friendica
/
friendica
mirror of https://github.com/friendica/friendica
6
0
Fork 1
Code Issues Packages Projects Releases 1 Wiki Activity

Add protocol whitelist for href/src attributes 

- Add strict URL checker for src attributes
- Add protocol whitelist for href attributes
- Add error styling if URL fails to pass filter
- Add doc for new htconfig value
- Add emphasis to config key names in htconfig doc
This commit is contained in:
Hypolite Petovan 2016-12-03 14:19:57 -05:00
parent 47a370c5e3
commit 979fc6d38a
4 changed files with 88 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

123
doc/htconfig.md
View File

@ -14,78 +14,79 @@ Example: To set the directory value please add this line to your .htconfig.php:
$a->config['system']['directory'] = 'http://dir.friendi.ca'; $a->config['system']['directory'] = 'http://dir.friendi.ca';
## Jabber ## ## jabber ##
* debug (Boolean) - Enable debug level for the jabber account synchronisation. * **debug** (Boolean) - Enable debug level for the jabber account synchronisation.
* logfile - Logfile for the jabber account synchronisation. * **logfile** - Logfile for the jabber account synchronisation.
## System ## ## system ##
* birthday_input_format - Default value is "ymd". * **allowed_link_protocols** (Array) - Allowed protocols in links URLs, add at your own risk. http is always allowed.
* block_local_dir (Boolean) - Blocks the access to the directory of the local users. * **birthday_input_format** - Default value is "ymd".
* default_service_class - * **block_local_dir** (Boolean) - Blocks the access to the directory of the local users.
* delivery_batch_count - Number of deliveries per process. Default value is 1. (Disabled when using the worker) * **default_service_class** -
* diaspora_test (Boolean) - For development only. Disables the message transfer. * **delivery_batch_count** - Number of deliveries per process. Default value is 1. (Disabled when using the worker)
* directory - The path to global directory. If not set then "http://dir.friendi.ca" is used. * **diaspora_test** (Boolean) - For development only. Disables the message transfer.
* disable_email_validation (Boolean) - Disables the check if a mail address is in a valid format and can be resolved via DNS. * **directory** - The path to global directory. If not set then "http://dir.friendi.ca" is used.
* disable_url_validation (Boolean) - Disables the DNS lookup of an URL. * **disable_email_validation** (Boolean) - Disables the check if a mail address is in a valid format and can be resolved via DNS.
* event_input_format - Default value is "ymd". * **disable_url_validation** (Boolean) - Disables the DNS lookup of an URL.
* frontend_worker (Boolean) - Activates the frontend worker which acts as a replacement for running the poller via the command line. * **event_input_format** - Default value is "ymd".
* frontend_worker_timeout - Value in minutes after we think that a frontend task was killed by the webserver. Default value is 10. * **frontend_worker** (Boolean) - Activates the frontend worker which acts as a replacement for running the poller via the command line.
* ignore_cache (Boolean) - For development only. Disables the item cache. * **frontend_worker_timeout** - Value in minutes after we think that a frontend task was killed by the webserver. Default value is 10.
* like_no_comment (Boolean) - Don't update the "commented" value of an item when it is liked. * **ignore_cache** (Boolean) - For development only. Disables the item cache.
* local_block (Boolean) - Used in conjunction with "block_public". * **like_no_comment** (Boolean) - Don't update the "commented" value of an item when it is liked.
* local_search (Boolean) - Blocks the search for not logged in users to prevent crawlers from blocking your system. * **local_block** (Boolean) - Used in conjunction with "block_public".
* max_connections - The poller process isn't started when the maximum level of the possible database connections are used. When the system can't detect the maximum numbers of connection then this value can be used. * **local_search** (Boolean) - Blocks the search for not logged in users to prevent crawlers from blocking your system.
* max_connections_level - The maximum level of connections that are allowed to let the poller start. It is a percentage value. Default value is 75. * **max_connections** - The poller process isn't started when the maximum level of the possible database connections are used. When the system can't detect the maximum numbers of connection then this value can be used.
* max_contact_queue - Default value is 500. * **max_connections_level** - The maximum level of connections that are allowed to let the poller start. It is a percentage value. Default value is 75.
* max_batch_queue - Default value is 1000. * **max_contact_queue** - Default value is 500.
* max_processes_backend - Maximum number of concurrent database processes for background tasks. Default value is 5. * **max_batch_queue** - Default value is 1000.
* max_processes_frontend - Maximum number of concurrent database processes for foreground tasks. Default value is 20. * **max_processes_backend** - Maximum number of concurrent database processes for background tasks. Default value is 5.
* memcache (Boolean) - Use memcache. To use memcache the PECL extension "memcache" has to be installed and activated. * **max_processes_frontend** - Maximum number of concurrent database processes for foreground tasks. Default value is 20.
* memcache_host - Hostname of the memcache daemon. Default is '127.0.0.1'. * **memcache** (Boolean) - Use memcache. To use memcache the PECL extension "memcache" has to be installed and activated.
* memcache_port- Portnumberof the memcache daemon. Default is 11211. * **memcache_host** - Hostname of the memcache daemon. Default is '127.0.0.1'.
* no_oembed (Boolean) - Don't use OEmbed to fetch more information about a link. * **memcache_port** - Portnumberof the memcache daemon. Default is 11211.
* no_oembed_rich_content (Boolean) - Don't show the rich content (e.g. embedded PDF). * **no_oembed** (Boolean) - Don't use OEmbed to fetch more information about a link.
