friendica
/
friendica
mirror of https://github.com/friendica/friendica.git
3
5
Fork 3
Code Issues Releases 13 Wiki Activity
Browse Source

mistpark 2.0 infrasturcture lands

pull/1/head
Mike Macgirvin 11 years ago
parent
b49858b038
commit
ffb1997902
360 changed files with 25001 additions and 457 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 80
      boot.php
  2. 54
      include/Contact.php
  3. 2
      include/auth.php
  4. 2
      include/bbcode.php
  5. 17
      include/datetime.php
  6. 50
      include/html2bbcode.php
  7. 160
      include/items.php
  8. 21
      include/notifier.php
  9. 17
      include/poller.php
  10. 24
      index.php
  11. 11
      library/HTMLPurifier.auto.php
  12. 21
      library/HTMLPurifier.autoload.php
  13. 23
      library/HTMLPurifier.func.php
  14. 210
      library/HTMLPurifier.includes.php
  15. 30
      library/HTMLPurifier.kses.php
  16. 11
      library/HTMLPurifier.path.php
  17. 237
      library/HTMLPurifier.php
  18. 204
      library/HTMLPurifier.safe-includes.php
  19. 128
      library/HTMLPurifier/AttrCollections.php
  20. 123
      library/HTMLPurifier/AttrDef.php
  21. 87
      library/HTMLPurifier/AttrDef/CSS.php
  22. 21
      library/HTMLPurifier/AttrDef/CSS/AlphaValue.php
  23. 87
      library/HTMLPurifier/AttrDef/CSS/Background.php
  24. 133
      library/HTMLPurifier/AttrDef/CSS/BackgroundPosition.php
  25. 43
      library/HTMLPurifier/AttrDef/CSS/Border.php
  26. 78
      library/HTMLPurifier/AttrDef/CSS/Color.php
  27. 38
      library/HTMLPurifier/AttrDef/CSS/Composite.php
  28. 28
      library/HTMLPurifier/AttrDef/CSS/DenyElementDecorator.php
  29. 54
      library/HTMLPurifier/AttrDef/CSS/Filter.php
  30. 149
      library/HTMLPurifier/AttrDef/CSS/Font.php
  31. 72
      library/HTMLPurifier/AttrDef/CSS/FontFamily.php
  32. 40
      library/HTMLPurifier/AttrDef/CSS/ImportantDecorator.php
  33. 47
      library/HTMLPurifier/AttrDef/CSS/Length.php
  34. 78
      library/HTMLPurifier/AttrDef/CSS/ListStyle.php
  35. 58
      library/HTMLPurifier/AttrDef/CSS/Multiple.php
  36. 69
      library/HTMLPurifier/AttrDef/CSS/Number.php
  37. 40
      library/HTMLPurifier/AttrDef/CSS/Percentage.php
  38. 38
      library/HTMLPurifier/AttrDef/CSS/TextDecoration.php
  39. 52
      library/HTMLPurifier/AttrDef/CSS/URI.php
  40. 65
      library/HTMLPurifier/AttrDef/Enum.php
  41. 28
      library/HTMLPurifier/AttrDef/HTML/Bool.php
  42. 34
      library/HTMLPurifier/AttrDef/HTML/Class.php
  43. 32
      library/HTMLPurifier/AttrDef/HTML/Color.php
  44. 21
      library/HTMLPurifier/AttrDef/HTML/FrameTarget.php
  45. 70
      library/HTMLPurifier/AttrDef/HTML/ID.php
  46. 41
      library/HTMLPurifier/AttrDef/HTML/Length.php
  47. 53
      library/HTMLPurifier/AttrDef/HTML/LinkTypes.php
  48. 41
      library/HTMLPurifier/AttrDef/HTML/MultiLength.php
  49. 52
      library/HTMLPurifier/AttrDef/HTML/Nmtokens.php
  50. 48
      library/HTMLPurifier/AttrDef/HTML/Pixels.php
  51. 73
      library/HTMLPurifier/AttrDef/Integer.php
  52. 73
      library/HTMLPurifier/AttrDef/Lang.php
  53. 34
      library/HTMLPurifier/AttrDef/Switch.php
  54. 15
      library/HTMLPurifier/AttrDef/Text.php
  55. 77
      library/HTMLPurifier/AttrDef/URI.php
  56. 17
      library/HTMLPurifier/AttrDef/URI/Email.php
  57. 21
      library/HTMLPurifier/AttrDef/URI/Email/SimpleCheck.php
  58. 62
      library/HTMLPurifier/AttrDef/URI/Host.php
  59. 39
      library/HTMLPurifier/AttrDef/URI/IPv4.php
  60. 99
      library/HTMLPurifier/AttrDef/URI/IPv6.php
  61. 56
      library/HTMLPurifier/AttrTransform.php
  62. 23
      library/HTMLPurifier/AttrTransform/Background.php
  63. 19
      library/HTMLPurifier/AttrTransform/BdoDir.php
  64. 23
      library/HTMLPurifier/AttrTransform/BgColor.php
  65. 36
      library/HTMLPurifier/AttrTransform/BoolToCSS.php
  66. 18
      library/HTMLPurifier/AttrTransform/Border.php
  67. 58
      library/HTMLPurifier/AttrTransform/EnumToCSS.php
  68. 43
      library/HTMLPurifier/AttrTransform/ImgRequired.php
  69. 44
      library/HTMLPurifier/AttrTransform/ImgSpace.php
  70. 40
      library/HTMLPurifier/AttrTransform/Input.php
  71. 28
      library/HTMLPurifier/AttrTransform/Lang.php
  72. 27
      library/HTMLPurifier/AttrTransform/Length.php
  73. 21
      library/HTMLPurifier/AttrTransform/Name.php
  74. 27
      library/HTMLPurifier/AttrTransform/NameSync.php
  75. 15
      library/HTMLPurifier/AttrTransform/SafeEmbed.php
  76. 16
      library/HTMLPurifier/AttrTransform/SafeObject.php
  77. 56
      library/HTMLPurifier/AttrTransform/SafeParam.php
  78. 16
      library/HTMLPurifier/AttrTransform/ScriptRequired.php
  79. 18
      library/HTMLPurifier/AttrTransform/Textarea.php
  80. 77
      library/HTMLPurifier/AttrTypes.php
  81. 162
      library/HTMLPurifier/AttrValidator.php
  82. 98
      library/HTMLPurifier/Bootstrap.php
  83. 292
      library/HTMLPurifier/CSSDefinition.php
  84. 48
      library/HTMLPurifier/ChildDef.php
  85. 48
      library/HTMLPurifier/ChildDef/Chameleon.php
  86. 90
      library/HTMLPurifier/ChildDef/Custom.php
  87. 20
      library/HTMLPurifier/ChildDef/Empty.php
  88. 26
      library/HTMLPurifier/ChildDef/Optional.php
  89. 117
      library/HTMLPurifier/ChildDef/Required.php
  90. 88
      library/HTMLPurifier/ChildDef/StrictBlockquote.php
  91. 142
      library/HTMLPurifier/ChildDef/Table.php
  92. 580
      library/HTMLPurifier/Config.php
  93. 158
      library/HTMLPurifier/ConfigSchema.php
  94. 44
      library/HTMLPurifier/ConfigSchema/Builder/ConfigSchema.php
  95. 106
      library/HTMLPurifier/ConfigSchema/Builder/Xml.php
  96. 11
      library/HTMLPurifier/ConfigSchema/Exception.php
  97. 42
      library/HTMLPurifier/ConfigSchema/Interchange.php
  98. 77
      library/HTMLPurifier/ConfigSchema/Interchange/Directive.php
  99. 37
      library/HTMLPurifier/ConfigSchema/Interchange/Id.php
  100. 180
      library/HTMLPurifier/ConfigSchema/InterchangeBuilder.php

