Merge pull request #6070 from zeroadam/TextToXML

split xml functions out of text.php
This commit is contained in:
Hypolite Petovan 2018-11-05 13:50:09 -05:00 committed by GitHub
commit 0472c7b57d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
18 changed files with 202 additions and 231 deletions

View file

@ -195,7 +195,7 @@ function localize_item(&$item)
$xmlhead="<"."?xml version='1.0' encoding='UTF-8' ?".">"; $xmlhead="<"."?xml version='1.0' encoding='UTF-8' ?".">";
$obj = XML::parseString($xmlhead.$item['object']); $obj = XML::parseString($xmlhead.$item['object']);
$links = XML::parseString($xmlhead."<links>".unxmlify($obj->link)."</links>"); $links = XML::parseString($xmlhead."<links>".XML::unescape($obj->link)."</links>");
$Bname = $obj->title; $Bname = $obj->title;
$Blink = ""; $Blink = "";

View file

@ -26,6 +26,7 @@ use Friendica\Util\Proxy as ProxyUtils;
use Friendica\Core\Logger; use Friendica\Core\Logger;
use Friendica\Core\Renderer; use Friendica\Core\Renderer;
use Friendica\Model\FileTag; use Friendica\Model\FileTag;
use Friendica\Util\XML;
require_once "include/conversation.php"; require_once "include/conversation.php";
@ -162,80 +163,6 @@ function autoname($len) {
return $word; return $word;
} }
/**
* escape text ($str) for XML transport
* @param string $str
* @return string Escaped text.
*/
function xmlify($str) {
/// @TODO deprecated code found?
/* $buffer = '';
$len = mb_strlen($str);
for ($x = 0; $x < $len; $x ++) {
$char = mb_substr($str,$x,1);
switch($char) {
case "\r" :
break;
case "&" :
$buffer .= '&amp;';
break;
case "'" :
$buffer .= '&apos;';
break;
case "\"" :
$buffer .= '&quot;';
break;
case '<' :
$buffer .= '&lt;';
break;
case '>' :
$buffer .= '&gt;';
break;
case "\n" :
$buffer .= "\n";
break;
default :
$buffer .= $char;
break;
}
}*/
/*
$buffer = mb_ereg_replace("&", "&amp;", $str);
$buffer = mb_ereg_replace("'", "&apos;", $buffer);
$buffer = mb_ereg_replace('"', "&quot;", $buffer);
$buffer = mb_ereg_replace("<", "&lt;", $buffer);
$buffer = mb_ereg_replace(">", "&gt;", $buffer);
*/
$buffer = htmlspecialchars($str, ENT_QUOTES, "UTF-8");
$buffer = trim($buffer);
return $buffer;
}
/**
* undo an xmlify
* @param string $s xml escaped text
* @return string unescaped text
*/
function unxmlify($s) {
/// @TODO deprecated code found?
// $ret = str_replace('&amp;','&', $s);
// $ret = str_replace(array('&lt;','&gt;','&quot;','&apos;'),array('<','>','"',"'"),$ret);
/*$ret = mb_ereg_replace('&amp;', '&', $s);
$ret = mb_ereg_replace('&apos;', "'", $ret);
$ret = mb_ereg_replace('&quot;', '"', $ret);
$ret = mb_ereg_replace('&lt;', "<", $ret);
$ret = mb_ereg_replace('&gt;', ">", $ret);
*/
$ret = htmlspecialchars_decode($s, ENT_QUOTES);
return $ret;
}
/** /**
* Loader for infinite scrolling * Loader for infinite scrolling
* @return string html for loader * @return string html for loader
@ -1047,9 +974,9 @@ function get_cats_and_terms($item)
if ($cnt) { if ($cnt) {
foreach ($matches as $mtch) { foreach ($matches as $mtch) {
$categories[] = [ $categories[] = [
'name' => xmlify(FileTag::decode($mtch[1])), 'name' => XML::escape(FileTag::decode($mtch[1])),
'url' => "#", 'url' => "#",
'removeurl' => ((local_user() == $item['uid'])?'filerm/' . $item['id'] . '?f=&cat=' . xmlify(FileTag::decode($mtch[1])):""), 'removeurl' => ((local_user() == $item['uid'])?'filerm/' . $item['id'] . '?f=&cat=' . XML::escape(FileTag::decode($mtch[1])):""),
'first' => $first, 'first' => $first,
'last' => false 'last' => false
]; ];
@ -1068,9 +995,9 @@ function get_cats_and_terms($item)
if ($cnt) { if ($cnt) {
foreach ($matches as $mtch) { foreach ($matches as $mtch) {
$folders[] = [ $folders[] = [
'name' => xmlify(FileTag::decode($mtch[1])), 'name' => XML::escape(FileTag::decode($mtch[1])),
'url' => "#", 'url' => "#",
'removeurl' => ((local_user() == $item['uid']) ? 'filerm/' . $item['id'] . '?f=&term=' . xmlify(FileTag::decode($mtch[1])) : ""), 'removeurl' => ((local_user() == $item['uid']) ? 'filerm/' . $item['id'] . '?f=&term=' . XML::escape(FileTag::decode($mtch[1])) : ""),
'first' => $first, 'first' => $first,
'last' => false 'last' => false
]; ];
@ -1234,21 +1161,6 @@ function html2bb_video($s) {
return $s; return $s;
} }
/**
* apply xmlify() to all values of array $val, recursively
* @param array $val
* @return array
*/
function array_xmlify($val){
if (is_bool($val)) {
return $val?"true":"false";
} elseif (is_array($val)) {
return array_map('array_xmlify', $val);
}
return xmlify((string) $val);
}
/** /**
* transform link href and img src from relative to absolute * transform link href and img src from relative to absolute
* *

