Merge pull request #13285 from annando/more-privacy

Unified BBCode conversion, improved proxy functionality
pull/13295/head
Hypolite Petovan 2023-07-17 08:00:53 -04:00 committed by GitHub
commit 54033b5e5a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
25 changed files with 61 additions and 38 deletions

View File

@ -312,8 +312,7 @@ class OEmbed
*/
public static function BBCode2HTML(string $text): string
{
$stopoembed = DI::config()->get('system', 'no_oembed');
if ($stopoembed == true) {
if (DI::config()->get('system', 'no_oembed')) {
return preg_replace("/\[embed\](.+?)\[\/embed\]/is", "<!-- oembed $1 --><i>" . DI::l10n()->t('Embedding disabled') . " : $1</i><!-- /oembed $1 -->", $text);
}
return preg_replace_callback("/\[embed\](.+?)\[\/embed\]/is", [self::class, 'replaceCallback'], $text);

View File

@ -142,7 +142,7 @@ class BBCode
break;
case 'title':
$value = self::convert(html_entity_decode($value, ENT_QUOTES, 'UTF-8'), false, true);
$value = self::toPlaintext(html_entity_decode($value, ENT_QUOTES, 'UTF-8'));
$value = html_entity_decode($value, ENT_QUOTES, 'UTF-8');
$value = str_replace(['[', ']'], ['&#91;', '&#93;'], $value);
$data['title'] = $value;
@ -236,7 +236,7 @@ class BBCode
// Remove attachment
$text = self::replaceAttachment($text);
$naked_text = HTML::toPlaintext(self::convert($text, false, 0, true), 0, !$keep_urls);
$naked_text = HTML::toPlaintext(self::convert($text, false, BBCode::EXTERNAL, true), 0, !$keep_urls);
DI::profiler()->stopRecording();
return $naked_text;
@ -2065,7 +2065,7 @@ class BBCode
// Convert it to HTML - don't try oembed
if ($for_diaspora) {
$text = self::convert($text, false, self::DIASPORA);
$text = self::convertForUriId(0, $text, self::DIASPORA);
// Add all tags that maybe were removed
if (preg_match_all("/#\[url\=([$url_search_string]*)\](.*?)\[\/url\]/ism", $original_text, $tags)) {
@ -2079,7 +2079,7 @@ class BBCode
$text = $text . ' ' . $tagline;
}
} else {
$text = self::convert($text, false, self::CONNECTORS);
$text = self::convertForUriId(0, $text, self::CONNECTORS);
}
// If a link is followed by a quote then there should be a newline before it

View File

@ -45,7 +45,7 @@ class NPF
{
$bbcode = self::prepareBody($bbcode);
$html = BBCode::convert($bbcode, false, BBCode::NPF);
$html = BBCode::convertForUriId($uri_id, $bbcode, BBCode::NPF);
if (empty($html)) {
return [];
}

View File

@ -25,6 +25,7 @@ use Friendica\Content\Text\BBCode;
use Friendica\Content\Text\HTML;
use Friendica\Core\Config\Capability\IManageConfigValues;
use Friendica\DI;
use Friendica\Model\User;
use Friendica\Module\Response;
use Friendica\Network\HTTPException\FoundException;
use Friendica\Network\HTTPException\MovedPermanentlyException;
@ -226,9 +227,10 @@ class System
* @param integer $depth How many calls to include in the stacks after filtering
* @param int $offset How many calls to shave off the top of the stack, for example if
* this is called from a centralized method that isn't relevant to the callstack
* @param bool $full If enabled, the callstack is not compacted
* @return string
*/
public static function callstack(int $depth = 4, int $offset = 0): string
public static function callstack(int $depth = 4, int $offset = 0, bool $full = false): string
{
$trace = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS);
@ -243,7 +245,7 @@ class System
while ($func = array_pop($trace)) {
if (!empty($func['class'])) {
if (in_array($previous['function'], ['insert', 'fetch', 'toArray', 'exists', 'count', 'selectFirst', 'selectToArray',
if (!$full && in_array($previous['function'], ['insert', 'fetch', 'toArray', 'exists', 'count', 'selectFirst', 'selectToArray',
'select', 'update', 'delete', 'selectFirstForUser', 'selectForUser'])
&& (substr($previous['class'], 0, 15) === 'Friendica\Model')) {
continue;
@ -251,7 +253,7 @@ class System
// Don't show multiple calls from the Database classes to show the essential parts of the callstack
$func['database'] = in_array($func['class'], ['Friendica\Database\DBA', 'Friendica\Database\Database']);
if (!$previous['database'] || !$func['database']) {
if ($full || !$previous['database'] || !$func['database']) {
$classparts = explode("\\", $func['class']);
$callstack[] = array_pop($classparts).'::'.$func['function'] . (isset($func['line']) ? ' (' . $func['line'] . ')' : '');
$previous = $func;
@ -669,9 +671,7 @@ class System
if (DI::config()->get('system', 'tosdisplay')) {
$rulelist = DI::config()->get('system', 'tosrules') ?: DI::config()->get('system', 'tostext');
$html = BBCode::convert($rulelist, false, BBCode::EXTERNAL);
$msg = HTML::toPlaintext($html, 0, true);
$msg = BBCode::toPlaintext($rulelist, false);
foreach (explode("\n", trim($msg)) as $line) {
$line = trim($line);
if ($line) {