80
boot.php
View File

@ -21,8 +21,25 @@ define ( 'NOTIFY_WALL', 0x0004 );
define ( 'NOTIFY_COMMENT', 0x0008 );
define ( 'NOTIFY_MAIL', 0x0010 );
define ( 'NAMESPACE_DFRN' , 'http://purl.org/macgirvin/dfrn/1.0' );
define ( 'NAMESPACE_ACTIVITY', 'http://activitystrea.ms/schema/1.0/' );
define ( 'NAMESPACE_DFRN' , 'http://purl.org/macgirvin/dfrn/1.0' );
define ( 'NAMESPACE_ACTIVITY', 'http://activitystrea.ms/spec/1.0/' );
define ( 'NAMESPACE_ACTIVITY_SCHEMA', 'http://activitystrea.ms/schema/1.0/');
define ( 'ACTIVITY_LIKE', NAMESPACE_ACTIVITY_SCHEMA . 'like' );
define ( 'ACTIVITY_FRIEND', NAMESPACE_ACTIVITY_SCHEMA . 'make-friend' );
define ( 'ACTIVITY_POST', NAMESPACE_ACTIVITY_SCHEMA . 'post' );
define ( 'ACTIVITY_UPDATE', NAMESPACE_ACTIVITY_SCHEMA . 'update' );
define ( 'ACTIVITY_OBJ_COMMENT', NAMESPACE_ACTIVITY_SCHEMA . 'comment' );
define ( 'ACTIVITY_OBJ_NOTE', NAMESPACE_ACTIVITY_SCHEMA . 'note' );
define ( 'ACTIVITY_OBJ_PERSON', NAMESPACE_ACTIVITY_SCHEMA . 'person' );
define ( 'ACTIVITY_OBJ_PHOTO', NAMESPACE_ACTIVITY_SCHEMA . 'photo' );
define ( 'ACTIVITY_OBJ_P_PHOTO', NAMESPACE_ACTIVITY_SCHEMA . 'profile-photo' );
define ( 'ACTIVITY_OBJ_ALBUM', NAMESPACE_ACTIVITY_SCHEMA . 'photo-album' );
define ( 'ACTIVITY_OBJ_HEART', NAMESPACE_DFRN . '/heart' );
if(! class_exists('App')) {
class App {
@ -582,8 +599,11 @@ function get_config($family, $key, $instore = false) {
global $a;
if(! $instore) {
if(isset($a->config[$family][$key]))
if(isset($a->config[$family][$key])) {
if($a->config[$family][$key] == '!<unset>!')
return false;
return $a->config[$family][$key];
}
}
$ret = q("SELECT `v` FROM `config` WHERE `cat` = '%s' AND `k` = '%s' LIMIT 1",
dbesc($family),
@ -593,6 +613,9 @@ function get_config($family, $key, $instore = false) {
$a->config[$family][$key] = $ret[0]['v'];
return $ret[0]['v'];
}
else {
$a->config[$family][$key] = '!<unset>!';
}
return false;
}}
@ -667,8 +690,9 @@ function convert_xml_element_to_array($xml_element, &$recursion_depth=0) {
if(! function_exists('webfinger')) {
function webfinger($s) {
if(! strstr($s,'@'))
if(! strstr($s,'@')) {
return $s;
}
$host = substr($s,strpos($s,'@') + 1);
$url = 'http://' . $host . '/.well-known/host-meta' ;
$xml = fetch_url($url);
@ -714,3 +738,51 @@ function webfinger($s) {
return $link['@attributes']['href'];
return '';
}}
if(! function_exists('perms2str')) {
function perms2str($p) {
$ret = '';
$tmp = $p;
if(is_array($tmp)) {
array_walk($tmp,'sanitise_acl');
$ret = implode('',$tmp);
}
return $ret;
}}
if(! function_exists('item_new_uri')) {
function item_new_uri($hostname,$uid) {
do {
$dups = false;
$hash = random_string();
$uri = "urn:X-dfrn:" . $hostname . ':' . $uid . ':' . $hash;
$r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' LIMIT 1",
dbesc($uri));
if(count($r))
$dups = true;
} while($dups == true);
return $uri;
}}
if(! function_exists('get_uid')) {
function get_uid() {
return ((x($_SESSION,'uid')) ? intval($_SESSION['uid']) : 0) ;
}}
if(! function_exists('validate_url')) {
function validate_url($url) {
if(substr($url,0,4) != 'http')
$url = 'http://' . $url;
$h = parse_url($url);
if(! $h)
return false;
if(! checkdnsrr($h['host'], 'ANY'))
return false;
return true;
}}

54
include/Contact.php
View File

@ -0,0 +1,54 @@
<?php
function contact_remove($id) {
q("DELETE FROM `contact` WHERE `id` = %d LIMIT 1",
intval($id)
);
q("DELETE FROM `item` WHERE `contact-id` = %d ",
intval($id)
);
q("DELETE FROM `photo` WHERE `contact-id` = %d ",
intval($id)
);
}
// Contact has refused to recognise us as a friend. We will start a countdown.
// If they still don't recognise us in 32 days, the relationship is over,
// and we won't waste any more time trying to communicate with them.
// This provides for the possibility that their database is temporarily messed
// up or some other transient event and that there's a possibility we could recover from it.
if(! function_exists('mark_for_death')) {
function mark_for_death($contact) {
if($contact['term-date'] == '0000-00-00 00:00:00') {
q("UPDATE `contact` SET `term-date` = '%s' WHERE `id` = %d LIMIT 1",
dbesc(datetime_convert()),
intval($contact['id'])
);
}
else {
$expiry = $contact['term-date'] . ' + 32 days ';
if(datetime_convert() > datetime_convert('UTC','UTC',$expiry)) {
// relationship is really truly dead.
contact_remove($contact['id']);
}
}
}}
if(! function_exists('unmark_for_death')) {
function unmark_for_death($contact) {
// It's a miracle. Our dead contact has inexplicably come back to life.
q("UPDATE `contact` SET `term-date = '%s' WHERE `id` = %d LIMIT 1",
dbesc('0000-00-00 00:00:00'),
intval($contact['id'])
);
}}

2
include/auth.php
View File

@ -7,7 +7,6 @@ if((x($_SESSION,'authenticated')) && (! ($_POST['auth-params'] == 'login'))) {
unset($_SESSION['authenticated']);
unset($_SESSION['uid']);
unset($_SESSION['visitor_id']);
unset($_SESSION['is_visitor']);
unset($_SESSION['administrator']);
unset($_SESSION['cid']);
unset($_SESSION['theme']);
@ -41,7 +40,6 @@ else {
unset($_SESSION['authenticated']);
unset($_SESSION['uid']);
unset($_SESSION['visitor_id']);
unset($_SESSION['is_visitor']);
unset($_SESSION['administrator']);
unset($_SESSION['cid']);
$encrypted = hash('whirlpool',trim($_POST['password']));

2
include/bbcode.php
View File

@ -76,7 +76,7 @@ function bbcode($Text) {
// Youtube extensions
$Text = preg_replace("/\[youtube\]http:\/\/www.youtube.com\/watch\?v\=(.+?)\[\/youtube\]/",'[youtube]$1[/youtube]',$Text);
$Text = preg_replace("/\[youtube\](.+?)\[\/youtube\]/", '<object width="425" height="350"><param name="movie" value="http://www.youtube.com/v/$1"></param><embed src="http://www.youtube.com/v/$1" type="application/x-shockwave-flash" width="425" height="350"></embed></object>', $Text);
$Text = preg_replace("/\[youtube\](.+?)\[\/youtube\]/", '<object width="425" height="350"><param name="movie" value="http://www.youtube.com/v/$1"></param><!--[if IE]><embed src="http://www.youtube.com/v/$1" type="application/x-shockwave-flash" width="425" height="350" /><![endif]--></object>', $Text);
return $Text;
}

17
include/datetime.php
View File

@ -55,9 +55,20 @@ function select_timezone($current = 'America/Los_Angeles') {
if(! function_exists('datetime_convert')) {
function datetime_convert($from = 'UTC', $to = 'UTC', $s = 'now', $fmt = "Y-m-d H:i:s") {
$d = new DateTime($s, new DateTimeZone($from));
$d->setTimeZone(new DateTimeZone($to));
return($d->format($fmt));
// Slight hackish adjustment so that 'zero' datetime actually returns what is intended
// otherwise we end up with -0001-11-30 ...
// add 32 days so that we at least get year 00, and then hack around the fact that
// months and days always start with 1.
if(substr($s,0,10) == '0000-00-00') {
$d = new DateTime($s . ' + 32 days', new DateTimeZone('UTC'));
return str_replace('1','0',$d->format($fmt));
}
$d = new DateTime($s, new DateTimeZone($from));
$d->setTimeZone(new DateTimeZone($to));
return($d->format($fmt));
}}
function dob($dob) {

