posts. -* worker_cooldown - Cooldown time after each worker function call. Default value is 0 seconds. -* xrd_timeout - Timeout for fetching the XRD links. Default value is 20 seconds. +* **allowed_link_protocols** (Array) - Allowed protocols in links URLs, add at your own risk. http is always allowed. +* **birthday_input_format** - Default value is "ymd". +* **block_local_dir** (Boolean) - Blocks the access to the directory of the local users. +* **default_service_class** - +* **delivery_batch_count** - Number of deliveries per process. Default value is 1. (Disabled when using the worker) +* **diaspora_test** (Boolean) - For development only. Disables the message transfer. +* **directory** - The path to global directory. If not set then "http://dir.friendi.ca" is used. +* **disable_email_validation** (Boolean) - Disables the check if a mail address is in a valid format and can be resolved via DNS. +* **disable_url_validation** (Boolean) - Disables the DNS lookup of an URL. +* **event_input_format** - Default value is "ymd". +* **frontend_worker_timeout** - Value in minutes after we think that a frontend task was killed by the webserver. Default value is 10. +* **ignore_cache** (Boolean) - For development only. Disables the item cache. +* **like_no_comment** (Boolean) - Don't update the "commented" value of an item when it is liked. +* **local_block** (Boolean) - Used in conjunction with "block_public". +* **local_search** (Boolean) - Blocks the search for not logged in users to prevent crawlers from blocking your system. +* **max_connections** - The poller process isn't started when the maximum level of the possible database connections are used. When the system can't detect the maximum numbers of connection then this value can be used. +* **max_connections_level** - The maximum level of connections that are allowed to let the poller start. It is a percentage value. Default value is 75. +* **max_contact_queue** - Default value is 500. +* **max_batch_queue** - Default value is 1000. +* **max_processes_backend** - Maximum number of concurrent database processes for background tasks. Default value is 5. +* **max_processes_frontend** - Maximum number of concurrent database processes for foreground tasks. Default value is 20. +* **memcache** (Boolean) - Use memcache. To use memcache the PECL extension "memcache" has to be installed and activated. +* **memcache_host** - Hostname of the memcache daemon. Default is '127.0.0.1'. +* **memcache_port** - Portnumberof the memcache daemon. Default is 11211. +* **no_oembed** (Boolean) - Don't use OEmbed to fetch more information about a link. +* **no_oembed_rich_content** (Boolean) - Don't show the rich content (e.g. embedded PDF). +* **no_smilies** (Boolean) - Don't show smilies. +* **no_view_full_size** (Boolean) - Don't add the link "View full size" under a resized image. +* **optimize_items** (Boolean) - Triggers an SQL command to optimize the item table before expiring items. +* **ostatus_poll_timeframe** - Defines how old an item can be to try to complete the conversation with it. +* **paranoia** (Boolean) - Log out users if their IP address changed. +* **permit_crawling** (Boolean) - Restricts the search for not logged in users to one search per minute. +* **profiler** (Boolean) - Enable internal timings to help optimize code. Needed for "rendertime" addon. Default is false. +* **free_crawls** - Number of "free" searches when "permit_crawling" is activated (Default value is 10) +* **crawl_permit_period** - Period in seconds between allowed searches when the number of free searches is reached and "permit_crawling" is activated (Default value is 60) +* **png_quality** - Default value is 8. +* **proc_windows** (Boolean) - Should be enabled if Friendica is running under Windows. +* **proxy_cache_time** - Time after which the cache is cleared. Default value is one day. +* **pushpoll_frequency** - +* **qsearch_limit** - Default value is 100. +* **relay_server** - Experimental Diaspora feature. Address of the relay server where public posts should be send to. For example https://podrelay.net +* **relay_subscribe** (Boolean) - Enables the receiving of public posts from the relay. They will be included in the search and on the community page when it is set up to show all public items. +* **relay_scope** - Can be "all" or "tags". "all" means that every public post should be received. "tags" means that only posts with selected tags should be received. +* **relay_server_tags** - Comma separated list of tags for the "tags" subscription (see "relay_scrope") +* **relay_user_tags** (Boolean) - If enabled, the tags from the saved searches will used for the "tags" subscription in addition to the "relay_server_tags". +* **remove_multiplicated_lines** (Boolean) - If enabled, multiple linefeeds in items are stripped to a single one. +* **show_unsupported_addons** (Boolean) - Show all addons including the unsupported ones. +* **show_unsupported_themes** (Boolean) - Show all themes including the unsupported ones. +* **throttle_limit_day** - Maximum number of posts that a user can send per day with the API. +* **throttle_limit_week** - Maximum number of posts that a user can send per week with the API. +* **throttle_limit_month** - Maximum number of posts that a user can send per month with the API. +* **wall-to-wall_share** (Boolean) - Displays forwarded posts like "wall-to-wall" posts. +* **worker_cooldown** - Cooldown time after each worker function