View file

@ -256,7 +256,7 @@ function dfrn_confirm_post(App $a, $handsfree = null)
$xml = XML::parseString($res); $xml = XML::parseString($res);
$status = (int) $xml->status; $status = (int) $xml->status;
$message = unxmlify($xml->message); // human readable text of what may have gone wrong. $message = XML::unescape($xml->message); // human readable text of what may have gone wrong.
switch ($status) { switch ($status) {
case 0: case 0:
info(L10n::t("Confirmation completed successfully.") . EOL); info(L10n::t("Confirmation completed successfully.") . EOL);

View file

@ -8,6 +8,7 @@ use Friendica\Core\Logger;
use Friendica\Core\PConfig; use Friendica\Core\PConfig;
use Friendica\Core\Renderer; use Friendica\Core\Renderer;
use Friendica\Model\FileTag; use Friendica\Model\FileTag;
use Friendica\Util\XML;
require_once 'include/items.php'; require_once 'include/items.php';
@ -17,7 +18,7 @@ function filer_content(App $a)
killme(); killme();
} }
$term = unxmlify(trim(defaults($_GET, 'term', ''))); $term = XML::unescape(trim(defaults($_GET, 'term', '')));
$item_id = (($a->argc > 1) ? intval($a->argv[1]) : 0); $item_id = (($a->argc > 1) ? intval($a->argv[1]) : 0);
Logger::log('filer: tag ' . $term . ' item ' . $item_id); Logger::log('filer: tag ' . $term . ' item ' . $item_id);

View file

@ -4,6 +4,7 @@ use Friendica\App;
use Friendica\Core\Logger; use Friendica\Core\Logger;
use Friendica\Core\System; use Friendica\Core\System;
use Friendica\Model\FileTag; use Friendica\Model\FileTag;
use Friendica\Util\XML;
function filerm_content(App $a) function filerm_content(App $a)
{ {
@ -12,8 +13,8 @@ function filerm_content(App $a)
killme(); killme();
} }
$term = unxmlify(trim($_GET['term'])); $term = XML::unescape(trim($_GET['term']));
$cat = unxmlify(trim($_GET['cat'])); $cat = XML::unescape(trim($_GET['cat']));
$category = (($cat) ? true : false); $category = (($cat) ? true : false);

View file

@ -30,6 +30,7 @@ use Friendica\Util\DateTimeFormat;
use Friendica\Util\Map; use Friendica\Util\Map;
use Friendica\Util\Security; use Friendica\Util\Security;
use Friendica\Util\Temporal; use Friendica\Util\Temporal;
use Friendica\Util\XML;
require_once 'include/items.php'; require_once 'include/items.php';
@ -682,15 +683,15 @@ function photos_post(App $a)
$arr['body'] .= "\n\n" . '[url=' . System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . '[img]' . System::baseUrl() . "/photo/" . $p[0]['resource-id'] . '-' . $best . '.' . $ext . '[/img][/url]' . "\n" ; $arr['body'] .= "\n\n" . '[url=' . System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . '[img]' . System::baseUrl() . "/photo/" . $p[0]['resource-id'] . '-' . $best . '.' . $ext . '[/img][/url]' . "\n" ;
$arr['object'] = '<object><type>' . ACTIVITY_OBJ_PERSON . '</type><title>' . $tagged[0] . '</title><id>' . $tagged[1] . '/' . $tagged[0] . '</id>'; $arr['object'] = '<object><type>' . ACTIVITY_OBJ_PERSON . '</type><title>' . $tagged[0] . '</title><id>' . $tagged[1] . '/' . $tagged[0] . '</id>';
$arr['object'] .= '<link>' . xmlify('<link rel="alternate" type="text/html" href="' . $tagged[1] . '" />' . "\n"); $arr['object'] .= '<link>' . XML::escape('<link rel="alternate" type="text/html" href="' . $tagged[1] . '" />' . "\n");
if ($tagged[3]) { if ($tagged[3]) {
$arr['object'] .= xmlify('<link rel="photo" type="'.$p[0]['type'].'" href="' . $tagged[3]['photo'] . '" />' . "\n"); $arr['object'] .= XML::escape('<link rel="photo" type="'.$p[0]['type'].'" href="' . $tagged[3]['photo'] . '" />' . "\n");
} }
$arr['object'] .= '</link></object>' . "\n"; $arr['object'] .= '</link></object>' . "\n";
$arr['target'] = '<target><type>' . ACTIVITY_OBJ_IMAGE . '</type><title>' . $p[0]['desc'] . '</title><id>' $arr['target'] = '<target><type>' . ACTIVITY_OBJ_IMAGE . '</type><title>' . $p[0]['desc'] . '</title><id>'
. System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . '</id>'; . System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . '</id>';
$arr['target'] .= '<link>' . xmlify('<link rel="alternate" type="text/html" href="' . System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . '" />' . "\n" . '<link rel="preview" type="'.$p[0]['type'].'" href="' . System::baseUrl() . "/photo/" . $p[0]['resource-id'] . '-' . $best . '.' . $ext . '" />') . '</link></target>'; $arr['target'] .= '<link>' . XML::escape('<link rel="alternate" type="text/html" href="' . System::baseUrl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . '" />' . "\n" . '<link rel="preview" type="'.$p[0]['type'].'" href="' . System::baseUrl() . "/photo/" . $p[0]['resource-id'] . '-' . $best . '.' . $ext . '" />') . '</link></target>';
$item_id = Item::insert($arr); $item_id = Item::insert($arr);
} }

