use Friendica\Util\DateTimeFormat;
use Friendica\Util\Map;
use Friendica\Util\Network;
+use Friendica\Util\Strings;
use Friendica\Util\XML;
use SimpleXMLElement;
// Now we are collecting all relay contacts
foreach ($serverlist as $server_url) {
// We don't send messages to ourselves
- if (link_compare($server_url, System::baseUrl())) {
+ if (Strings::compareLink($server_url, System::baseUrl())) {
continue;
}
$contact = self::getRelayContact($server_url);
$fields = ['batch', 'id', 'name', 'network', 'archive', 'blocked'];
// Fetch the relay contact
- $condition = ['uid' => 0, 'nurl' => normalise_link($server_url),
+ $condition = ['uid' => 0, 'nurl' => Strings::normaliseLink($server_url),
'contact-type' => Contact::ACCOUNT_TYPE_RELAY];
$contact = DBA::selectFirst('contact', $fields, $condition);
$fields = array_merge($fields, $network_fields);
- $condition = ['uid' => 0, 'nurl' => normalise_link($server_url),
+ $condition = ['uid' => 0, 'nurl' => Strings::normaliseLink($server_url),
'contact-type' => Contact::ACCOUNT_TYPE_RELAY];
if (DBA::exists('contact', $condition)) {
$handle = "";
- $data = base64url_decode($children->data);
+ $data = Strings::base64UrlDecode($children->data);
$type = $children->data->attributes()->type[0];
$encoding = $children->encoding;
$alg = $children->alg;
- $sig = base64url_decode($children->sig);
+ $sig = Strings::base64UrlDecode($children->sig);
$key_id = $children->sig->attributes()->key_id[0];
if ($key_id != "") {
- $handle = base64url_decode($key_id);
+ $handle = Strings::base64UrlDecode($key_id);
}
- $b64url_data = base64url_encode($data);
+ $b64url_data = Strings::base64UrlEncode($data);
$msg = str_replace(["\n", "\r", " ", "\t"], ["", "", "", ""], $b64url_data);
- $signable_data = $msg.".".base64url_encode($type).".".base64url_encode($encoding).".".base64url_encode($alg);
+ $signable_data = $msg.".".Strings::base64UrlEncode($type).".".Strings::base64UrlEncode($encoding).".".Strings::base64UrlEncode($alg);
if ($handle == '') {
Logger::log('No author could be decoded. Discarding. Message: ' . $envelope);
$type = $base->data[0]->attributes()->type[0];
$encoding = $base->encoding;
$alg = $base->alg;
- $signed_data = $data.'.'.base64url_encode($type).'.'.base64url_encode($encoding).'.'.base64url_encode($alg);
+ $signed_data = $data.'.'.Strings::base64UrlEncode($type).'.'.Strings::base64UrlEncode($encoding).'.'.Strings::base64UrlEncode($alg);
// This is the signature
- $signature = base64url_decode($base->sig);
+ $signature = Strings::base64UrlDecode($base->sig);
// Get the senders' public key
$key_id = $base->sig[0]->attributes()->key_id[0];
}
}
- return ['message' => (string)base64url_decode($base->data),
- 'author' => unxmlify($author_addr),
+ return ['message' => (string)Strings::base64UrlDecode($base->data),
+ 'author' => XML::unescape($author_addr),
'key' => (string)$key];
}
// Stash the signature away for now. We have to find their key or it won't be good for anything.