50
include/html2bbcode.php
View File

@ -0,0 +1,50 @@
<?php
function html2bbcode($s) {
// Tags to Find
$htmltags = array(
'/\<b\>(.*?)\<\/b\>/is',
'/\<i\>(.*?)\<\/i\>/is',
'/\<u\>(.*?)\<\/u\>/is',
'/\<ul\>(.*?)\<\/ul\>/is',
'/\<li\>(.*?)\<\/li\>/is',
'/\<img(.*?) src=\"(.*?)\" (.*?)\>/is',
'/\<div(.*?)\>(.*?)\<\/div\>/is',
'/\<br(.*?)\>/is',
'/\<strong\>(.*?)\<\/strong\>/is',
'/\<a href=\"(.*?)\"(.*?)\>(.*?)\<\/a\>/is',
'/\<code\>(.*?)\<\/code\>/is',
'/\<font color=(.*?)\>(.*?)\<\/font\>',
'/\<font color=\"(.*?)\"\>(.*?)\<\/font\>',
'/\<blockquote\>(.*?)\<\/blockquote\>/is',
);
// Replace with
$bbtags = array(
'[b]$1[/b]',
'[i]$1[/i]',
'[u]$1[/u]',
'[list]$1[/list]',
'[*]$1',
'[img]$2[/img]',
'$2',
'\n',
'[b]$1[/b]',
'[url=$1]$3[/url]',
'[code]$1[/code],
'[color="$1"]$2[/color]',
'[color="$1"]$2[/color]',
'[quote]$1[/quote]',
);
// Replace $htmltags in $text with $bbtags
$text = preg_replace ($htmltags, $bbtags, $s);
// Strip all other HTML tags
$text = strip_tags($text);
return $text;
}

160
include/items.php
View File

@ -1,18 +1,27 @@
<?php
function get_feed_for(&$a,$dfrn_id,$owner_id,$last_update) {
function get_feed_for(&$a, $dfrn_id, $owner_id, $last_update) {
require_once('bbcode.php');
// default permissions - anonymous user
$sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' ";
$sql_extra = "
AND `allow_cid` = ''
AND `allow_gid` = ''
AND `deny_cid` = ''
AND `deny_gid` = ''
";
if(strlen($owner_id) && ! intval($owner_id)) {
$r = q("SELECT `uid` FROM `user` WHERE `nickname` = '%s' LIMIT 1",
$r = q("SELECT `uid`, `nickname` FROM `user` WHERE `nickname` = '%s' LIMIT 1",
dbesc($owner_id)
);
if(count($r))
if(count($r)) {
$owner_id = $r[0]['uid'];
$owner_nick = $r[0]['nickname'];
}
}
$r = q("SELECT * FROM `contact` WHERE `self` = 1 AND `uid` = %d LIMIT 1",
@ -42,12 +51,12 @@ function get_feed_for(&$a,$dfrn_id,$owner_id,$last_update) {
else
$gs = '<<>>' ; // Impossible to match
$sql_extra = sprintf(
" AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' )
AND ( `deny_cid` = '' OR NOT `deny_cid` REGEXP '<%d>' )
AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' )
AND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s') ",
$sql_extra = sprintf("
AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' )
AND ( `deny_cid` = '' OR NOT `deny_cid` REGEXP '<%d>' )
AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' )
AND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s')
",
intval($contact['id']),
intval($contact['id']),
dbesc($gs),
@ -88,7 +97,7 @@ function get_feed_for(&$a,$dfrn_id,$owner_id,$last_update) {
$atom .= replace_macros($feed_template, array(
'$feed_id' => xmlify($a->get_baseurl()),
'$feed_id' => xmlify($a->get_baseurl() . '/profile/' . $owner_nick),
'$feed_title' => xmlify($owner['name']),
'$feed_updated' => xmlify(datetime_convert('UTC', 'UTC', $updated . '+00:00' , 'Y-m-d\TH:i:s\Z')) ,
'$name' => xmlify($owner['name']),
@ -96,12 +105,24 @@ function get_feed_for(&$a,$dfrn_id,$owner_id,$last_update) {
'$photo' => xmlify($owner['photo']),
'$thumb' => xmlify($owner['thumb']),
'$picdate' => xmlify(datetime_convert('UTC','UTC',$owner['avatar-date'] . '+00:00' , 'Y-m-d\TH:i:s\Z')) ,
'$uridate' => xmlify(datetime_convert('UTC','UTC',$owner['uri-date'] . '+00:00' , 'Y-m-d\TH:i:s\Z')) ,
'$namdate' => xmlify(datetime_convert('UTC','UTC',$owner['name-date'] . '+00:00' , 'Y-m-d\TH:i:s\Z'))
'$uridate' => xmlify(datetime_convert('UTC','UTC',$owner['uri-date'] . '+00:00' , 'Y-m-d\TH:i:s\Z')) ,
'$namdate' => xmlify(datetime_convert('UTC','UTC',$owner['name-date'] . '+00:00' , 'Y-m-d\TH:i:s\Z'))
));
foreach($items as $item) {
// public feeds get html, our own nodes use bbcode
if($dfrn_id == '*') {
$item['body'] = bbcode($item['body']);
$type = 'html';
}
else {
$type = 'text';
}
if($item['deleted']) {
$atom .= replace_macros($tomb_template, array(
'$id' => xmlify($item['uri']),
@ -109,6 +130,9 @@ function get_feed_for(&$a,$dfrn_id,$owner_id,$last_update) {
));
}
else {
$verb = construct_verb($item);
$actobj = construct_activity($item);
if($item['parent'] == $item['id']) {
$atom .= replace_macros($item_template, array(
'$name' => xmlify($item['name']),
@ -122,7 +146,10 @@ function get_feed_for(&$a,$dfrn_id,$owner_id,$last_update) {
'$published' => xmlify(datetime_convert('UTC', 'UTC', $item['created'] . '+00:00' , 'Y-m-d\TH:i:s\Z')),
'$updated' => xmlify(datetime_convert('UTC', 'UTC', $item['edited'] . '+00:00' , 'Y-m-d\TH:i:s\Z')),
'$location' => xmlify($item['location']),
'$type' => $type,
'$content' => xmlify($item['body']),
'$verb' => xmlify($verb),
'$actobj' => $actobj, // do not xmlify
'$comment_allow' => (($item['last-child'] && strlen($contact['dfrn-id'])) ? 1 : 0)
));
}
@ -135,7 +162,10 @@ function get_feed_for(&$a,$dfrn_id,$owner_id,$last_update) {
'$title' => xmlify($item['title']),
'$published' => xmlify(datetime_convert('UTC', 'UTC', $item['created'] . '+00:00' , 'Y-m-d\TH:i:s\Z')),
'$updated' => xmlify(datetime_convert('UTC', 'UTC', $item['edited'] . '+00:00' , 'Y-m-d\TH:i:s\Z')),
'$type' => $type,
'$content' =>xmlify($item['body']),
'$verb' => xmlify($verb),
'$actobj' => $actobj, // do not xmlify
'$parent_id' => xmlify($item['parent-uri']),
'$comment_allow' => (($item['last-child']) ? 1 : 0)
));
@ -145,6 +175,22 @@ function get_feed_for(&$a,$dfrn_id,$owner_id,$last_update) {
$atom .= '</feed>' . "\r\n";
return $atom;
}
function construct_verb($item) {
if($item['verb'])
return $item['verb'];
return ACTIVITY_POST;
}
function construct_activity($item) {
if($item['type'] == 'activity') {
}
return '';
}
@ -152,12 +198,22 @@ function get_feed_for(&$a,$dfrn_id,$owner_id,$last_update) {
function get_atom_elements($item) {
require_once('library/HTMLPurifier.auto.php');
require_once('include/html2bbcode.php');
$res = array();
$raw_author = $item->get_item_tags(SIMPLEPIE_NAMESPACE_ATOM_10,'author');
if($raw_author) {
if($raw_author[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['link'][0]['attribs']['']['rel'] == 'photo')
$res['author-avatar'] = unxmlify($raw_author[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['link'][0]['attribs']['']['href']);
}
$author = $item->get_author();
$res['author-name'] = unxmlify($author->get_name());
$res['author-link'] = unxmlify($author->get_link());
$res['author-avatar'] = unxmlify($author->get_avatar());
if(! $res['author-avatar'])
$res['author-avatar'] = unxmlify($author->get_avatar());
$res['uri'] = unxmlify($item->get_id());
$res['title'] = unxmlify($item->get_title());
$res['body'] = unxmlify($item->get_content());
@ -166,6 +222,36 @@ function get_atom_elements($item) {
if($maxlen && (strlen($res['body']) > $maxlen))
$res['body'] = substr($res['body'],0, $maxlen);
// It isn't certain at this point whether our content is plaintext or html and we'd be foolish to trust
// the content type. Our own network only emits text normally, though it might have been converted to
// html if we used a pubsubhubbub transport. But if we see even one html open tag in our text, we will
// have to assume it is all html and needs to be purified.
// It doesn't matter all that much security wise - because before this content is used anywhere, we are
// going to escape any tags we find regardless, but this lets us import a limited subset of html from
// the wild, by sanitising it and converting supported tags to bbcode before we rip out any remaining
// html.
if(strpos($res['body'],'<')) {
$res['body'] = preg_replace('#<object[^>]+>.+?' . 'http://www.youtube.com/((?:v|cp)/[A-Za-z0-9\-_=]+).+?</object>#s',
'[youtube]$1[/youtube]', $res['body']);
$config = HTMLPurifier_Config::createDefault();
$config->set('Core.DefinitionCache', null);
// we shouldn't need a whitelist, because the bbcode converter
// will strip out any unsupported tags.
// $config->set('HTML.Allowed', 'p,b,a[href],i');
$purifier = new HTMLPurifier($config);
$res['body'] = $purifier->purify($res['body']);
}
$res['body'] = html2bbcode($res['body']);
$allow = $item->get_item_tags(NAMESPACE_DFRN,'comment-allow');
if($allow && $allow[0]['data'] == 1)
$res['last-child'] = 1;
@ -186,18 +272,37 @@ function get_atom_elements($item) {
$res['edited'] = unxmlify($rawcreated[0]['data']);
$rawowner = $item->get_item_tags(NAMESPACE_DFRN, 'owner');
if($rawowner[0]['child'][NAMESPACE_DFRN]['name'][0]['data'])
if($rawowner[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['name'][0]['data'])
$res['owner-name'] = unxmlify($rawowner[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['name'][0]['data']);
elseif($rawowner[0]['child'][NAMESPACE_DFRN]['name'][0]['data'])
$res['owner-name'] = unxmlify($rawowner[0]['child'][NAMESPACE_DFRN]['name'][0]['data']);
if($rawowner[0]['child'][NAMESPACE_DFRN]['uri'][0]['data'])
if($rawowner[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['uri'][0]['data'])
$res['owner-link'] = unxmlify($rawowner[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['uri'][0]['data']);
elseif($rawowner[0]['child'][NAMESPACE_DFRN]['uri'][0]['data'])
$res['owner-link'] = unxmlify($rawowner[0]['child'][NAMESPACE_DFRN]['uri'][0]['data']);
if($rawowner[0]['child'][NAMESPACE_DFRN]['avatar'][0]['data'])
if($rawowner[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['link'][0]['attribs']['']['rel'] == 'photo')
$res['owner-avatar'] = unxmlify($rawowner[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['link'][0]['attribs']['']['href']);
elseif($rawowner[0]['child'][NAMESPACE_DFRN]['avatar'][0]['data'])
$res['owner-avatar'] = unxmlify($rawowner[0]['child'][NAMESPACE_DFRN]['avatar'][0]['data']);
$rawverb = $item->get_item_tags(NAMESPACE_ACTIVITY, 'verb');
// select between supported verbs
if($rawverb)
$res['verb'] = unxmlify($rawverb[0]['data']);
$rawobj = $item->get_item_tags(NAMESPACE_ACTIVITY, 'object');
if($rawobj) {
$res['object-type'] = $rawobj[0]['object-type'][0]['data'];
$res['object'] = $rawobj[0];
}
return $res;
}
function post_remote($a,$arr) {
//print_r($arr);
if(! x($arr,'type'))
$arr['type'] = 'remote';
@ -218,8 +323,12 @@ function post_remote($a,$arr) {
$arr['visible'] = 1;
$arr['deleted'] = 0;
$arr['parent-uri'] = notags(trim($arr['parent-uri']));
$arr['verb'] = notags(trim($arr['verb']));
$arr['object-type'] = notags(trim($arr['object-type']));
$arr['object'] = trim($arr['object']);
$parent_id = 0;
$parent_missing = false;
dbesc_array($arr);
@ -237,15 +346,28 @@ function post_remote($a,$arr) {
if(count($r))
$parent_id = $r[0]['id'];
else {
// if parent is missing, what do we do?
$parent_missing = true;
}
$r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1",
$arr['uri'],
$arr['uri'], // already dbesc'd
intval($arr['uid'])
);
if(count($r))
$current_post = $r[0]['id'];
else
return 0;
if($parent_missing) {
// perhaps the parent was deleted, but in any case, this thread is dead
// and unfortunately our brand new item now has to be destroyed
q("DELETE FROM `item` WHERE `id` = %d LIMIT 1",
intval($current_post)
);
return 0;
}
$r = q("UPDATE `item` SET `parent` = %d WHERE `id` = %d LIMIT 1",
intval($parent_id),