View file

@ -15,6 +15,7 @@ use Friendica\Core\System;
use Friendica\Database\DBA; use Friendica\Database\DBA;
use Friendica\Protocol\PortableContact; use Friendica\Protocol\PortableContact;
use Friendica\Util\DateTimeFormat; use Friendica\Util\DateTimeFormat;
use Friendica\Util\XML;
function poco_init(App $a) { function poco_init(App $a) {
$system_mode = false; $system_mode = false;
@ -375,7 +376,7 @@ function poco_init(App $a) {
if ($format === 'xml') { if ($format === 'xml') {
header('Content-type: text/xml'); header('Content-type: text/xml');
echo Renderer::replaceMacros(Renderer::getMarkupTemplate('poco_xml.tpl'), array_xmlify(['$response' => $ret])); echo Renderer::replaceMacros(Renderer::getMarkupTemplate('poco_xml.tpl'), XML::arrayEscape(['$response' => $ret]));
killme(); killme();
} }
if ($format === 'json') { if ($format === 'json') {

View file

@ -22,6 +22,7 @@ use Friendica\Core\System;
use Friendica\Core\Worker; use Friendica\Core\Worker;
use Friendica\Database\DBA; use Friendica\Database\DBA;
use Friendica\Model\Item; use Friendica\Model\Item;
use Friendica\Util\XML;
require_once 'include/items.php'; require_once 'include/items.php';
@ -124,9 +125,9 @@ function poke_init(App $a)
$arr['body'] = '[url=' . $poster['url'] . ']' . $poster['name'] . '[/url]' . ' ' . L10n::t($verbs[$verb][0]) . ' ' . '[url=' . $target['url'] . ']' . $target['name'] . '[/url]'; $arr['body'] = '[url=' . $poster['url'] . ']' . $poster['name'] . '[/url]' . ' ' . L10n::t($verbs[$verb][0]) . ' ' . '[url=' . $target['url'] . ']' . $target['name'] . '[/url]';
$arr['object'] = '<object><type>' . ACTIVITY_OBJ_PERSON . '</type><title>' . $target['name'] . '</title><id>' . $target['url'] . '</id>'; $arr['object'] = '<object><type>' . ACTIVITY_OBJ_PERSON . '</type><title>' . $target['name'] . '</title><id>' . $target['url'] . '</id>';
$arr['object'] .= '<link>' . xmlify('<link rel="alternate" type="text/html" href="' . $target['url'] . '" />' . "\n"); $arr['object'] .= '<link>' . XML::escape('<link rel="alternate" type="text/html" href="' . $target['url'] . '" />' . "\n");
$arr['object'] .= xmlify('<link rel="photo" type="image/jpeg" href="' . $target['photo'] . '" />' . "\n"); $arr['object'] .= XML::escape('<link rel="photo" type="image/jpeg" href="' . $target['photo'] . '" />' . "\n");
$arr['object'] .= '</link></object>' . "\n"; $arr['object'] .= '</link></object>' . "\n";
$item_id = Item::insert($arr); $item_id = Item::insert($arr);

View file

@ -24,6 +24,7 @@ use Friendica\Protocol\ActivityPub;
use Friendica\Protocol\DFRN; use Friendica\Protocol\DFRN;
use Friendica\Util\DateTimeFormat; use Friendica\Util\DateTimeFormat;
use Friendica\Util\Security; use Friendica\Util\Security;
use Friendica\Util\XML;
function profile_init(App $a) function profile_init(App $a)
{ {
@ -209,7 +210,7 @@ function profile_content(App $a, $update = 0)
$commvisitor = $commpage && $remote_contact; $commvisitor = $commpage && $remote_contact;
$a->page['aside'] .= posted_date_widget(System::baseUrl(true) . '/profile/' . $a->profile['nickname'], $a->profile['profile_uid'], true); $a->page['aside'] .= posted_date_widget(System::baseUrl(true) . '/profile/' . $a->profile['nickname'], $a->profile['profile_uid'], true);
$a->page['aside'] .= Widget::categories(System::baseUrl(true) . '/profile/' . $a->profile['nickname'], (!empty($category) ? xmlify($category) : '')); $a->page['aside'] .= Widget::categories(System::baseUrl(true) . '/profile/' . $a->profile['nickname'], (!empty($category) ? XML::escape($category) : ''));
$a->page['aside'] .= Widget::tagCloud(); $a->page['aside'] .= Widget::tagCloud();
if (Security::canWriteToUserWall($a->profile['profile_uid'])) { if (Security::canWriteToUserWall($a->profile['profile_uid'])) {

View file

@ -10,6 +10,7 @@ use Friendica\Core\System;
use Friendica\Database\DBA; use Friendica\Database\DBA;
use Friendica\Model\Item; use Friendica\Model\Item;
use Friendica\Util\Security; use Friendica\Util\Security;
use Friendica\Util\XML;
require_once 'include/items.php'; require_once 'include/items.php';
@ -87,7 +88,7 @@ function subthread_content(App $a) {
$post_type = (($item['resource-id']) ? L10n::t('photo') : L10n::t('status')); $post_type = (($item['resource-id']) ? L10n::t('photo') : L10n::t('status'));
$objtype = (($item['resource-id']) ? ACTIVITY_OBJ_IMAGE : ACTIVITY_OBJ_NOTE ); $objtype = (($item['resource-id']) ? ACTIVITY_OBJ_IMAGE : ACTIVITY_OBJ_NOTE );
$link = xmlify('<link rel="alternate" type="text/html" href="' . System::baseUrl() . '/display/' . $owner['nickname'] . '/' . $item['id'] . '" />' . "\n") ; $link = XML::escape('<link rel="alternate" type="text/html" href="' . System::baseUrl() . '/display/' . $owner['nickname'] . '/' . $item['id'] . '" />' . "\n") ;
$body = $item['body']; $body = $item['body'];
$obj = <<< EOT $obj = <<< EOT