- $signature = base64url_decode($base->sig);
+ $signature = Strings::base64UrlDecode($base->sig);
// unpack the data
$alg = $base->alg;
- $signed_data = $data.'.'.base64url_encode($type).'.'.base64url_encode($encoding).'.'.base64url_encode($alg);
+ $signed_data = $data.'.'.Strings::base64UrlEncode($type).'.'.Strings::base64UrlEncode($encoding).'.'.Strings::base64UrlEncode($alg);
// decode the data
- $data = base64url_decode($data);
+ $data = Strings::base64UrlDecode($data);
if ($public) {
Logger::log('Message verified.');
return ['message' => (string)$inner_decrypted,
- 'author' => unxmlify($author_link),
+ 'author' => XML::unescape($author_link),
'key' => (string)$key];
}
*/
private static function authorContactByUrl($def_contact, $person, $uid)
{
- $condition = ['nurl' => normalise_link($person["url"]), 'uid' => $uid];
+ $condition = ['nurl' => Strings::normaliseLink($person["url"]), 'uid' => $uid];
$contact = DBA::selectFirst('contact', ['id', 'network'], $condition);
if (DBA::isResult($contact)) {
$cid = $contact["id"];
*/
private static function receiveAccountMigration(array $importer, $data)
{
- $old_handle = notags(unxmlify($data->author));
- $new_handle = notags(unxmlify($data->profile->author));
- $signature = notags(unxmlify($data->signature));
+ $old_handle = Strings::escapeTags(XML::unescape($data->author));
+ $new_handle = Strings::escapeTags(XML::unescape($data->profile->author));
+ $signature = Strings::escapeTags(XML::unescape($data->signature));
$contact = self::contactByHandle($importer["uid"], $old_handle);
if (!$contact) {
return false;
}
- $fields = ['url' => $data['url'], 'nurl' => normalise_link($data['url']),
+ $fields = ['url' => $data['url'], 'nurl' => Strings::normaliseLink($data['url']),
'name' => $data['name'], 'nick' => $data['nick'],
'addr' => $data['addr'], 'batch' => $data['batch'],
'notify' => $data['notify'], 'poll' => $data['poll'],
DBA::update('contact', $fields, ['addr' => $old_handle]);
- $fields = ['url' => $data['url'], 'nurl' => normalise_link($data['url']),
+ $fields = ['url' => $data['url'], 'nurl' => Strings::normaliseLink($data['url']),
'name' => $data['name'], 'nick' => $data['nick'],
'addr' => $data['addr'], 'connect' => $data['addr'],
'notify' => $data['notify'], 'photo' => $data['photo'],
*/
private static function receiveAccountDeletion($data)
{
- $author = notags(unxmlify($data->author));
+ $author = Strings::escapeTags(XML::unescape($data->author));
$contacts = DBA::select('contact', ['id'], ['addr' => $author]);
while ($contact = DBA::fetch($contacts)) {
*/
private static function receiveComment(array $importer, $sender, $data, $xml)
{
- $author = notags(unxmlify($data->author));
- $guid = notags(unxmlify($data->guid));
- $parent_guid = notags(unxmlify($data->parent_guid));
- $text = unxmlify($data->text);
+ $author = Strings::escapeTags(XML::unescape($data->author));
+ $guid = Strings::escapeTags(XML::unescape($data->guid));
+ $parent_guid = Strings::escapeTags(XML::unescape($data->parent_guid));
+ $text = XML::unescape($data->text);
if (isset($data->created_at)) {
- $created_at = DateTimeFormat::utc(notags(unxmlify($data->created_at)));
+ $created_at = DateTimeFormat::utc(Strings::escapeTags(XML::unescape($data->created_at)));
} else {
$created_at = DateTimeFormat::utcNow();
}
if (isset($data->thread_parent_guid)) {
- $thread_parent_guid = notags(unxmlify($data->thread_parent_guid));
+ $thread_parent_guid = Strings::escapeTags(XML::unescape($data->thread_parent_guid));
$thr_uri = self::getUriFromGuid("", $thread_parent_guid, true);
} else {
$thr_uri = "";
*/
private static function receiveConversationMessage(array $importer, array $contact, $data, $msg, $mesg, $conversation)
{
- $author = notags(unxmlify($data->author));
- $guid = notags(unxmlify($data->guid));
- $subject = notags(unxmlify($data->subject));