21
include/notifier.php
View File

@ -1,6 +1,6 @@
<?php
$debugging = false;
$debugging = true;
require_once("boot.php");
@ -19,9 +19,6 @@
$a->set_baseurl(get_config('system','url'));
$baseurl = $argv[1];
$a->set_baseurl($argv[1]);
$cmd = $argv[1];
switch($cmd) {
@ -266,10 +263,10 @@
if($rr['self'])
continue;
if((! strlen($rr['dfrn-id'])) || ($rr['duplex'] && ! strlen($rr['issued-id'])))
if((! strlen($rr['dfrn-id'])) && (! $rr['duplex']))
continue;
$idtosend = (($rr['duplex']) ? $rr['issued-id'] : $rr['dfrn-id']);
$idtosend = (($rr['dfrn-id']) ? $rr['dfrn-id'] : $rr['issued-id']);
$url = $rr['notify'] . '?dfrn_id=' . $idtosend;
@ -291,7 +288,7 @@
$challenge = hex2bin($res->challenge);
$final_dfrn_id = '';
if($rr['duplex']) {
if($rr['duplex'] && strlen($rr['prvkey'])) {
openssl_private_decrypt($sent_dfrn_id,$final_dfrn_id,$rr['prvkey']);
openssl_private_decrypt($challenge,$postvars['challenge'],$rr['prvkey']);
}
@ -301,18 +298,14 @@
}
$final_dfrn_id = substr($final_dfrn_id, 0, strpos($final_dfrn_id, '.'));
if(($final_dfrn_id != $rr['dfrn-id']) || (($rr['duplex']) && ($final_dfrn_id != $rr['issued-id']))) {
if($final_dfrn_id != $idtosend) {
// did not decode properly - cannot trust this site
continue;
}
$postvars['dfrn_id'] = (($duplex) ? $rr['issued-id'] : $rr['dfrn-id']);
$postvars['dfrn_id'] = $idtosend;
if($cmd == 'mail') {
$postvars['data'] = $atom;
}
elseif(((strlen($rr['dfrn-id'])) || (($rr['duplex']) && (strlen($rr['issued-id']))))
&& (! ($rr['blocked']) || ($rr['readonly']))) {
if((($rr['rel'] == DIRECTION_OUT) || ($rr['rel'] == DIRECTION_BOTH)) && (! $rr['blocked']) && (! $rr['readonly'])) {
$postvars['data'] = $atom;
}
else {

17
include/poller.php
View File

@ -15,6 +15,8 @@
require_once('simplepie/simplepie.inc');
require_once('include/items.php');
require_once('include/Contact.php');
$a->set_baseurl(get_config('system','url'));
$contacts = q("SELECT * FROM `contact`
@ -73,7 +75,7 @@
? datetime_convert('UTC','UTC','now - 30 days','Y-m-d\TH:i:s\Z')
: datetime_convert('UTC','UTC',$contact['last-update'],'Y-m-d\TH:i:s\Z'));
$idtosend = (($contact['duplex']) ? $contact['issued-id'] : $contact['dfrn-id']);
$idtosend = (($contact['dfrn-id']) ? $contact['dfrn-id'] : $contact['issued-id']);
$url = $contact['poll'] . '?dfrn_id=' . $idtosend . '&type=data&last_update=' . $last_update ;
@ -87,9 +89,15 @@ echo "XML: " . $xml;
$res = simplexml_load_string($xml);
if(intval($res->status) == 1)
mark_for_death($contact);
if((intval($res->status) != 0) || (! strlen($res->challenge)) || (! strlen($res->dfrn_id)))
continue;
if($contact['term-date'] != '0000-00-00 00:00:00')
unmark_for_death($contact);
$postvars = array();
$sent_dfrn_id = hex2bin($res->dfrn_id);
@ -97,7 +105,7 @@ echo "XML: " . $xml;
$final_dfrn_id = '';
if($contact['duplex']) {
if(($contact['duplex']) && strlen($contact['prvkey'])) {
openssl_private_decrypt($sent_dfrn_id,$final_dfrn_id,$contact['prvkey']);
openssl_private_decrypt($challenge,$postvars['challenge'],$contact['prvkey']);
@ -108,13 +116,12 @@ echo "XML: " . $xml;
}
$final_dfrn_id = substr($final_dfrn_id, 0, strpos($final_dfrn_id, '.'));
if(($final_dfrn_id != $contact['dfrn-id'])
|| (($contact['duplex']) && ($final_dfrn_id != $contact['issued-id']))) {
if($final_dfrn_id != $idtosend)
// did not decode properly - cannot trust this site
continue;
}
$postvars['dfrn_id'] = (($contact['duplex']) ? $contact['issued-id'] : $contact['dfrn-id']);
$postvars['dfrn_id'] = $idtosend;
$xml = post_url($contact['poll'],$postvars);