View file

@ -10,6 +10,7 @@ use Friendica\Core\System;
use Friendica\Core\Worker; use Friendica\Core\Worker;
use Friendica\Database\DBA; use Friendica\Database\DBA;
use Friendica\Model\Item; use Friendica\Model\Item;
use Friendica\Util\XML;
require_once 'include/items.php'; require_once 'include/items.php';
@ -66,7 +67,7 @@ function tagger_content(App $a) {
} }
$uri = Item::newURI($owner_uid); $uri = Item::newURI($owner_uid);
$xterm = xmlify($term); $xterm = XML::escape($term);
$post_type = (($item['resource-id']) ? L10n::t('photo') : L10n::t('status')); $post_type = (($item['resource-id']) ? L10n::t('photo') : L10n::t('status'));
$targettype = (($item['resource-id']) ? ACTIVITY_OBJ_IMAGE : ACTIVITY_OBJ_NOTE ); $targettype = (($item['resource-id']) ? ACTIVITY_OBJ_IMAGE : ACTIVITY_OBJ_NOTE );
@ -76,9 +77,9 @@ function tagger_content(App $a) {
$href = System::baseUrl() . '/display/' . $item['guid']; $href = System::baseUrl() . '/display/' . $item['guid'];
} }
$link = xmlify('<link rel="alternate" type="text/html" href="'. $href . '" />' . "\n") ; $link = XML::escape('<link rel="alternate" type="text/html" href="'. $href . '" />' . "\n") ;
$body = xmlify($item['body']); $body = XML::escape($item['body']);
$target = <<< EOT $target = <<< EOT
<target> <target>

View file

@ -18,6 +18,7 @@ use Friendica\Model\Contact;
use Friendica\Model\FileTag; use Friendica\Model\FileTag;
use Friendica\Model\GContact; use Friendica\Model\GContact;
use Friendica\Model\Profile; use Friendica\Model\Profile;
use Friendica\Util\XML;
require_once 'boot.php'; require_once 'boot.php';
require_once 'include/dba.php'; require_once 'include/dba.php';
@ -189,7 +190,7 @@ class Widget
if ($cnt) { if ($cnt) {
foreach ($matches as $mtch) foreach ($matches as $mtch)
{ {
$unescaped = xmlify(FileTag::decode($mtch[1])); $unescaped = XML::escape(FileTag::decode($mtch[1]));
$terms[] = array('name' => $unescaped, 'selected' => (($selected == $unescaped) ? 'selected' : '')); $terms[] = array('name' => $unescaped, 'selected' => (($selected == $unescaped) ? 'selected' : ''));
} }
} }
@ -229,7 +230,7 @@ class Widget
if ($cnt) { if ($cnt) {
foreach ($matches as $mtch) { foreach ($matches as $mtch) {
$unescaped = xmlify(FileTag::decode($mtch[1])); $unescaped = XML::escape(FileTag::decode($mtch[1]));
$terms[] = array('name' => $unescaped, 'selected' => (($selected == $unescaped) ? 'selected' : '')); $terms[] = array('name' => $unescaped, 'selected' => (($selected == $unescaped) ? 'selected' : ''));
} }
} }

View file

@ -17,6 +17,7 @@ use Friendica\Database\DBA;
use Friendica\Model\Contact; use Friendica\Model\Contact;
use Friendica\Util\DateTimeFormat; use Friendica\Util\DateTimeFormat;
use Friendica\Util\Map; use Friendica\Util\Map;
use Friendica\Util\XML;
require_once 'boot.php'; require_once 'boot.php';
require_once 'include/dba.php'; require_once 'include/dba.php';
@ -302,8 +303,8 @@ class Event extends BaseObject
$item = Item::selectFirst(['id'], ['event-id' => $event['id'], 'uid' => $event['uid']]); $item = Item::selectFirst(['id'], ['event-id' => $event['id'], 'uid' => $event['uid']]);
if (DBA::isResult($item)) { if (DBA::isResult($item)) {
$object = '<object><type>' . xmlify(ACTIVITY_OBJ_EVENT) . '</type><title></title><id>' . xmlify($event['uri']) . '</id>'; $object = '<object><type>' . XML::escape(ACTIVITY_OBJ_EVENT) . '</type><title></title><id>' . XML::escape($event['uri']) . '</id>';
$object .= '<content>' . xmlify(self::getBBCode($event)) . '</content>'; $object .= '<content>' . XML::escape(self::getBBCode($event)) . '</content>';
$object .= '</object>' . "\n"; $object .= '</object>' . "\n";
$fields = ['body' => self::getBBCode($event), 'object' => $object, 'edited' => $event['edited']]; $fields = ['body' => self::getBBCode($event), 'object' => $object, 'edited' => $event['edited']];
@ -353,8 +354,8 @@ class Event extends BaseObject
$item_arr['body'] = self::getBBCode($event); $item_arr['body'] = self::getBBCode($event);
$item_arr['event-id'] = $event['id']; $item_arr['event-id'] = $event['id'];
$item_arr['object'] = '<object><type>' . xmlify(ACTIVITY_OBJ_EVENT) . '</type><title></title><id>' . xmlify($event['uri']) . '</id>'; $item_arr['object'] = '<object><type>' . XML::escape(ACTIVITY_OBJ_EVENT) . '</type><title></title><id>' . XML::escape($event['uri']) . '</id>';
$item_arr['object'] .= '<content>' . xmlify(self::getBBCode($event)) . '</content>'; $item_arr['object'] .= '<content>' . XML::escape(self::getBBCode($event)) . '</content>';
$item_arr['object'] .= '</object>' . "\n"; $item_arr['object'] .= '</object>' . "\n";
$item_id = Item::insert($item_arr); $item_id = Item::insert($item_arr);