+ $author = Strings::escapeTags(XML::unescape($data->author));
+ $guid = Strings::escapeTags(XML::unescape($data->guid));
+ $subject = Strings::escapeTags(XML::unescape($data->subject));
// "diaspora_handle" is the element name from the old version
// "author" is the element name from the new version
if ($mesg->author) {
- $msg_author = notags(unxmlify($mesg->author));
+ $msg_author = Strings::escapeTags(XML::unescape($mesg->author));
} elseif ($mesg->diaspora_handle) {
- $msg_author = notags(unxmlify($mesg->diaspora_handle));
+ $msg_author = Strings::escapeTags(XML::unescape($mesg->diaspora_handle));
} else {
return false;
}
- $msg_guid = notags(unxmlify($mesg->guid));
- $msg_conversation_guid = notags(unxmlify($mesg->conversation_guid));
- $msg_text = unxmlify($mesg->text);
- $msg_created_at = DateTimeFormat::utc(notags(unxmlify($mesg->created_at)));
+ $msg_guid = Strings::escapeTags(XML::unescape($mesg->guid));
+ $msg_conversation_guid = Strings::escapeTags(XML::unescape($mesg->conversation_guid));
+ $msg_text = XML::unescape($mesg->text);
+ $msg_created_at = DateTimeFormat::utc(Strings::escapeTags(XML::unescape($mesg->created_at)));
if ($msg_conversation_guid != $guid) {
Logger::log("message conversation guid does not belong to the current conversation.");
*/
private static function receiveConversation(array $importer, $msg, $data)
{
- $author = notags(unxmlify($data->author));
- $guid = notags(unxmlify($data->guid));
- $subject = notags(unxmlify($data->subject));
- $created_at = DateTimeFormat::utc(notags(unxmlify($data->created_at)));
- $participants = notags(unxmlify($data->participants));
+ $author = Strings::escapeTags(XML::unescape($data->author));
+ $guid = Strings::escapeTags(XML::unescape($data->guid));
+ $subject = Strings::escapeTags(XML::unescape($data->subject));
+ $created_at = DateTimeFormat::utc(Strings::escapeTags(XML::unescape($data->created_at)));
+ $participants = Strings::escapeTags(XML::unescape($data->participants));
$messages = $data->message;
*/
private static function receiveLike(array $importer, $sender, $data)
{
- $author = notags(unxmlify($data->author));
- $guid = notags(unxmlify($data->guid));
- $parent_guid = notags(unxmlify($data->parent_guid));
- $parent_type = notags(unxmlify($data->parent_type));
- $positive = notags(unxmlify($data->positive));
+ $author = Strings::escapeTags(XML::unescape($data->author));
+ $guid = Strings::escapeTags(XML::unescape($data->guid));
+ $parent_guid = Strings::escapeTags(XML::unescape($data->parent_guid));
+ $parent_type = Strings::escapeTags(XML::unescape($data->parent_type));
+ $positive = Strings::escapeTags(XML::unescape($data->positive));
// likes on comments aren't supported by Diaspora - only on posts
// But maybe this will be supported in the future, so we will accept it.
*/
private static function receiveMessage(array $importer, $data)
{
- $author = notags(unxmlify($data->author));
- $guid = notags(unxmlify($data->guid));
- $conversation_guid = notags(unxmlify($data->conversation_guid));
- $text = unxmlify($data->text);
- $created_at = DateTimeFormat::utc(notags(unxmlify($data->created_at)));
+ $author = Strings::escapeTags(XML::unescape($data->author));
+ $guid = Strings::escapeTags(XML::unescape($data->guid));
+ $conversation_guid = Strings::escapeTags(XML::unescape($data->conversation_guid));
+ $text = XML::unescape($data->text);
+ $created_at = DateTimeFormat::utc(Strings::escapeTags(XML::unescape($data->created_at)));
$contact = self::allowedContactByHandle($importer, $author, true);
if (!$contact) {
*/
private static function receiveParticipation(array $importer, $data)
{
- $author = strtolower(notags(unxmlify($data->author)));
- $parent_guid = notags(unxmlify($data->parent_guid));
+ $author = strtolower(Strings::escapeTags(XML::unescape($data->author)));
+ $parent_guid = Strings::escapeTags(XML::unescape($data->parent_guid));