24
index.php
View File

@ -42,23 +42,10 @@ if(strlen($a->module)) {
}
else {
header($_SERVER["SERVER_PROTOCOL"] . ' 404 ' . t('Not Found'));
notice( t('Page not found' ) . EOL);
notice( t('Page not found.' ) . EOL);
}
}
// invoke module functions
// Important: Modules normally do not emit content, unless you need it for debugging.
// The module_init, module_post, and module_afterpost functions process URL parameters and POST processing.
// The module_content function returns content text to this file where it is included on the page.
// Modules emitting XML/Atom, etc. should do so idirectly and promptly exit before the HTML page can be rendered.
// "Most" HTML resides in the view directory as text templates with macro substitution.
// They look like HTML with PHP variables but only a couple pass through the PHP processor - those with .php extensions.
// The macro substitution is defined per page for the .tpl files.
// Information transfer between functions can be accomplished via the App session '$a' and its related variables.
// x() queries both a variable's existence and that it is "non-zero" or "non-empty" depending on how it is called.
// q() is the SQL query form. All string (%s) variables MUST be passed through dbesc().
// All int values MUST be cast to integer using intval();
if($a->module_loaded) {
$a->page['page_title'] = $a->module;
if(function_exists($a->module . '_init')) {
@ -85,6 +72,10 @@ if($a->module_loaded) {
}
if(stristr($_SESSION['sysmsg'], t('Permission denied'))) {
header($_SERVER["SERVER_PROTOCOL"] . ' 403 ' . t('Permission denied.'));
}
// report anything important happening
if(x($_SESSION,'sysmsg')) {
@ -93,11 +84,6 @@ if(x($_SESSION,'sysmsg')) {
unset($_SESSION['sysmsg']);
}
if(stristr($_SESSION['sysmsg'], t('Permission denied'))) {
header($_SERVER["SERVER_PROTOCOL"] . ' 403 ' . t('Permission denied.'));
}
// Feel free to comment out this line on production sites.
$a->page['content'] .= $debug_text;

11
library/HTMLPurifier.auto.php
View File

@ -0,0 +1,11 @@
<?php
/**
* This is a stub include that automatically configures the include path.
*/
set_include_path(dirname(__FILE__) . PATH_SEPARATOR . get_include_path() );
require_once 'HTMLPurifier/Bootstrap.php';
require_once 'HTMLPurifier.autoload.php';
// vim: et sw=4 sts=4

21
library/HTMLPurifier.autoload.php
View File

@ -0,0 +1,21 @@
<?php
/**
* @file
* Convenience file that registers autoload handler for HTML Purifier.
*/
if (function_exists('spl_autoload_register') && function_exists('spl_autoload_unregister')) {
// We need unregister for our pre-registering functionality
HTMLPurifier_Bootstrap::registerAutoload();
if (function_exists('__autoload')) {
// Be polite and ensure that userland autoload gets retained
spl_autoload_register('__autoload');
}
} elseif (!function_exists('__autoload')) {
function __autoload($class) {
return HTMLPurifier_Bootstrap::autoload($class);
}
}
// vim: et sw=4 sts=4

23
library/HTMLPurifier.func.php
View File

@ -0,0 +1,23 @@
<?php
/**
* @file
* Defines a function wrapper for HTML Purifier for quick use.
* @note ''HTMLPurifier()'' is NOT the same as ''new HTMLPurifier()''
*/
/**
* Purify HTML.
* @param $html String HTML to purify
* @param $config Configuration to use, can be any value accepted by
* HTMLPurifier_Config::create()
*/
function HTMLPurifier($html, $config = null) {
static $purifier = false;
if (!$purifier) {
$purifier = new HTMLPurifier();
}
return $purifier->purify($html, $config);
}
// vim: et sw=4 sts=4