View file

@ -2547,7 +2547,7 @@ class DFRN
$item["guid"] = XML::getFirstNodeValue($xpath, "dfrn:diaspora_guid/text()", $entry); $item["guid"] = XML::getFirstNodeValue($xpath, "dfrn:diaspora_guid/text()", $entry);
// We store the data from "dfrn:diaspora_signature" in a different table, this is done in "Item::insert" // We store the data from "dfrn:diaspora_signature" in a different table, this is done in "Item::insert"
$dsprsig = unxmlify(XML::getFirstNodeValue($xpath, "dfrn:diaspora_signature/text()", $entry)); $dsprsig = XML::unescape(XML::getFirstNodeValue($xpath, "dfrn:diaspora_signature/text()", $entry));
if ($dsprsig != "") { if ($dsprsig != "") {
$item["dsprsig"] = $dsprsig; $item["dsprsig"] = $dsprsig;
} }

View file

@ -463,7 +463,7 @@ class Diaspora
} }
return ['message' => (string)base64url_decode($base->data), return ['message' => (string)base64url_decode($base->data),
'author' => unxmlify($author_addr), 'author' => XML::unescape($author_addr),
'key' => (string)$key]; 'key' => (string)$key];
} }
@ -603,7 +603,7 @@ class Diaspora
Logger::log('Message verified.'); Logger::log('Message verified.');
return ['message' => (string)$inner_decrypted, return ['message' => (string)$inner_decrypted,
'author' => unxmlify($author_link), 'author' => XML::unescape($author_link),
'key' => (string)$key]; 'key' => (string)$key];
} }
@ -1505,9 +1505,9 @@ class Diaspora
*/ */
private static function receiveAccountMigration(array $importer, $data) private static function receiveAccountMigration(array $importer, $data)
{ {
$old_handle = notags(unxmlify($data->author)); $old_handle = notags(XML::unescape($data->author));
$new_handle = notags(unxmlify($data->profile->author)); $new_handle = notags(XML::unescape($data->profile->author));
$signature = notags(unxmlify($data->signature)); $signature = notags(XML::unescape($data->signature));
$contact = self::contactByHandle($importer["uid"], $old_handle); $contact = self::contactByHandle($importer["uid"], $old_handle);
if (!$contact) { if (!$contact) {
@ -1565,7 +1565,7 @@ class Diaspora
*/ */
private static function receiveAccountDeletion($data) private static function receiveAccountDeletion($data)
{ {
$author = notags(unxmlify($data->author)); $author = notags(XML::unescape($data->author));
$contacts = DBA::select('contact', ['id'], ['addr' => $author]); $contacts = DBA::select('contact', ['id'], ['addr' => $author]);
while ($contact = DBA::fetch($contacts)) { while ($contact = DBA::fetch($contacts)) {
@ -1656,19 +1656,19 @@ class Diaspora
*/ */
private static function receiveComment(array $importer, $sender, $data, $xml) private static function receiveComment(array $importer, $sender, $data, $xml)
{ {
$author = notags(unxmlify($data->author)); $author = notags(XML::unescape($data->author));
$guid = notags(unxmlify($data->guid)); $guid = notags(XML::unescape($data->guid));
$parent_guid = notags(unxmlify($data->parent_guid)); $parent_guid = notags(XML::unescape($data->parent_guid));
$text = unxmlify($data->text); $text = XML::unescape($data->text);
if (isset($data->created_at)) { if (isset($data->created_at)) {
$created_at = DateTimeFormat::utc(notags(unxmlify($data->created_at))); $created_at = DateTimeFormat::utc(notags(XML::unescape($data->created_at)));
} else { } else {
$created_at = DateTimeFormat::utcNow(); $created_at = DateTimeFormat::utcNow();
} }
if (isset($data->thread_parent_guid)) { if (isset($data->thread_parent_guid)) {
$thread_parent_guid = notags(unxmlify($data->thread_parent_guid)); $thread_parent_guid = notags(XML::unescape($data->thread_parent_guid));
$thr_uri = self::getUriFromGuid("", $thread_parent_guid, true); $thr_uri = self::getUriFromGuid("", $thread_parent_guid, true);
} else { } else {
$thr_uri = ""; $thr_uri = "";
@ -1773,24 +1773,24 @@ class Diaspora
*/ */
private static function receiveConversationMessage(array $importer, array $contact, $data, $msg, $mesg, $conversation) private static function receiveConversationMessage(array $importer, array $contact, $data, $msg, $mesg, $conversation)
{ {
$author = notags(unxmlify($data->author)); $author = notags(XML::unescape($data->author));
$guid = notags(unxmlify($data->guid)); $guid = notags(XML::unescape($data->guid));
$subject = notags(unxmlify($data->subject)); $subject = notags(XML::unescape($data->subject));
// "diaspora_handle" is the element name from the old version // "diaspora_handle" is the element name from the old version
// "author" is the element name from the new version // "author" is the element name from the new version
if ($mesg->author) { if ($mesg->author) {
$msg_author = notags(unxmlify($mesg->author)); $msg_author = notags(XML::unescape($mesg->author));
} elseif ($mesg->diaspora_handle) { } elseif ($mesg->diaspora_handle) {
$msg_author = notags(unxmlify($mesg->diaspora_handle)); $msg_author = notags(XML::unescape($mesg->diaspora_handle));
} else { } else {
return false; return false;
} }
$msg_guid = notags(unxmlify($mesg->guid)); $msg_guid = notags(XML::unescape($mesg->guid));
$msg_conversation_guid = notags(unxmlify($mesg->conversation_guid)); $msg_conversation_guid = notags(XML::unescape($mesg->conversation_guid));
$msg_text = unxmlify($mesg->text); $msg_text = XML::unescape($mesg->text);