View File

@ -38,7 +38,7 @@ class Field extends BaseFactory
*/
public function createFromProfileField(ProfileField $profileField): \Friendica\Object\Api\Mastodon\Field
{
return new \Friendica\Object\Api\Mastodon\Field($profileField->label, BBCode::convert($profileField->value, false, BBCode::ACTIVITYPUB));
return new \Friendica\Object\Api\Mastodon\Field($profileField->label, BBCode::convertForUriId($profileField->uriId, $profileField->value, BBCode::ACTIVITYPUB));
}
/**

View File

@ -1012,7 +1012,7 @@ class Event
}
}
$location['name'] = BBCode::convert($location['name']);
$location['name'] = BBCode::toPlaintext($location['name'], false);
// Construct the map HTML.
if (isset($location['address'])) {

View File

@ -640,13 +640,13 @@ class Profile
$istoday = true;
}
$title = strip_tags(html_entity_decode(BBCode::convertForUriId($rr['uri-id'], $rr['summary']), ENT_QUOTES, 'UTF-8'));
$title = BBCode::toPlaintext($rr['summary'], false);
if (strlen($title) > 35) {
$title = substr($title, 0, 32) . '... ';
}
$description = substr(strip_tags(BBCode::convertForUriId($rr['uri-id'], $rr['desc'])), 0, 32) . '... ';
$description = BBCode::toPlaintext($rr['desc'], false) . '... ';
if (!$description) {
$description = DI::l10n()->t('[No description]');
}

View File

@ -132,6 +132,17 @@ class User
return null;
}
/**
* Get the Uri-Id of the system account
*
* @return integer
*/
public static function getSystemUriId(): int
{
$system = self::getSystemAccount();
return $system['uri-id'] ?? 0;
}
/**
* Fetch the system account
*

View File

@ -78,7 +78,7 @@ class Show extends BaseApi
foreach ($profileFields as $profileField) {
$custom_fields[] = [
'label' => $profileField->label,
'value' => BBCode::convert($profileField->value, false, BBCode::TWITTER_API),
'value' => BBCode::convertForUriId($profileField->uriId, $profileField->value, BBCode::TWITTER_API),
];
}

View File

@ -58,7 +58,7 @@ class Babel extends BaseModule
'content' => visible_whitespace($plain)
];
$html = Text\BBCode::convert($bbcode);
$html = Text\BBCode::convertForUriId(0, $bbcode);
$results[] = [
'title' => DI::l10n()->t('BBCode::convert (raw HTML)'),
'content' => visible_whitespace($html)
@ -125,7 +125,7 @@ class Babel extends BaseModule
'title' => DI::l10n()->t('PageInfo::appendToBody'),
'content' => visible_whitespace($body2)
];
$html3 = Text\BBCode::convert($body2);
$html3 = Text\BBCode::convertForUriId(0, $body2);
$results[] = [
'title' => DI::l10n()->t('PageInfo::appendToBody => BBCode::convert (raw HTML)'),
'content' => visible_whitespace($html3)
@ -203,7 +203,7 @@ class Babel extends BaseModule
'content' => visible_whitespace($bbcode)
];
$html2 = Text\BBCode::convert($bbcode);
$html2 = Text\BBCode::convertForUriId(0, $bbcode);
$results[] = [
'title' => DI::l10n()->t('HTML::toBBCode => BBCode::convert'),
'content' => $html2

View File

@ -337,7 +337,7 @@ class Create extends BaseModule
'$contact' => $contact,
'$category' => $category,
'$rules' => $rules ?? [],
'$comment' => BBCode::convert($this->session->get('report_comment') ?? '', false, ),
'$comment' => BBCode::convertForUriId($contact['uri-id'] ?? 0, $this->session->get('report_comment') ?? '', BBCode::EXTERNAL),
'$posts' => count($request['uri-ids'] ?? []),
]);
}

View File

@ -147,7 +147,7 @@ class Introductions extends BaseNotifications
$knowyou = '';
}
$convertedName = BBCode::convert($Introduction->getName());
$convertedName = BBCode::toPlaintext($Introduction->getName(), false);
$helptext = $this->t('Shall your connection be bidirectional or not?');
$helptext2 = $this->t('Accepting %s as a friend allows %s to subscribe to your posts, and you will also receive updates from them in your news feed.', $convertedName, $convertedName);