210
library/HTMLPurifier.includes.php
View File

@ -0,0 +1,210 @@
<?php
/**
* @file
* This file was auto-generated by generate-includes.php and includes all of
* the core files required by HTML Purifier. Use this if performance is a
* primary concern and you are using an opcode cache. PLEASE DO NOT EDIT THIS
* FILE, changes will be overwritten the next time the script is run.
*
* @version 4.1.1
*
* @warning
* You must *not* include any other HTML Purifier files before this file,
* because 'require' not 'require_once' is used.
*
* @warning
* This file requires that the include path contains the HTML Purifier
* library directory; this is not auto-set.
*/
require 'HTMLPurifier.php';
require 'HTMLPurifier/AttrCollections.php';
require 'HTMLPurifier/AttrDef.php';
require 'HTMLPurifier/AttrTransform.php';
require 'HTMLPurifier/AttrTypes.php';
require 'HTMLPurifier/AttrValidator.php';
require 'HTMLPurifier/Bootstrap.php';
require 'HTMLPurifier/Definition.php';
require 'HTMLPurifier/CSSDefinition.php';
require 'HTMLPurifier/ChildDef.php';
require 'HTMLPurifier/Config.php';
require 'HTMLPurifier/ConfigSchema.php';
require 'HTMLPurifier/ContentSets.php';
require 'HTMLPurifier/Context.php';
require 'HTMLPurifier/DefinitionCache.php';
require 'HTMLPurifier/DefinitionCacheFactory.php';
require 'HTMLPurifier/Doctype.php';
require 'HTMLPurifier/DoctypeRegistry.php';
require 'HTMLPurifier/ElementDef.php';
require 'HTMLPurifier/Encoder.php';
require 'HTMLPurifier/EntityLookup.php';
require 'HTMLPurifier/EntityParser.php';
require 'HTMLPurifier/ErrorCollector.php';
require 'HTMLPurifier/ErrorStruct.php';
require 'HTMLPurifier/Exception.php';
require 'HTMLPurifier/Filter.php';
require 'HTMLPurifier/Generator.php';
require 'HTMLPurifier/HTMLDefinition.php';
require 'HTMLPurifier/HTMLModule.php';
require 'HTMLPurifier/HTMLModuleManager.php';
require 'HTMLPurifier/IDAccumulator.php';
require 'HTMLPurifier/Injector.php';
require 'HTMLPurifier/Language.php';
require 'HTMLPurifier/LanguageFactory.php';
require 'HTMLPurifier/Length.php';
require 'HTMLPurifier/Lexer.php';
require 'HTMLPurifier/PercentEncoder.php';
require 'HTMLPurifier/PropertyList.php';
require 'HTMLPurifier/PropertyListIterator.php';
require 'HTMLPurifier/Strategy.php';
require 'HTMLPurifier/StringHash.php';
require 'HTMLPurifier/StringHashParser.php';
require 'HTMLPurifier/TagTransform.php';
require 'HTMLPurifier/Token.php';
require 'HTMLPurifier/TokenFactory.php';
require 'HTMLPurifier/URI.php';
require 'HTMLPurifier/URIDefinition.php';
require 'HTMLPurifier/URIFilter.php';
require 'HTMLPurifier/URIParser.php';
require 'HTMLPurifier/URIScheme.php';
require 'HTMLPurifier/URISchemeRegistry.php';
require 'HTMLPurifier/UnitConverter.php';
require 'HTMLPurifier/VarParser.php';
require 'HTMLPurifier/VarParserException.php';
require 'HTMLPurifier/AttrDef/CSS.php';
require 'HTMLPurifier/AttrDef/Enum.php';
require 'HTMLPurifier/AttrDef/Integer.php';
require 'HTMLPurifier/AttrDef/Lang.php';
require 'HTMLPurifier/AttrDef/Switch.php';
require 'HTMLPurifier/AttrDef/Text.php';
require 'HTMLPurifier/AttrDef/URI.php';
require 'HTMLPurifier/AttrDef/CSS/Number.php';
require 'HTMLPurifier/AttrDef/CSS/AlphaValue.php';
require 'HTMLPurifier/AttrDef/CSS/Background.php';
require 'HTMLPurifier/AttrDef/CSS/BackgroundPosition.php';
require 'HTMLPurifier/AttrDef/CSS/Border.php';
require 'HTMLPurifier/AttrDef/CSS/Color.php';
require 'HTMLPurifier/AttrDef/CSS/Composite.php';
require 'HTMLPurifier/AttrDef/CSS/DenyElementDecorator.php';
require 'HTMLPurifier/AttrDef/CSS/Filter.php';
require 'HTMLPurifier/AttrDef/CSS/Font.php';
require 'HTMLPurifier/AttrDef/CSS/FontFamily.php';
require 'HTMLPurifier/AttrDef/CSS/ImportantDecorator.php';
require 'HTMLPurifier/AttrDef/CSS/Length.php';
require 'HTMLPurifier/AttrDef/CSS/ListStyle.php';
require 'HTMLPurifier/AttrDef/CSS/Multiple.php';
require 'HTMLPurifier/AttrDef/CSS/Percentage.php';
require 'HTMLPurifier/AttrDef/CSS/TextDecoration.php';
require 'HTMLPurifier/AttrDef/CSS/URI.php';
require 'HTMLPurifier/AttrDef/HTML/Bool.php';
require 'HTMLPurifier/AttrDef/HTML/Nmtokens.php';
require 'HTMLPurifier/AttrDef/HTML/Class.php';
require 'HTMLPurifier/AttrDef/HTML/Color.php';
require 'HTMLPurifier/AttrDef/HTML/FrameTarget.php';
require 'HTMLPurifier/AttrDef/HTML/ID.php';
require 'HTMLPurifier/AttrDef/HTML/Pixels.php';
require 'HTMLPurifier/AttrDef/HTML/Length.php';
require 'HTMLPurifier/AttrDef/HTML/LinkTypes.php';
require 'HTMLPurifier/AttrDef/HTML/MultiLength.php';
require 'HTMLPurifier/AttrDef/URI/Email.php';
require 'HTMLPurifier/AttrDef/URI/Host.php';
require 'HTMLPurifier/AttrDef/URI/IPv4.php';
require 'HTMLPurifier/AttrDef/URI/IPv6.php';
require 'HTMLPurifier/AttrDef/URI/Email/SimpleCheck.php';
require 'HTMLPurifier/AttrTransform/Background.php';
require 'HTMLPurifier/AttrTransform/BdoDir.php';
require 'HTMLPurifier/AttrTransform/BgColor.php';
require 'HTMLPurifier/AttrTransform/BoolToCSS.php';
require 'HTMLPurifier/AttrTransform/Border.php';
require 'HTMLPurifier/AttrTransform/EnumToCSS.php';
require 'HTMLPurifier/AttrTransform/ImgRequired.php';
require 'HTMLPurifier/AttrTransform/ImgSpace.php';
require 'HTMLPurifier/AttrTransform/Input.php';
require 'HTMLPurifier/AttrTransform/Lang.php';
require 'HTMLPurifier/AttrTransform/Length.php';
require 'HTMLPurifier/AttrTransform/Name.php';
require 'HTMLPurifier/AttrTransform/NameSync.php';
require 'HTMLPurifier/AttrTransform/SafeEmbed.php';
require 'HTMLPurifier/AttrTransform/SafeObject.php';
require 'HTMLPurifier/AttrTransform/SafeParam.php';
require 'HTMLPurifier/AttrTransform/ScriptRequired.php';
require 'HTMLPurifier/AttrTransform/Textarea.php';
require 'HTMLPurifier/ChildDef/Chameleon.php';
require 'HTMLPurifier/ChildDef/Custom.php';
require 'HTMLPurifier/ChildDef/Empty.php';
require 'HTMLPurifier/ChildDef/Required.php';
require 'HTMLPurifier/ChildDef/Optional.php';
require 'HTMLPurifier/ChildDef/StrictBlockquote.php';
require 'HTMLPurifier/ChildDef/Table.php';
require 'HTMLPurifier/DefinitionCache/Decorator.php';
require 'HTMLPurifier/DefinitionCache/Null.php';
require 'HTMLPurifier/DefinitionCache/Serializer.php';
require 'HTMLPurifier/DefinitionCache/Decorator/Cleanup.php';
require 'HTMLPurifier/DefinitionCache/Decorator/Memory.php';
require 'HTMLPurifier/HTMLModule/Bdo.php';
require 'HTMLPurifier/HTMLModule/CommonAttributes.php';
require 'HTMLPurifier/HTMLModule/Edit.php';
require 'HTMLPurifier/HTMLModule/Forms.php';
require 'HTMLPurifier/HTMLModule/Hypertext.php';
require 'HTMLPurifier/HTMLModule/Image.php';
require 'HTMLPurifier/HTMLModule/Legacy.php';
require 'HTMLPurifier/HTMLModule/List.php';
require 'HTMLPurifier/HTMLModule/Name.php';
require 'HTMLPurifier/HTMLModule/NonXMLCommonAttributes.php';
require 'HTMLPurifier/HTMLModule/Object.php';
require 'HTMLPurifier/HTMLModule/Presentation.php';
require 'HTMLPurifier/HTMLModule/Proprietary.php';
require 'HTMLPurifier/HTMLModule/Ruby.php';
require 'HTMLPurifier/HTMLModule/SafeEmbed.php';
require 'HTMLPurifier/HTMLModule/SafeObject.php';
require 'HTMLPurifier/HTMLModule/Scripting.php';
require 'HTMLPurifier/HTMLModule/StyleAttribute.php';
require 'HTMLPurifier/HTMLModule/Tables.php';
require 'HTMLPurifier/HTMLModule/Target.php';
require 'HTMLPurifier/HTMLModule/Text.php';
require 'HTMLPurifier/HTMLModule/Tidy.php';
require 'HTMLPurifier/HTMLModule/XMLCommonAttributes.php';
require 'HTMLPurifier/HTMLModule/Tidy/Name.php';
require 'HTMLPurifier/HTMLModule/Tidy/Proprietary.php';
require 'HTMLPurifier/HTMLModule/Tidy/XHTMLAndHTML4.php';
require 'HTMLPurifier/HTMLModule/Tidy/Strict.php';
require 'HTMLPurifier/HTMLModule/Tidy/Transitional.php';
require 'HTMLPurifier/HTMLModule/Tidy/XHTML.php';
require 'HTMLPurifier/Injector/AutoParagraph.php';
require 'HTMLPurifier/Injector/DisplayLinkURI.php';
require 'HTMLPurifier/Injector/Linkify.php';
require 'HTMLPurifier/Injector/PurifierLinkify.php';
require 'HTMLPurifier/Injector/RemoveEmpty.php';
require 'HTMLPurifier/Injector/RemoveSpansWithoutAttributes.php';
require 'HTMLPurifier/Injector/SafeObject.php';
require 'HTMLPurifier/Lexer/DOMLex.php';
require 'HTMLPurifier/Lexer/DirectLex.php';
require 'HTMLPurifier/Strategy/Composite.php';
require 'HTMLPurifier/Strategy/Core.php';
require 'HTMLPurifier/Strategy/FixNesting.php';
require 'HTMLPurifier/Strategy/MakeWellFormed.php';
require 'HTMLPurifier/Strategy/RemoveForeignElements.php';
require 'HTMLPurifier/Strategy/ValidateAttributes.php';
require 'HTMLPurifier/TagTransform/Font.php';
require 'HTMLPurifier/TagTransform/Simple.php';
require 'HTMLPurifier/Token/Comment.php';
require 'HTMLPurifier/Token/Tag.php';
require 'HTMLPurifier/Token/Empty.php';
require 'HTMLPurifier/Token/End.php';
require 'HTMLPurifier/Token/Start.php';
require 'HTMLPurifier/Token/Text.php';
require 'HTMLPurifier/URIFilter/DisableExternal.php';
require 'HTMLPurifier/URIFilter/DisableExternalResources.php';
require 'HTMLPurifier/URIFilter/HostBlacklist.php';
require 'HTMLPurifier/URIFilter/MakeAbsolute.php';
require 'HTMLPurifier/URIFilter/Munge.php';
require 'HTMLPurifier/URIScheme/data.php';
require 'HTMLPurifier/URIScheme/ftp.php';
require 'HTMLPurifier/URIScheme/http.php';
require 'HTMLPurifier/URIScheme/https.php';
require 'HTMLPurifier/URIScheme/mailto.php';
require 'HTMLPurifier/URIScheme/news.php';
require 'HTMLPurifier/URIScheme/nntp.php';
require 'HTMLPurifier/VarParser/Flexible.php';
require 'HTMLPurifier/VarParser/Native.php';