* no_smilies (Boolean) - Don't show smilies. * **no_oembed_rich_content** (Boolean) - Don't show the rich content (e.g. embedded PDF).
* no_view_full_size (Boolean) - Don't add the link "View full size" under a resized image. * **no_smilies** (Boolean) - Don't show smilies.
* optimize_items (Boolean) - Triggers an SQL command to optimize the item table before expiring items. * **no_view_full_size** (Boolean) - Don't add the link "View full size" under a resized image.
* ostatus_poll_timeframe - Defines how old an item can be to try to complete the conversation with it. * **optimize_items** (Boolean) - Triggers an SQL command to optimize the item table before expiring items.
* paranoia (Boolean) - Log out users if their IP address changed. * **ostatus_poll_timeframe** - Defines how old an item can be to try to complete the conversation with it.
* permit_crawling (Boolean) - Restricts the search for not logged in users to one search per minute. * **paranoia** (Boolean) - Log out users if their IP address changed.
* profiler (Boolean) - Enable internal timings to help optimize code. Needed for "rendertime" addon. Default is false. * **permit_crawling** (Boolean) - Restricts the search for not logged in users to one search per minute.
* free_crawls - Number of "free" searches when "permit_crawling" is activated (Default value is 10) * **profiler** (Boolean) - Enable internal timings to help optimize code. Needed for "rendertime" addon. Default is false.
* crawl_permit_period - Period in seconds between allowed searches when the number of free searches is reached and "permit_crawling" is activated (Default value is 60) * **free_crawls** - Number of "free" searches when "permit_crawling" is activated (Default value is 10)
* png_quality - Default value is 8. * **crawl_permit_period** - Period in seconds between allowed searches when the number of free searches is reached and "permit_crawling" is activated (Default value is 60)
* proc_windows (Boolean) - Should be enabled if Friendica is running under Windows. * **png_quality** - Default value is 8.
* proxy_cache_time - Time after which the cache is cleared. Default value is one day. * **proc_windows** (Boolean) - Should be enabled if Friendica is running under Windows.
* pushpoll_frequency - * **proxy_cache_time** - Time after which the cache is cleared. Default value is one day.
* qsearch_limit - Default value is 100. * **pushpoll_frequency** -
* relay_server - Experimental Diaspora feature. Address of the relay server where public posts should be send to. For example https://podrelay.net * **qsearch_limit** - Default value is 100.
* relay_subscribe (Boolean) - Enables the receiving of public posts from the relay. They will be included in the search and on the community page when it is set up to show all public items. * **relay_server** - Experimental Diaspora feature. Address of the relay server where public posts should be send to. For example https://podrelay.net
* relay_scope - Can be "all" or "tags". "all" means that every public post should be received. "tags" means that only posts with selected tags should be received. * **relay_subscribe** (Boolean) - Enables the receiving of public posts from the relay. They will be included in the search and on the community page when it is set up to show all public items.
* relay_server_tags - Comma separated list of tags for the "tags" subscription (see "relay_scrope") * **relay_scope** - Can be "all" or "tags". "all" means that every public post should be received. "tags" means that only posts with selected tags should be received.
* relay_user_tags (Boolean) - If enabled, the tags from the saved searches will used for the "tags" subscription in addition to the "relay_server_tags". * **relay_server_tags** - Comma separated list of tags for the "tags" subscription (see "relay_scrope")
* remove_multiplicated_lines (Boolean) - If enabled, multiple linefeeds in items are stripped to a single one. * **relay_user_tags** (Boolean) - If enabled, the tags from the saved searches will used for the "tags" subscription in addition to the "relay_server_tags".
* show_unsupported_addons (Boolean) - Show all addons including the unsupported ones. * **remove_multiplicated_lines** (Boolean) - If enabled, multiple linefeeds in items are stripped to a single one.
* show_unsupported_themes (Boolean) - Show all themes including the unsupported ones. * **show_unsupported_addons** (Boolean) - Show all addons including the unsupported ones.
* throttle_limit_day - Maximum number of posts that a user can send per day with the API. * **show_unsupported_themes** (Boolean) - Show all themes including the unsupported ones.
* throttle_limit_week - Maximum number of posts that a user can send per week with the API. * **throttle_limit_day** - Maximum number of posts that a user can send per day with the API.
* throttle_limit_month - Maximum number of posts that a user can send per month with the API. * **throttle_limit_week** - Maximum number of posts that a user can send per week with the API.
* wall-to-wall_share (Boolean) - Displays forwarded posts like "wall-to-wall" posts. * **throttle_limit_month** - Maximum number of posts that a user can send per month with the API.
* worker_cooldown - Cooldown time after each worker function call. Default value is 0 seconds. * **wall-to-wall_share** (Boolean) - Displays forwarded posts like "wall-to-wall" posts.
* xrd_timeout - Timeout for fetching the XRD links. Default value is 20 seconds. * **worker_cooldown** - Cooldown time after each worker function call. Default value is 0 seconds.
* **xrd_timeout** - Timeout for fetching the XRD links. Default value is 20 seconds.
## service_class ## ## service_class ##
* upgrade_link - * **upgrade_link** -
## experimentals ## ## experimentals ##
* exp_themes (Boolean) - Show experimental themes as well. * **exp_themes** (Boolean) - Show experimental themes as well.
## theme ## ## theme ##
* hide_eventlist (Boolean) - Don't show the birthdays and events on the profile and network page * **hide_eventlist** (Boolean) - Don't show the birthdays and events on the profile and network page
# Administrator Options # # Administrator Options #