call. Default value is 0 seconds. +* **xrd_timeout** - Timeout for fetching the XRD links. Default value is 20 seconds. ## service_class ## -* upgrade_link - +* **upgrade_link** - ## experimentals ## -* exp_themes (Boolean) - Show experimental themes as well. +* **exp_themes** (Boolean) - Show experimental themes as well. ## theme ## -* hide_eventlist (Boolean) - Don't show the birthdays and events on the profile and network page +* **hide_eventlist** (Boolean) - Don't show the birthdays and events on the profile and network page # Administrator Options # diff --git a/htconfig.php b/htconfig.php index 469fa7af6..ce418fa75 100644 --- a/htconfig.php +++ b/htconfig.php @@ -78,3 +78,6 @@ $a->config['system']['no_regfullname'] = true; // Location of the global directory $a->config['system']['directory'] = 'http://dir.friendi.ca'; + +// Allowed protocols in link URLs; HTTP protocols always are accepted +$a->config['system']['allowed_link_protocols'] = array('ftp', 'ftps', 'mailto', 'cid', 'gopher'); \ No newline at end of file diff --git a/include/bbcode.php b/include/bbcode.php index ebafc353a..27213007c 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -1,4 +1,6 @@ ]*?)(src|href)=(.*?)\&\;(.*?)\>/ism",'<$1$2=$3&$4>',$Text); - $Text = preg_replace("/\<([^>]*?)(src|href)=\"(?!http|ftp|mailto|gopher|cid)(.*?)\>/ism",'<$1$2="">',$Text); + $Text = preg_replace('/\<([^>]*?)(src|href)=(.*?)\&\;(.*?)\>/ism', '<$1$2=$3&$4>', $Text); - if($saved_image) + // sanitizes src attributes (only relative redir URIs or http URLs) + $Text = preg_replace('#<([^>]*?)(src)="(?!http|redir)(.*?)"(.*?)>#ism', '<$1$2=""$4 class="invalid-src" title="' . t('Invalid source protocol') . '">', $Text); + + // sanitize href attributes (only whitelisted protocols URLs) + // default value for backward compatibility + $allowed_link_protocols = Config::get('system', 'allowed_link_protocols', array('ftp', 'mailto', 'gopher', 'cid')); + + // Always allowed protocol even if config isn't set or not including it + $allowed_link_protocols[] = 'http'; + + $regex = '#<([^>]*?)(href)="(?!' . implode('|', $allowed_link_protocols) . ')(.*?)"(.*?)>#ism'; + $Text = preg_replace($regex, '<$1$2="javascript:void(0)"$4 class="invalid-href" title="' . t('Invalid link protocol') . '">', $Text); + + if($saved_image) { $Text = bb_replace_images($Text, $saved_image); + } // Clean up the HTML by loading and saving the HTML with the DOM. // Bad structured html can break a whole page. diff --git a/include/text.php b/include/text.php index b57016456..1197f24ee 100644 --- a/include/text.php +++ b/include/text.php @@ -771,7 +771,7 @@ function activity_match($haystack,$needle) { /** * @brief Pull out all #hashtags and @person tags from $string. - * + * * We also get @person@domain.com - which would make * the regex quite complicated as tags can also * end a sentence. So we'll run through our results @@ -1170,33 +1170,29 @@ function link_compare($a,$b) { return false; }} - -if(! function_exists('redir_private_images')) { /** - * Find any non-embedded images in private items and add redir links to them + * @brief Find any non-embedded images in private items and add redir links to them * * @param App $a - * @param array $item + * @param array &$item The field array of an item row */ -function redir_private_images($a, &$item) { - +function redir_private_images($a, &$item) +{ $matches = false; $cnt = preg_match_all('|\[img\](http[^\[]*?/photo/[a-fA-F0-9]+?(-[0-9]\.[\w]+?)?)\[\/img\]|', $item['body'], $matches, PREG_SET_ORDER); - if($cnt) { - //logger("redir_private_images: matches = " . print_r($matches, true)); - foreach($matches as $mtch) { - if(strpos($mtch[1], '/redir') !== false) + if ($cnt) { + foreach ($matches as $mtch) { + if (strpos($mtch[1], '/redir') !== false) { continue; + } - if((local_user() == $item['uid']) && ($item['private'] != 0) && ($item['contact-id'] != $a->contact['id']) && ($item['network'] == NETWORK_DFRN)) { - //logger("redir_private_images: redir"); - $img_url = 'redir?f=1&quiet=1&url=' . $mtch[1] . '&conurl=' . $item['author-link']; - $item['body'] = str_replace($mtch[0], "[img]".$img_url."[/img]", $item['body']); + if ((local_user() == $item['uid']) && ($item['private'] != 0) && ($item['contact-id'] != $a->contact['id']) && ($item['network'] == NETWORK_DFRN)) { + $img_url = 'redir?f=1&quiet=1&url=' . urlencode($mtch[1]) . '&conurl=' . urlencode($item['author-link']); + $item['body'] = str_replace($mtch[0], '[img]' . $img_url . '[/img]', $item['body']); } } } - -}} +} function put_item_in_cache(&$item, $update = false) { diff --git a/view/global.css b/view/global.css index 85e45db00..4dd4cd572 100644 --- a/view/global.css +++ b/view/global.css @@ -365,15 +365,15 @@ a { color: #00a700; } .federation-graph { - width: 400px; - height: 400px; - float: right; + width: 400px; + height: 400px; + float: right; margin: 20px; } .federation-network-graph { - width: 240px; - height: 240px; - float: left; + width: 240px; + height: 240px; + float: left; margin: 20px; } ul.federation-stats, @@ -429,7 +429,7 @@ td.federation-data { } .p-addr { - clear: both; + clear: both; } #live-community { @@ -481,3 +481,10 @@ td.pendingnote > p > span { border-left: 5px solid #f00; font-weight: bold; } + +/* src/href attributes filter error display */ +.invalid-src { border: 1px dotted red;} +.invalid-href { border-bottom: 1px dotted red;} +.invalid-src:after, +.invalid-href:after { content: '⚠️'} +img.invalid-src:after { vertical-align: top;}