30
library/HTMLPurifier.kses.php
View File

@ -0,0 +1,30 @@
<?php
/**
* @file
* Emulation layer for code that used kses(), substituting in HTML Purifier.
*/
require_once dirname(__FILE__) . '/HTMLPurifier.auto.php';
function kses($string, $allowed_html, $allowed_protocols = null) {
$config = HTMLPurifier_Config::createDefault();
$allowed_elements = array();
$allowed_attributes = array();
foreach ($allowed_html as $element => $attributes) {
$allowed_elements[$element] = true;
foreach ($attributes as $attribute => $x) {
$allowed_attributes["$element.$attribute"] = true;
}
}
$config->set('HTML.AllowedElements', $allowed_elements);
$config->set('HTML.AllowedAttributes', $allowed_attributes);
$allowed_schemes = array();
if ($allowed_protocols !== null) {
$config->set('URI.AllowedSchemes', $allowed_protocols);
}
$purifier = new HTMLPurifier($config);
return $purifier->purify($string);
}
// vim: et sw=4 sts=4

11
library/HTMLPurifier.path.php
View File

@ -0,0 +1,11 @@
<?php
/**
* @file
* Convenience stub file that adds HTML Purifier's library file to the path
* without any other side-effects.
*/
set_include_path(dirname(__FILE__) . PATH_SEPARATOR . get_include_path() );
// vim: et sw=4 sts=4

237
library/HTMLPurifier.php
View File

@ -0,0 +1,237 @@
<?php
/*! @mainpage
*
* HTML Purifier is an HTML filter that will take an arbitrary snippet of
* HTML and rigorously test, validate and filter it into a version that
* is safe for output onto webpages. It achieves this by:
*
* -# Lexing (parsing into tokens) the document,
* -# Executing various strategies on the tokens:
* -# Removing all elements not in the whitelist,
* -# Making the tokens well-formed,
* -# Fixing the nesting of the nodes, and
* -# Validating attributes of the nodes; and
* -# Generating HTML from the purified tokens.
*
* However, most users will only need to interface with the HTMLPurifier
* and HTMLPurifier_Config.
*/
/*
HTML Purifier 4.1.1 - Standards Compliant HTML Filtering
Copyright (C) 2006-2008 Edward Z. Yang
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
/**
* Facade that coordinates HTML Purifier's subsystems in order to purify HTML.
*
* @note There are several points in which configuration can be specified
* for HTML Purifier. The precedence of these (from lowest to
* highest) is as follows:
* -# Instance: new HTMLPurifier($config)
* -# Invocation: purify($html, $config)
* These configurations are entirely independent of each other and
* are *not* merged (this behavior may change in the future).
*
* @todo We need an easier way to inject strategies using the configuration
* object.
*/
class HTMLPurifier
{
/** Version of HTML Purifier */
public $version = '4.1.1';
/** Constant with version of HTML Purifier */
const VERSION = '4.1.1';
/** Global configuration object */
public $config;
/** Array of extra HTMLPurifier_Filter objects to run on HTML, for backwards compatibility */
private $filters = array();
/** Single instance of HTML Purifier */
private static $instance;
protected $strategy, $generator;
/**
* Resultant HTMLPurifier_Context of last run purification. Is an array
* of contexts if the last called method was purifyArray().
*/
public $context;
/**
* Initializes the purifier.
* @param $config Optional HTMLPurifier_Config object for all instances of
* the purifier, if omitted, a default configuration is
* supplied (which can be overridden on a per-use basis).
* The parameter can also be any type that
* HTMLPurifier_Config::create() supports.
*/
public function __construct($config = null) {
$this->config = HTMLPurifier_Config::create($config);
$this->strategy = new HTMLPurifier_Strategy_Core();
}
/**
* Adds a filter to process the output. First come first serve
* @param $filter HTMLPurifier_Filter object
*/
public function addFilter($filter) {
trigger_error('HTMLPurifier->addFilter() is deprecated, use configuration directives in the Filter namespace or Filter.Custom', E_USER_WARNING);
$this->filters[] = $filter;
}
/**
* Filters an HTML snippet/document to be XSS-free and standards-compliant.
*
* @param $html String of HTML to purify
* @param $config HTMLPurifier_Config object for this operation, if omitted,
* defaults to the config object specified during this
* object's construction. The parameter can also be any type
* that HTMLPurifier_Config::create() supports.
* @return Purified HTML
*/
public function purify($html, $config = null) {
// :TODO: make the config merge in, instead of replace
$config = $config ? HTMLPurifier_Config::create($config) : $this->config;
// implementation is partially environment dependant, partially
// configuration dependant
$lexer = HTMLPurifier_Lexer::create($config);
$context = new HTMLPurifier_Context();
// setup HTML generator
$this->generator = new HTMLPurifier_Generator($config, $context);
$context->register('Generator', $this->generator);
// set up global context variables
if ($config->get('Core.CollectErrors')) {
// may get moved out if other facilities use it
$language_factory = HTMLPurifier_LanguageFactory::instance();
$language = $language_factory->create($config, $context);
$context->register('Locale', $language);
$error_collector = new HTMLPurifier_ErrorCollector($context);
$context->register('ErrorCollector', $error_collector);
}
// setup id_accumulator context, necessary due to the fact that
// AttrValidator can be called from many places
$id_accumulator = HTMLPurifier_IDAccumulator::build($config, $context);
$context->register('IDAccumulator', $id_accumulator);
$html = HTMLPurifier_Encoder::convertToUTF8($html, $config, $context);
// setup filters
$filter_flags = $config->getBatch('Filter');
$custom_filters = $filter_flags['Custom'];
unset($filter_flags['Custom']);
$filters = array();
foreach ($filter_flags as $filter => $flag) {
if (!$flag) continue;
if (strpos($filter, '.') !== false) continue;
$class = "HTMLPurifier_Filter_$filter";
$filters[] = new $class;
}
foreach ($custom_filters as $filter) {
// maybe "HTMLPurifier_Filter_$filter", but be consistent with AutoFormat
$filters[] = $filter;
}
$filters = array_merge($filters, $this->filters);
// maybe prepare(), but later
for ($i = 0, $filter_size = count($filters); $i < $filter_size; $i++) {
$html = $filters[$i]->preFilter($html, $config, $context);
}
// purified HTML
$html =
$this->generator->generateFromTokens(
// list of tokens
$this->strategy->execute(
// list of un-purified tokens
$lexer->tokenizeHTML(
// un-purified HTML
$html, $config, $context
),
$config, $context
)
);
for ($i = $filter_size - 1; $i >= 0; $i--) {
$html = $filters[$i]->postFilter($html, $config, $context);
}
$html = HTMLPurifier_Encoder::convertFromUTF8($html, $config, $context);
$this->context =& $context;
return $html;
}
/**
* Filters an array of HTML snippets
* @param $config Optional HTMLPurifier_Config object for this operation.
* See HTMLPurifier::purify() for more details.
* @return Array of purified HTML
*/
public function purifyArray($array_of_html, $config = null) {
$context_array = array();
foreach ($array_of_html as $key => $html) {
$array_of_html[$key] = $this->purify($html, $config);
$context_array[$key] = $this->context;
}
$this->context = $context_array;
return $array_of_html;
}
/**
* Singleton for enforcing just one HTML Purifier in your system
* @param $prototype Optional prototype HTMLPurifier instance to
* overload singleton with, or HTMLPurifier_Config
* instance to configure the generated version with.
*/
public static function instance($prototype = null) {
if (!self::$instance || $prototype) {
if ($prototype instanceof HTMLPurifier) {
self::$instance = $prototype;
} elseif ($prototype) {
self::$instance = new HTMLPurifier($prototype);
} else {
self::$instance = new HTMLPurifier();
}
}
return self::$instance;
}
/**
* @note Backwards compatibility, see instance()
*/
public static function getInstance($prototype = null) {
return HTMLPurifier::instance($prototype);
}
}
// vim: et sw=4 sts=4