$contact_id = Contact::getIdForURL($author);
if (!$contact_id) {
*/
private static function receiveProfile(array $importer, $data)
{
- $author = strtolower(notags(unxmlify($data->author)));
+ $author = strtolower(Strings::escapeTags(XML::unescape($data->author)));
$contact = self::contactByHandle($importer["uid"], $author);
if (!$contact) {
return false;
}
- $name = unxmlify($data->first_name).((strlen($data->last_name)) ? " ".unxmlify($data->last_name) : "");
- $image_url = unxmlify($data->image_url);
- $birthday = unxmlify($data->birthday);
- $gender = unxmlify($data->gender);
- $about = Markdown::toBBCode(unxmlify($data->bio));
- $location = Markdown::toBBCode(unxmlify($data->location));
- $searchable = (unxmlify($data->searchable) == "true");
- $nsfw = (unxmlify($data->nsfw) == "true");
- $tags = unxmlify($data->tag_string);
+ $name = XML::unescape($data->first_name).((strlen($data->last_name)) ? " ".XML::unescape($data->last_name) : "");
+ $image_url = XML::unescape($data->image_url);
+ $birthday = XML::unescape($data->birthday);
+ $gender = XML::unescape($data->gender);
+ $about = Markdown::toBBCode(XML::unescape($data->bio));
+ $location = Markdown::toBBCode(XML::unescape($data->location));
+ $searchable = (XML::unescape($data->searchable) == "true");
+ $nsfw = (XML::unescape($data->nsfw) == "true");
+ $tags = XML::unescape($data->tag_string);
$tags = explode("#", $tags);
*/
private static function receiveContactRequest(array $importer, $data)
{
- $author = unxmlify($data->author);
- $recipient = unxmlify($data->recipient);
+ $author = XML::unescape($data->author);
+ $recipient = XML::unescape($data->recipient);
if (!$author || !$recipient) {
return false;
// the current protocol version doesn't know these fields
// That means that we will assume their existance
if (isset($data->following)) {
- $following = (unxmlify($data->following) == "true");
+ $following = (XML::unescape($data->following) == "true");
} else {
$following = true;
}
if (isset($data->sharing)) {
- $sharing = (unxmlify($data->sharing) == "true");
+ $sharing = (XML::unescape($data->sharing) == "true");
} else {
$sharing = true;
}
DBA::escape($ret["addr"]),
DateTimeFormat::utcNow(),
DBA::escape($ret["url"]),
- DBA::escape(normalise_link($ret["url"])),
+ DBA::escape(Strings::normaliseLink($ret["url"])),
DBA::escape($batch),
DBA::escape($ret["name"]),
DBA::escape($ret["nick"]),
if (in_array($importer["page-flags"], [Contact::PAGE_NORMAL, Contact::PAGE_PRVGROUP])) {
Logger::log("Sending intra message for author ".$author.".", Logger::DEBUG);
- $hash = random_string().(string)time(); // Generate a confirm_key
+ $hash = Strings::getRandomHex().(string)time(); // Generate a confirm_key
$ret = q(
"INSERT INTO `intro` (`uid`, `contact-id`, `blocked`, `knowyou`, `note`, `hash`, `datetime`)
*/
private static function receiveReshare(array $importer, $data, $xml)
{
- $author = notags(unxmlify($data->author));
- $guid = notags(unxmlify($data->guid));
- $created_at = DateTimeFormat::utc(notags(unxmlify($data->created_at)));
- $root_author = notags(unxmlify($data->root_author));
- $root_guid = notags(unxmlify($data->root_guid));
+ $author = Strings::escapeTags(XML::unescape($data->author));
+ $guid = Strings::escapeTags(XML::unescape($data->guid));
+ $created_at = DateTimeFormat::utc(Strings::escapeTags(XML::unescape($data->created_at)));
+ $root_author = Strings::escapeTags(XML::unescape($data->root_author));
+ $root_guid = Strings::escapeTags(XML::unescape($data->root_guid));
/// @todo handle unprocessed property "provider_display_name"
- $public = notags(unxmlify($data->public));
+ $public = Strings::escapeTags(XML::unescape($data->public));
$contact = self::allowedContactByHandle($importer, $author, false);
if (!$contact) {
*/
private static function itemRetraction(array $importer, array $contact, $data)