View File

@ -150,7 +150,7 @@ class Register extends BaseModule
'$invite_label' => DI::l10n()->t('Your invitation code: '),
'$invite_id' => $invite_id,
'$regtitle' => DI::l10n()->t('Registration'),
'$registertext' => BBCode::convert(DI::config()->get('config', 'register_text', '')),
'$registertext' => BBCode::convertForUriId(User::getSystemUriId(), DI::config()->get('config', 'register_text', '')),
'$fillwith' => $fillwith,
'$fillext' => $fillext,
'$oidlabel' => $oidlabel,

View File

@ -27,6 +27,7 @@ use Friendica\Core\Config\Capability\IManageConfigValues;
use Friendica\Core\L10n;
use Friendica\Core\Renderer;
use Friendica\Content\Text\BBCode;
use Friendica\Model\User;
use Friendica\Util\Profiler;
use Psr\Log\LoggerInterface;
@ -98,9 +99,9 @@ class Tos extends BaseModule
return Renderer::replaceMacros($tpl, [
'$title' => $this->t('Terms of Service'),
'$tostext' => BBCode::convert($this->config->get('system', 'tostext')),
'$tostext' => BBCode::convertForUriId(User::getSystemUriId(), $this->config->get('system', 'tostext')),
'$rulestitle' => $this->t('Rules'),
'$rules' => BBCode::convert($rules),
'$rules' => BBCode::convertForUriId(User::getSystemUriId(), $rules),
'$displayprivstatement' => $this->config->get('system', 'tosprivstatement'),
'$privstatementtitle' => $this->t('Privacy Statement'),
'$privacy_operate' => $this->t('At the time of registration, and for providing communications between the user account and their contacts, the user has to provide a display name (pen name), an username (nickname) and a working email address. The names will be accessible on the profile page of the account by any visitor of the page, even if other profile details are not displayed. The email address will only be used to send the user notifications about interactions, but wont be visibly displayed. The listing of an account in the node\'s user directory or the global user directory is optional and can be controlled in the user settings, it is not necessary for communication.'),

View File

@ -118,7 +118,7 @@ class Notify extends BaseEntity
public function updateMsgFromPreamble($epreamble)
{
$this->msg = Renderer::replaceMacros($epreamble, ['$itemlink' => $this->link->__toString()]);
$this->msg_cache = self::formatMessage($this->name_cache, strip_tags(BBCode::convert($this->msg)));
$this->msg_cache = self::formatMessage($this->name_cache, BBCode::toPlaintext($this->msg, false));
}
/**
@ -134,6 +134,6 @@ class Notify extends BaseEntity
*/
public static function formatMessage(string $name, string $message): string
{
return str_replace('{0}', '<span class="contactname">' . strip_tags(BBCode::convert($name)) . '</span>', htmlspecialchars($message));
return str_replace('{0}', '<span class="contactname">' . BBCode::toPlaintext($name, false) . '</span>', htmlspecialchars($message));
}
}

View File

@ -222,7 +222,7 @@ class FormattedNotify extends BaseFactory
$this->baseUrl . '/notify/' . $Notify->id,
Contact::getAvatarUrlForUrl($Notify->url, $Notify->uid, Proxy::SIZE_MICRO),
$Notify->url,
strip_tags(BBCode::toPlaintext($Notify->msg ?? '')),
BBCode::toPlaintext($Notify->msg ?? '', false),
DateTimeFormat::local($Notify->date->format(DateTimeFormat::MYSQL), 'r'),
Temporal::getRelativeDate($Notify->date->format(DateTimeFormat::MYSQL)),
$Notify->seen

View File

@ -163,8 +163,8 @@ class Introduction extends BaseFactory
'contact_id' => $intro['contact-id'],
'photo' => Contact::getPhoto($intro),
'name' => $intro['name'],
'location' => BBCode::convert($intro['location'], false),
'about' => BBCode::convert($intro['about'], false),
'location' => BBCode::convertForUriId($intro['uri-id'], $intro['location'], BBCode::EXTERNAL),
'about' => BBCode::convertForUriId ($intro['uri-id'], $intro['about'], BBCode::EXTERNAL),
'keywords' => $intro['keywords'],
'hidden' => $intro['hidden'] == 1,
'post_newfriend' => (intval($this->pConfig->get($this->session->getLocalUserId(), 'system', 'post_newfriend')) ? '1' : 0),

View File

@ -68,7 +68,7 @@ class Notify extends BaseFactory implements ICanCreateFromTableRow
false,
$params['verb'] ?? '',
$params['otype'] ?? '',
substr(strip_tags(BBCode::convertForUriId($uri_id, $params['source_name'])), 0, 255),
substr(BBCode::toPlaintext($params['source_name'], false), 0, 255),
null,
null,
$item_id,