$msg_created_at = DateTimeFormat::utc(notags(unxmlify($mesg->created_at))); $msg_created_at = DateTimeFormat::utc(notags(XML::unescape($mesg->created_at)));
if ($msg_conversation_guid != $guid) { if ($msg_conversation_guid != $guid) {
Logger::log("message conversation guid does not belong to the current conversation."); Logger::log("message conversation guid does not belong to the current conversation.");
@ -1861,11 +1861,11 @@ class Diaspora
*/ */
private static function receiveConversation(array $importer, $msg, $data) private static function receiveConversation(array $importer, $msg, $data)
{ {
$author = notags(unxmlify($data->author)); $author = notags(XML::unescape($data->author));
$guid = notags(unxmlify($data->guid)); $guid = notags(XML::unescape($data->guid));
$subject = notags(unxmlify($data->subject)); $subject = notags(XML::unescape($data->subject));
$created_at = DateTimeFormat::utc(notags(unxmlify($data->created_at))); $created_at = DateTimeFormat::utc(notags(XML::unescape($data->created_at)));
$participants = notags(unxmlify($data->participants)); $participants = notags(XML::unescape($data->participants));
$messages = $data->message; $messages = $data->message;
@ -1919,11 +1919,11 @@ class Diaspora
*/ */
private static function receiveLike(array $importer, $sender, $data) private static function receiveLike(array $importer, $sender, $data)
{ {
$author = notags(unxmlify($data->author)); $author = notags(XML::unescape($data->author));
$guid = notags(unxmlify($data->guid)); $guid = notags(XML::unescape($data->guid));
$parent_guid = notags(unxmlify($data->parent_guid)); $parent_guid = notags(XML::unescape($data->parent_guid));
$parent_type = notags(unxmlify($data->parent_type)); $parent_type = notags(XML::unescape($data->parent_type));
$positive = notags(unxmlify($data->positive)); $positive = notags(XML::unescape($data->positive));
// likes on comments aren't supported by Diaspora - only on posts // likes on comments aren't supported by Diaspora - only on posts
// But maybe this will be supported in the future, so we will accept it. // But maybe this will be supported in the future, so we will accept it.
@ -2028,11 +2028,11 @@ class Diaspora
*/ */
private static function receiveMessage(array $importer, $data) private static function receiveMessage(array $importer, $data)
{ {
$author = notags(unxmlify($data->author)); $author = notags(XML::unescape($data->author));
$guid = notags(unxmlify($data->guid)); $guid = notags(XML::unescape($data->guid));
$conversation_guid = notags(unxmlify($data->conversation_guid)); $conversation_guid = notags(XML::unescape($data->conversation_guid));
$text = unxmlify($data->text); $text = XML::unescape($data->text);
$created_at = DateTimeFormat::utc(notags(unxmlify($data->created_at))); $created_at = DateTimeFormat::utc(notags(XML::unescape($data->created_at)));
$contact = self::allowedContactByHandle($importer, $author, true); $contact = self::allowedContactByHandle($importer, $author, true);
if (!$contact) { if (!$contact) {
@ -2103,8 +2103,8 @@ class Diaspora
*/ */
private static function receiveParticipation(array $importer, $data) private static function receiveParticipation(array $importer, $data)
{ {
$author = strtolower(notags(unxmlify($data->author))); $author = strtolower(notags(XML::unescape($data->author)));
$parent_guid = notags(unxmlify($data->parent_guid)); $parent_guid = notags(XML::unescape($data->parent_guid));
$contact_id = Contact::getIdForURL($author); $contact_id = Contact::getIdForURL($author);
if (!$contact_id) { if (!$contact_id) {
@ -2196,22 +2196,22 @@ class Diaspora
*/ */
private static function receiveProfile(array $importer, $data) private static function receiveProfile(array $importer, $data)
{ {
$author = strtolower(notags(unxmlify($data->author))); $author = strtolower(notags(XML::unescape($data->author)));
$contact = self::contactByHandle($importer["uid"], $author); $contact = self::contactByHandle($importer["uid"], $author);
if (!$contact) { if (!$contact) {
return false; return false;
} }
$name = unxmlify($data->first_name).((strlen($data->last_name)) ? " ".unxmlify($data->last_name) : ""); $name = XML::unescape($data->first_name).((strlen($data->last_name)) ? " ".XML::unescape($data->last_name) : "");
$image_url = unxmlify($data->image_url); $image_url = XML::unescape($data->image_url);
$birthday = unxmlify($data->birthday); $birthday = XML::unescape($data->birthday);
$gender = unxmlify($data->gender); $gender = XML::unescape($data->gender);
$about = Markdown::toBBCode(unxmlify($data->bio)); $about = Markdown::toBBCode(XML::unescape($data->bio));
$location = Markdown::toBBCode(unxmlify($data->location)); $location = Markdown::toBBCode(XML::unescape($data->location));
$searchable = (unxmlify($data->searchable) == "true"); $searchable = (XML::unescape($data->searchable) == "true");
$nsfw = (unxmlify($data->nsfw) == "true"); $nsfw = (XML::unescape($data->nsfw) == "true");
$tags = unxmlify($data->tag_string); $tags = XML::unescape($data->tag_string);
$tags = explode("#", $tags); $tags = explode("#", $tags);
@ -2310,8 +2310,8 @@ class Diaspora
*/ */
private static function receiveContactRequest(array $importer, $data) private static function receiveContactRequest(array $importer, $data)
