From 0b3cd206c350dad7a244e519c115fa0c03256df4 Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Thu, 2 Jan 2020 20:35:59 -0500 Subject: [PATCH 1/4] Remove harmful HTML decode/encode in BBCode::scaleExternalImages --- src/Content/Text/BBCode.php | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/Content/Text/BBCode.php b/src/Content/Text/BBCode.php index 11caeb6ecb..4a2a75ece3 100644 --- a/src/Content/Text/BBCode.php +++ b/src/Content/Text/BBCode.php @@ -444,7 +444,7 @@ class BBCode } // Picture addresses can contain special characters - $s = htmlspecialchars_decode($srctext); + $s = $srctext; $matches = null; $c = preg_match_all('/\[img.*?\](.*?)\[\/img\]/ism', $s, $matches, PREG_SET_ORDER); @@ -501,8 +501,6 @@ class BBCode } } - // replace the special char encoding - $s = htmlspecialchars($s, ENT_NOQUOTES, 'UTF-8'); return $s; } From 542e83137b0877964467717efb994440cd7cea86 Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Thu, 2 Jan 2020 20:38:07 -0500 Subject: [PATCH 2/4] Remove useless HTML encode on item save --- mod/item.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mod/item.php b/mod/item.php index b14da4604e..52ccdb338a 100644 --- a/mod/item.php +++ b/mod/item.php @@ -246,7 +246,7 @@ function item_post(App $a) { $app = $orig_post['app']; $categories = $orig_post['file']; $title = Strings::escapeTags(trim($_REQUEST['title'])); - $body = Strings::escapeHtml(trim($body)); + $body = trim($body); $private = $orig_post['private']; $pubmail_enabled = $orig_post['pubmail']; $network = $orig_post['network']; @@ -285,7 +285,7 @@ function item_post(App $a) { $coord = Strings::escapeTags(trim($_REQUEST['coord'] ?? '')); $verb = Strings::escapeTags(trim($_REQUEST['verb'] ?? '')); $emailcc = Strings::escapeTags(trim($_REQUEST['emailcc'] ?? '')); - $body = Strings::escapeHtml(trim($body)); + $body = trim($body); $network = Strings::escapeTags(trim(($_REQUEST['network'] ?? '') ?: Protocol::DFRN)); $guid = System::createUUID(); From 52c5b0e0f303c359c480671a84c4fc19ca190bd0 Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Thu, 2 Jan 2020 20:44:15 -0500 Subject: [PATCH 3/4] Remove unused BBCode::scaleExternalImage parameters - Remove now obsolete system.no_view_full_size config key --- mod/item.php | 2 +- src/Content/Text/BBCode.php | 25 ++++--------------------- src/Content/Text/Markdown.php | 2 +- static/defaults.config.php | 4 ---- 4 files changed, 6 insertions(+), 27 deletions(-) diff --git a/mod/item.php b/mod/item.php index 52ccdb338a..d6ce4a0944 100644 --- a/mod/item.php +++ b/mod/item.php @@ -509,7 +509,7 @@ function item_post(App $a) { // Fold multi-line [code] sequences $body = preg_replace('/\[\/code\]\s*\[code\]/ism', "\n", $body); - $body = BBCode::scaleExternalImages($body, false); + $body = BBCode::scaleExternalImages($body); // Setting the object type if not defined before if (!$objecttype) { diff --git a/src/Content/Text/BBCode.php b/src/Content/Text/BBCode.php index 4a2a75ece3..fac2b83c17 100644 --- a/src/Content/Text/BBCode.php +++ b/src/Content/Text/BBCode.php @@ -436,13 +436,8 @@ class BBCode } } - public static function scaleExternalImages($srctext, $include_link = true, $scale_replace = false) + public static function scaleExternalImages($srctext) { - // Suppress "view full size" - if (intval(Config::get('system', 'no_view_full_size'))) { - $include_link = false; - } - // Picture addresses can contain special characters $s = $srctext; @@ -457,17 +452,7 @@ class BBCode continue; } - // $scale_replace, if passed, is an array of two elements. The - // first is the name of the full-size image. The second is the - // name of a remote, scaled-down version of the full size image. - // This allows Friendica to display the smaller remote image if - // one exists, while still linking to the full-size image - if ($scale_replace) { - $scaled = str_replace($scale_replace[0], $scale_replace[1], $mtch[1]); - } else { - $scaled = $mtch[1]; - } - $i = Network::fetchUrl($scaled); + $i = Network::fetchUrl($mtch[1]); if (!$i) { return $srctext; } @@ -488,10 +473,8 @@ class BBCode Logger::log('scale_external_images: ' . $orig_width . '->' . $new_width . 'w ' . $orig_height . '->' . $new_height . 'h' . ' match: ' . $mtch[0], Logger::DEBUG); $s = str_replace( $mtch[0], - '[img=' . $new_width . 'x' . $new_height. ']' . $scaled . '[/img]' - . "\n" . (($include_link) - ? '[url=' . $mtch[1] . ']' . L10n::t('view full size') . '[/url]' . "\n" - : ''), + '[img=' . $new_width . 'x' . $new_height. ']' . $mtch[1] . '[/img]' + . "\n", $s ); Logger::log('scale_external_images: new string: ' . $s, Logger::DEBUG); diff --git a/src/Content/Text/Markdown.php b/src/Content/Text/Markdown.php index 8d363675fc..632282dff5 100644 --- a/src/Content/Text/Markdown.php +++ b/src/Content/Text/Markdown.php @@ -119,7 +119,7 @@ class Markdown $s = preg_replace('/(\[code\])+(.*?)(\[\/code\])+/ism', '[code]$2[/code]', $s); // Don't show link to full picture (until it is fixed) - $s = BBCode::scaleExternalImages($s, false); + $s = BBCode::scaleExternalImages($s); return $s; } diff --git a/static/defaults.config.php b/static/defaults.config.php index e8211d597d..dfec158cfe 100644 --- a/static/defaults.config.php +++ b/static/defaults.config.php @@ -297,10 +297,6 @@ return [ // Don't show smilies. 'no_smilies' => false, - // no_view_full_size (Boolean) - // Don't add the link "View full size" under a resized image. - 'no_view_full_size' => false, - // optimize_items (Boolean) // Triggers an SQL command to optimize the item table before expiring items. 'optimize_items' => false, From 4461c16165fd58d08d2aa430c7d7dd955bb0e7b2 Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Fri, 3 Jan 2020 09:30:35 -0500 Subject: [PATCH 4/4] Remove superfluous comment in BBCode::scaleExternalImage --- src/Content/Text/BBCode.php | 1 - 1 file changed, 1 deletion(-) diff --git a/src/Content/Text/BBCode.php b/src/Content/Text/BBCode.php index fac2b83c17..51fa08ad3d 100644 --- a/src/Content/Text/BBCode.php +++ b/src/Content/Text/BBCode.php @@ -438,7 +438,6 @@ class BBCode public static function scaleExternalImages($srctext) { - // Picture addresses can contain special characters $s = $srctext; $matches = null;