View File

@ -98,7 +98,7 @@ class Notification extends BaseDataTransferObject
$this->date_rel = Temporal::getRelativeDate($this->date);
try {
$this->msg_html = BBCode::convert($this->msg, false);
$this->msg_html = BBCode::convertForUriId($Notify->uriId, $this->msg, BBCode::EXTERNAL);
} catch (\Exception $e) {
$this->msg_html = '';
}

View File

@ -67,7 +67,7 @@ class ScheduledStatus extends BaseDataTransferObject
$this->scheduled_at = DateTimeFormat::utc($delayed_post['delayed'], DateTimeFormat::JSON);
$this->params = [
'text' => BBCode::convert(BBCode::setMentionsToNicknames($parameters['item']['body'] ?? ''), false, BBCode::MASTODON_API),
'text' => BBCode::convertForUriId($parameters['item']['uri-id'] ?? 0, BBCode::setMentionsToNicknames($parameters['item']['body'] ?? ''), BBCode::MASTODON_API),
'media_ids' => $media_ids,
'sensitive' => null,
'spoiler_text' => $parameters['item']['title'] ?? '',

View File

@ -34,6 +34,7 @@ use Friendica\Security\PermissionSet\Entity\PermissionSet;
*
* @property-read int|null $id
* @property-read int $uid
* @property-read int $uriId
* @property-read int $order
* @property-read string $label
* @property-read string $value
@ -50,6 +51,8 @@ class ProfileField extends BaseEntity
/** @var int */
protected $uid;
/** @var int */
protected $uriId;
/** @var int */
protected $order;
/** @var string */
protected $label;
@ -60,7 +63,7 @@ class ProfileField extends BaseEntity
/** @var \DateTime */
protected $edited;
public function __construct(int $uid, int $order, string $label, string $value, \DateTime $created, \DateTime $edited, PermissionSet $permissionSet, int $id = null)
public function __construct(int $uid, int $order, string $label, string $value, \DateTime $created, \DateTime $edited, PermissionSet $permissionSet, int $id = null, int $uriId = null)
{
$this->permissionSet = $permissionSet;
$this->uid = $uid;
@ -70,6 +73,7 @@ class ProfileField extends BaseEntity
$this->created = $created;
$this->edited = $edited;
$this->id = $id;
$this->uriId = $uriId;
}
/**

View File

@ -26,6 +26,7 @@ use Friendica\Profile\ProfileField\Exception\UnexpectedPermissionSetException;
use Friendica\Security\PermissionSet\Factory\PermissionSet as PermissionSetFactory;
use Friendica\Profile\ProfileField\Entity;
use Friendica\Capabilities\ICanCreateFromTableRow;
use Friendica\Model\User;
use Friendica\Security\PermissionSet\Entity\PermissionSet;
use Psr\Log\LoggerInterface;
@ -54,6 +55,8 @@ class ProfileField extends BaseFactory implements ICanCreateFromTableRow
throw new UnexpectedPermissionSetException('Either set the PermissionSet fields (join) or the PermissionSet itself');
}
$owner = User::getOwnerDataById($row['uid']);
return new Entity\ProfileField(
$row['uid'],
$row['order'],
@ -69,7 +72,8 @@ class ProfileField extends BaseFactory implements ICanCreateFromTableRow
$row['deny_gid'],
$row['psid']
),
$row['id'] ?? null
$row['id'] ?? null,
$owner['uri-id'] ?? null
);
}

View File

@ -179,7 +179,7 @@ class NotifyMailBuilder extends MailBuilder
*/
protected function getHtmlMessage()
{
$htmlVersion = BBCode::convert($this->body);
$htmlVersion = BBCode::convertForUriId(0, $this->body, BBCode::EXTERNAL);
// load the template for private message notifications
$tpl = Renderer::getMarkupTemplate('email/notify/html.tpl');

View File

@ -100,7 +100,7 @@ class SystemMailBuilder extends MailBuilder
'$preamble' => str_replace("\n", "<br>\n", $this->preamble),
'$thanks' => $this->l10n->t('thanks'),
'$site_admin' => $this->siteAdmin,
'$htmlversion' => BBCode::convert($this->body),
'$htmlversion' => BBCode::convertForUriId(0, $this->body, BBCode::EXTERNAL),
]);
}

View File

@ -164,6 +164,10 @@ return [
// Allow pseudonyms (true) or enforce a space between first name and last name in Full name, as an anti spam measure (false).
'no_regfullname' => true,
// no_oembed_rich_content (Boolean)
// If enabled, allow OEmbed for all URLs. Disabled by default.
'no_oembed_rich_content' => true,
// optimize_tables (Boolean)
// Periodically (once an hour) run an "optimize table" command for cache tables
'optimize_tables' => false,