3
htconfig.php
View File

@ -78,3 +78,6 @@ $a->config['system']['no_regfullname'] = true;
// Location of the global directory // Location of the global directory
$a->config['system']['directory'] = 'http://dir.friendi.ca'; $a->config['system']['directory'] = 'http://dir.friendi.ca';
// Allowed protocols in link URLs; HTTP protocols always are accepted
$a->config['system']['allowed_link_protocols'] = array('ftp', 'ftps', 'mailto', 'cid', 'gopher');

12
include/bbcode.php
View File

@ -1163,11 +1163,17 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true, $simplehtml = fal
// fix any escaped ampersands that may have been converted into links // fix any escaped ampersands that may have been converted into links
$Text = preg_replace('/\<([^>]*?)(src|href)=(.*?)\&amp\;(.*?)\>/ism', '<$1$2=$3&$4>', $Text); $Text = preg_replace('/\<([^>]*?)(src|href)=(.*?)\&amp\;(.*?)\>/ism', '<$1$2=$3&$4>', $Text);
// removes potentially harmful javascript in src/href // sanitizes src attributes (only relative URIs or http URLs)
$Text = preg_replace('/\<([^>]*?)(src|href)="javascript(.*?)\>/ism', '', $Text); $Text = preg_replace('#<([^>]*?)(src)="(?!/|http)(.*?)"(.*?)>#ism', '<$1$2=""$4 class="invalid-src" title="' . t('Invalid source protocol') . '">', $Text);
if($saved_image) // sanitize href attributes (only relative URIs or whitelisted protocols URLs)
$allowed_link_protocols = get_config('system', 'allowed_link_protocols');
$regex = '#<([^>]*?)(href)="(?!/|http|' . implode('|', $allowed_link_protocols) . ')(.*?)"(.*?)>#ism';
$Text = preg_replace($regex, '<$1$2="javascript:void(0)"$4 class="invalid-href" title="' . t('Invalid link protocol') . '">', $Text);
if($saved_image) {
$Text = bb_replace_images($Text, $saved_image); $Text = bb_replace_images($Text, $saved_image);
}
// Clean up the HTML by loading and saving the HTML with the DOM. // Clean up the HTML by loading and saving the HTML with the DOM.
// Bad structured html can break a whole page. // Bad structured html can break a whole page.

21
view/global.css
View File

@ -365,15 +365,15 @@ a {
color: #00a700; color: #00a700;
} }
.federation-graph { .federation-graph {
width: 400px; width: 400px;
height: 400px; height: 400px;
float: right; float: right;
margin: 20px; margin: 20px;
} }
.federation-network-graph { .federation-network-graph {
width: 240px; width: 240px;
height: 240px; height: 240px;
float: left; float: left;
margin: 20px; margin: 20px;
} }
ul.federation-stats, ul.federation-stats,
@ -429,7 +429,7 @@ td.federation-data {
} }
.p-addr { .p-addr {
clear: both; clear: both;
} }
#live-community { #live-community {
@ -481,3 +481,10 @@ td.pendingnote > p > span {
border-left: 5px solid #f00; border-left: 5px solid #f00;
font-weight: bold; font-weight: bold;
} }
/* src/href attributes filter error display */
.invalid-src { border: 1px dotted red;}
.invalid-href { border-bottom: 1px dotted red;}
.invalid-src:after,
.invalid-href:after { content: '⚠️'}
img.invalid-src:after { vertical-align: top;}