204
library/HTMLPurifier.safe-includes.php
View File

@ -0,0 +1,204 @@
<?php
/**
* @file
* This file was auto-generated by generate-includes.php and includes all of
* the core files required by HTML Purifier. This is a convenience stub that
* includes all files using dirname(__FILE__) and require_once. PLEASE DO NOT
* EDIT THIS FILE, changes will be overwritten the next time the script is run.
*
* Changes to include_path are not necessary.
*/
$__dir = dirname(__FILE__);
require_once $__dir . '/HTMLPurifier.php';
require_once $__dir . '/HTMLPurifier/AttrCollections.php';
require_once $__dir . '/HTMLPurifier/AttrDef.php';
require_once $__dir . '/HTMLPurifier/AttrTransform.php';
require_once $__dir . '/HTMLPurifier/AttrTypes.php';
require_once $__dir . '/HTMLPurifier/AttrValidator.php';
require_once $__dir . '/HTMLPurifier/Bootstrap.php';
require_once $__dir . '/HTMLPurifier/Definition.php';
require_once $__dir . '/HTMLPurifier/CSSDefinition.php';
require_once $__dir . '/HTMLPurifier/ChildDef.php';
require_once $__dir . '/HTMLPurifier/Config.php';
require_once $__dir . '/HTMLPurifier/ConfigSchema.php';
require_once $__dir . '/HTMLPurifier/ContentSets.php';
require_once $__dir . '/HTMLPurifier/Context.php';
require_once $__dir . '/HTMLPurifier/DefinitionCache.php';
require_once $__dir . '/HTMLPurifier/DefinitionCacheFactory.php';
require_once $__dir . '/HTMLPurifier/Doctype.php';
require_once $__dir . '/HTMLPurifier/DoctypeRegistry.php';
require_once $__dir . '/HTMLPurifier/ElementDef.php';
require_once $__dir . '/HTMLPurifier/Encoder.php';
require_once $__dir . '/HTMLPurifier/EntityLookup.php';
require_once $__dir . '/HTMLPurifier/EntityParser.php';
require_once $__dir . '/HTMLPurifier/ErrorCollector.php';
require_once $__dir . '/HTMLPurifier/ErrorStruct.php';
require_once $__dir . '/HTMLPurifier/Exception.php';
require_once $__dir . '/HTMLPurifier/Filter.php';
require_once $__dir . '/HTMLPurifier/Generator.php';
require_once $__dir . '/HTMLPurifier/HTMLDefinition.php';
require_once $__dir . '/HTMLPurifier/HTMLModule.php';
require_once $__dir . '/HTMLPurifier/HTMLModuleManager.php';
require_once $__dir . '/HTMLPurifier/IDAccumulator.php';
require_once $__dir . '/HTMLPurifier/Injector.php';
require_once $__dir . '/HTMLPurifier/Language.php';
require_once $__dir . '/HTMLPurifier/LanguageFactory.php';
require_once $__dir . '/HTMLPurifier/Length.php';
require_once $__dir . '/HTMLPurifier/Lexer.php';
require_once $__dir . '/HTMLPurifier/PercentEncoder.php';
require_once $__dir . '/HTMLPurifier/PropertyList.php';
require_once $__dir . '/HTMLPurifier/PropertyListIterator.php';
require_once $__dir . '/HTMLPurifier/Strategy.php';
require_once $__dir . '/HTMLPurifier/StringHash.php';
require_once $__dir . '/HTMLPurifier/StringHashParser.php';
require_once $__dir . '/HTMLPurifier/TagTransform.php';
require_once $__dir . '/HTMLPurifier/Token.php';
require_once $__dir . '/HTMLPurifier/TokenFactory.php';
require_once $__dir . '/HTMLPurifier/URI.php';
require_once $__dir . '/HTMLPurifier/URIDefinition.php';
require_once $__dir . '/HTMLPurifier/URIFilter.php';
require_once $__dir . '/HTMLPurifier/URIParser.php';
require_once $__dir . '/HTMLPurifier/URIScheme.php';
require_once $__dir . '/HTMLPurifier/URISchemeRegistry.php';
require_once $__dir . '/HTMLPurifier/UnitConverter.php';
require_once $__dir . '/HTMLPurifier/VarParser.php';
require_once $__dir . '/HTMLPurifier/VarParserException.php';
require_once $__dir . '/HTMLPurifier/AttrDef/CSS.php';
require_once $__dir . '/HTMLPurifier/AttrDef/Enum.php';
require_once $__dir . '/HTMLPurifier/AttrDef/Integer.php';
require_once $__dir . '/HTMLPurifier/AttrDef/Lang.php';
require_once $__dir . '/HTMLPurifier/AttrDef/Switch.php';
require_once $__dir . '/HTMLPurifier/AttrDef/Text.php';
require_once $__dir . '/HTMLPurifier/AttrDef/URI.php';
require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Number.php';
require_once $__dir . '/HTMLPurifier/AttrDef/CSS/AlphaValue.php';
require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Background.php';
require_once $__dir . '/HTMLPurifier/AttrDef/CSS/BackgroundPosition.php';
require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Border.php';
require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Color.php';
require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Composite.php';
require_once $__dir . '/HTMLPurifier/AttrDef/CSS/DenyElementDecorator.php';
require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Filter.php';
require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Font.php';
require_once $__dir . '/HTMLPurifier/AttrDef/CSS/FontFamily.php';
require_once $__dir . '/HTMLPurifier/AttrDef/CSS/ImportantDecorator.php';
require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Length.php';
require_once $__dir . '/HTMLPurifier/AttrDef/CSS/ListStyle.php';
require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Multiple.php';
require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Percentage.php';
require_once $__dir . '/HTMLPurifier/AttrDef/CSS/TextDecoration.php';
require_once $__dir . '/HTMLPurifier/AttrDef/CSS/URI.php';
require_once $__dir . '/HTMLPurifier/AttrDef/HTML/Bool.php';
require_once $__dir . '/HTMLPurifier/AttrDef/HTML/Nmtokens.php';
require_once $__dir . '/HTMLPurifier/AttrDef/HTML/Class.php';
require_once $__dir . '/HTMLPurifier/AttrDef/HTML/Color.php';
require_once $__dir . '/HTMLPurifier/AttrDef/HTML/FrameTarget.php';
require_once $__dir . '/HTMLPurifier/AttrDef/HTML/ID.php';
require_once $__dir . '/HTMLPurifier/AttrDef/HTML/Pixels.php';
require_once $__dir . '/HTMLPurifier/AttrDef/HTML/Length.php';
require_once $__dir . '/HTMLPurifier/AttrDef/HTML/LinkTypes.php';
require_once $__dir . '/HTMLPurifier/AttrDef/HTML/MultiLength.php';
require_once $__dir . '/HTMLPurifier/AttrDef/URI/Email.php';
require_once $__dir . '/HTMLPurifier/AttrDef/URI/Host.php';
require_once $__dir . '/HTMLPurifier/AttrDef/URI/IPv4.php';
require_once $__dir . '/HTMLPurifier/AttrDef/URI/IPv6.php';
require_once $__dir . '/HTMLPurifier/AttrDef/URI/Email/SimpleCheck.php';
require_once $__dir . '/HTMLPurifier/AttrTransform/Background.php';
require_once $__dir . '/HTMLPurifier/AttrTransform/BdoDir.php';
require_once $__dir . '/HTMLPurifier/AttrTransform/BgColor.php';
require_once $__dir . '/HTMLPurifier/AttrTransform/BoolToCSS.php';
require_once $__dir . '/HTMLPurifier/AttrTransform/Border.php';
require_once $__dir . '/HTMLPurifier/AttrTransform/EnumToCSS.php';
require_once $__dir . '/HTMLPurifier/AttrTransform/ImgRequired.php';
require_once $__dir . '/HTMLPurifier/AttrTransform/ImgSpace.php';
require_once $__dir . '/HTMLPurifier/AttrTransform/Input.php';
require_once $__dir . '/HTMLPurifier/AttrTransform/Lang.php';
require_once $__dir . '/HTMLPurifier/AttrTransform/Length.php';
require_once $__dir . '/HTMLPurifier/AttrTransform/Name.php';
require_once $__dir . '/HTMLPurifier/AttrTransform/NameSync.php';
require_once $__dir . '/HTMLPurifier/AttrTransform/SafeEmbed.php';
require_once $__dir . '/HTMLPurifier/AttrTransform/SafeObject.php';
require_once $__dir . '/HTMLPurifier/AttrTransform/SafeParam.php';
require_once $__dir . '/HTMLPurifier/AttrTransform/ScriptRequired.php';
require_once $__dir . '/HTMLPurifier/AttrTransform/Textarea.php';
require_once $__dir . '/HTMLPurifier/ChildDef/Chameleon.php';
require_once $__dir . '/HTMLPurifier/ChildDef/Custom.php';