{ {
$author = unxmlify($data->author); $author = XML::unescape($data->author);
$recipient = unxmlify($data->recipient); $recipient = XML::unescape($data->recipient);
if (!$author || !$recipient) { if (!$author || !$recipient) {
return false; return false;
@ -2320,13 +2320,13 @@ class Diaspora
// the current protocol version doesn't know these fields // the current protocol version doesn't know these fields
// That means that we will assume their existance // That means that we will assume their existance
if (isset($data->following)) { if (isset($data->following)) {
$following = (unxmlify($data->following) == "true"); $following = (XML::unescape($data->following) == "true");
} else { } else {
$following = true; $following = true;
} }
if (isset($data->sharing)) { if (isset($data->sharing)) {
$sharing = (unxmlify($data->sharing) == "true"); $sharing = (XML::unescape($data->sharing) == "true");
} else { } else {
$sharing = true; $sharing = true;
} }
@ -2573,13 +2573,13 @@ class Diaspora
*/ */
private static function receiveReshare(array $importer, $data, $xml) private static function receiveReshare(array $importer, $data, $xml)
{ {
$author = notags(unxmlify($data->author)); $author = notags(XML::unescape($data->author));
$guid = notags(unxmlify($data->guid)); $guid = notags(XML::unescape($data->guid));
$created_at = DateTimeFormat::utc(notags(unxmlify($data->created_at))); $created_at = DateTimeFormat::utc(notags(XML::unescape($data->created_at)));
$root_author = notags(unxmlify($data->root_author)); $root_author = notags(XML::unescape($data->root_author));
$root_guid = notags(unxmlify($data->root_guid)); $root_guid = notags(XML::unescape($data->root_guid));
/// @todo handle unprocessed property "provider_display_name" /// @todo handle unprocessed property "provider_display_name"
$public = notags(unxmlify($data->public)); $public = notags(XML::unescape($data->public));
$contact = self::allowedContactByHandle($importer, $author, false); $contact = self::allowedContactByHandle($importer, $author, false);
if (!$contact) { if (!$contact) {
@ -2665,9 +2665,9 @@ class Diaspora
*/ */
private static function itemRetraction(array $importer, array $contact, $data) private static function itemRetraction(array $importer, array $contact, $data)
{ {
$author = notags(unxmlify($data->author)); $author = notags(XML::unescape($data->author));
$target_guid = notags(unxmlify($data->target_guid)); $target_guid = notags(XML::unescape($data->target_guid));
$target_type = notags(unxmlify($data->target_type)); $target_type = notags(XML::unescape($data->target_type));
$person = self::personByHandle($author); $person = self::personByHandle($author);
if (!is_array($person)) { if (!is_array($person)) {
@ -2729,7 +2729,7 @@ class Diaspora
*/ */
private static function receiveRetraction(array $importer, $sender, $data) private static function receiveRetraction(array $importer, $sender, $data)
{ {
$target_type = notags(unxmlify($data->target_type)); $target_type = notags(XML::unescape($data->target_type));
$contact = self::contactByHandle($importer["uid"], $sender); $contact = self::contactByHandle($importer["uid"], $sender);
if (!$contact && (in_array($target_type, ["Contact", "Person"]))) { if (!$contact && (in_array($target_type, ["Contact", "Person"]))) {
@ -2774,12 +2774,12 @@ class Diaspora
*/ */
private static function receiveStatusMessage(array $importer, SimpleXMLElement $data, $xml) private static function receiveStatusMessage(array $importer, SimpleXMLElement $data, $xml)
{ {
$author = notags(unxmlify($data->author)); $author = notags(XML::unescape($data->author));
$guid = notags(unxmlify($data->guid)); $guid = notags(XML::unescape($data->guid));
$created_at = DateTimeFormat::utc(notags(unxmlify($data->created_at))); $created_at = DateTimeFormat::utc(notags(XML::unescape($data->created_at)));
$public = notags(unxmlify($data->public)); $public = notags(XML::unescape($data->public));
$text = unxmlify($data->text); $text = XML::unescape($data->text);
$provider_display_name = notags(unxmlify($data->provider_display_name)); $provider_display_name = notags(XML::unescape($data->provider_display_name));
$contact = self::allowedContactByHandle($importer, $author, false); $contact = self::allowedContactByHandle($importer, $author, false);
if (!$contact) { if (!$contact) {
@ -2794,7 +2794,7 @@ class Diaspora
$address = []; $address = [];
if ($data->location) { if ($data->location) {
foreach ($data->location->children() as $fieldname => $data) { foreach ($data->location->children() as $fieldname => $data) {
$address[$fieldname] = notags(unxmlify($data)); $address[$fieldname] = notags(XML::unescape($data));
} }
} }
@ -2805,8 +2805,8 @@ class Diaspora
// Attach embedded pictures to the body // Attach embedded pictures to the body
if ($data->photo) { if ($data->photo) {
foreach ($data->photo as $photo) { foreach ($data->photo as $photo) {
$body = "[img]".unxmlify($photo->remote_photo_path). $body = "[img]".XML::unescape($photo->remote_photo_path).
unxmlify($photo->remote_photo_name)."[/img]\n".$body; XML::unescape($photo->remote_photo_name)."[/img]\n".$body;
} }
$datarray["object-type"] = ACTIVITY_OBJ_IMAGE; $datarray["object-type"] = ACTIVITY_OBJ_IMAGE;

View file

@ -36,7 +36,7 @@ class XML
$root = new SimpleXMLElement("<".$key."/>"); $root = new SimpleXMLElement("<".$key."/>");
self::fromArray($value, $root, $remove_header, $namespaces, false); self::fromArray($value, $root, $remove_header, $namespaces, false);
} else { } else {
$root = new SimpleXMLElement("<".$key.">".xmlify($value)."</".$key.">"); $root = new SimpleXMLElement("<".$key.">".self::escape($value)."</".$key.">");
} }
$dom = dom_import_simplexml($root)->ownerDocument; $dom = dom_import_simplexml($root)->ownerDocument;
@ -104,7 +104,7 @@ class XML
} }
if (!is_array($value)) { if (!is_array($value)) {
$element = $xml->addChild($key, xmlify($value), $namespace); $element = $xml->addChild($key, self::escape($value), $namespace);
} elseif (is_array($value)) { } elseif (is_array($value)) {
$element = $xml->addChild($key, null, $namespace); $element = $xml->addChild($key, null, $namespace);
self::fromArray($value, $element, $remove_header, $namespaces, false); self::fromArray($value, $element, $remove_header, $namespaces, false);
@ -123,7 +123,7 @@ class XML
public static function copy(&$source, &$target, $elementname) public static function copy(&$source, &$target, $elementname)
{ {
if (count($source->children()) == 0) { if (count($source->children()) == 0) {
$target->addChild($elementname, xmlify($source)); $target->addChild($elementname, self::escape($source));
} else { } else {
$child = $target->addChild($elementname); $child = $target->addChild($elementname);
foreach ($source->children() as $childfield => $childentry) { foreach ($source->children() as $childfield => $childentry) {
@ -144,11 +144,11 @@ class XML
*/ */
public static function createElement($doc, $element, $value = "", $attributes = []) public static function createElement($doc, $element, $value = "", $attributes = [])
{ {
$element = $doc->createElement($element, xmlify($value)); $element = $doc->createElement($element, self::escape($value));
foreach ($attributes as $key => $value) { foreach ($attributes as $key => $value) {
$attribute = $doc->createAttribute($key); $attribute = $doc->createAttribute($key);
$attribute->value = xmlify($value); $attribute->value = self::escape($value);
$element->appendChild($attribute); $element->appendChild($attribute);
} }
return $element; return $element;
@ -462,4 +462,43 @@ class XML
return $first_item->attributes; return $first_item->attributes;
} }
/**
* escape text ($str) for XML transport
* @param string $str
* @return string Escaped text.
*/
public static function escape($str)
{
$buffer = htmlspecialchars($str, ENT_QUOTES, "UTF-8");
$buffer = trim($buffer);
return $buffer;
}
/**
* undo an escape
* @param string $s xml escaped text
* @return string unescaped text
*/
public static function unescape($s)
{
$ret = htmlspecialchars_decode($s, ENT_QUOTES);
return $ret;
}
/**
* apply escape() to all values of array $val, recursively
* @param array $val
* @return array
*/
public static function arrayEscape($val)
{
if (is_bool($val)) {
return $val?"true":"false";
} elseif (is_array($val)) {
return array_map('XML::arrayEscape', $val);
}
return self::escape((string) $val);
}
} }

View file

@ -249,45 +249,6 @@ class TextTest extends TestCase
); );
} }
/**
*xmlify and unxmlify
*/
public function testXmlify()
{
$text="<tag>I want to break\n this!11!<?hard?></tag>";
$xml=xmlify($text);
$retext=unxmlify($text);
$this->assertEquals($text, $retext);
}
/**
* xmlify and put in a document
*/
public function testXmlifyDocument()
{
$tag="<tag>I want to break</tag>";
$xml=xmlify($tag);
$text='<text>'.$xml.'</text>';
$xml_parser=xml_parser_create();
//should be possible to parse it
$values=array();
$index=array();
$this->assertEquals(1, xml_parse_into_struct($xml_parser, $text, $values, $index));
$this->assertEquals(
array('TEXT'=>array(0)),
$index
);
$this->assertEquals(
array(array('tag'=>'TEXT', 'type'=>'complete', 'level'=>1, 'value'=>$tag)),
$values
);
xml_parser_free($xml_parser);
}
/** /**
* test hex2bin and reverse * test hex2bin and reverse
*/ */

View file

@ -0,0 +1,49 @@
<?php
/**
* @file tests/src/Util/XmlTest.php
*/
namespace Friendica\Test\Util;
use Friendica\Util\XML;
use PHPUnit\Framework\TestCase;
/**
* @brief XML utility test class
*/
class XmlTest extends TestCase
{
/**
* escape and unescape
*/
public function testEscapeUnescape()
{
$text="<tag>I want to break\n this!11!<?hard?></tag>";
$xml=XML::escape($text);
$retext=XML::unescape($text);
$this->assertEquals($text, $retext);
}
/**
* escape and put in a document
*/
public function testEscapeDocument()
{
$tag="<tag>I want to break</tag>";
$xml=XML::escape($tag);
$text='<text>'.$xml.'</text>';
$xml_parser=xml_parser_create();
//should be possible to parse it
$values=array();
$index=array();
$this->assertEquals(1, xml_parse_into_struct($xml_parser, $text, $values, $index));
$this->assertEquals(
array('TEXT'=>array(0)),
$index
);
$this->assertEquals(
array(array('tag'=>'TEXT', 'type'=>'complete', 'level'=>1, 'value'=>$tag)),
$values
);
xml_parser_free($xml_parser);
}
}