{
- $author = notags(unxmlify($data->author));
- $target_guid = notags(unxmlify($data->target_guid));
- $target_type = notags(unxmlify($data->target_type));
+ $author = Strings::escapeTags(XML::unescape($data->author));
+ $target_guid = Strings::escapeTags(XML::unescape($data->target_guid));
+ $target_type = Strings::escapeTags(XML::unescape($data->target_type));
$person = self::personByHandle($author);
if (!is_array($person)) {
$parent = Item::selectFirst(['author-link'], ['id' => $item["parent"]]);
// Only delete it if the parent author really fits
- if (!link_compare($parent["author-link"], $contact["url"]) && !link_compare($item["author-link"], $contact["url"])) {
+ if (!Strings::compareLink($parent["author-link"], $contact["url"]) && !Strings::compareLink($item["author-link"], $contact["url"])) {
Logger::log("Thread author ".$parent["author-link"]." and item author ".$item["author-link"]." don't fit to expected contact ".$contact["url"], Logger::DEBUG);
continue;
}
*/
private static function receiveRetraction(array $importer, $sender, $data)
{
- $target_type = notags(unxmlify($data->target_type));
+ $target_type = Strings::escapeTags(XML::unescape($data->target_type));
$contact = self::contactByHandle($importer["uid"], $sender);
if (!$contact && (in_array($target_type, ["Contact", "Person"]))) {
*/
private static function receiveStatusMessage(array $importer, SimpleXMLElement $data, $xml)
{
- $author = notags(unxmlify($data->author));
- $guid = notags(unxmlify($data->guid));
- $created_at = DateTimeFormat::utc(notags(unxmlify($data->created_at)));
- $public = notags(unxmlify($data->public));
- $text = unxmlify($data->text);
- $provider_display_name = notags(unxmlify($data->provider_display_name));
+ $author = Strings::escapeTags(XML::unescape($data->author));
+ $guid = Strings::escapeTags(XML::unescape($data->guid));
+ $created_at = DateTimeFormat::utc(Strings::escapeTags(XML::unescape($data->created_at)));
+ $public = Strings::escapeTags(XML::unescape($data->public));
+ $text = XML::unescape($data->text);
+ $provider_display_name = Strings::escapeTags(XML::unescape($data->provider_display_name));
$contact = self::allowedContactByHandle($importer, $author, false);
if (!$contact) {
$address = [];
if ($data->location) {
foreach ($data->location->children() as $fieldname => $data) {
- $address[$fieldname] = notags(unxmlify($data));
+ $address[$fieldname] = Strings::escapeTags(XML::unescape($data));
}
}
// Attach embedded pictures to the body
if ($data->photo) {
foreach ($data->photo as $photo) {
- $body = "[img]".unxmlify($photo->remote_photo_path).
- unxmlify($photo->remote_photo_name)."[/img]\n".$body;
+ $body = "[img]".XML::unescape($photo->remote_photo_path).
+ XML::unescape($photo->remote_photo_name)."[/img]\n".$body;
}
$datarray["object-type"] = ACTIVITY_OBJ_IMAGE;
*/
public static function buildMagicEnvelope($msg, array $user)
{
- $b64url_data = base64url_encode($msg);
+ $b64url_data = Strings::base64UrlEncode($msg);
$data = str_replace(["\n", "\r", " ", "\t"], ["", "", "", ""], $b64url_data);
- $key_id = base64url_encode(self::myHandle($user));
+ $key_id = Strings::base64UrlEncode(self::myHandle($user));
$type = "application/xml";
$encoding = "base64url";
$alg = "RSA-SHA256";
- $signable_data = $data.".".base64url_encode($type).".".base64url_encode($encoding).".".base64url_encode($alg);
+ $signable_data = $data.".".Strings::base64UrlEncode($type).".".Strings::base64UrlEncode($encoding).".".Strings::base64UrlEncode($alg);
// Fallback if the private key wasn't transmitted in the expected field
if ($user['uprvkey'] == "") {
}
$signature = Crypto::rsaSign($signable_data, $user["uprvkey"]);
- $sig = base64url_encode($signature);
+ $sig = Strings::base64UrlEncode($signature);
$xmldata = ["me:env" => ["me:data" => $data,
"@attributes" => ["type" => $type],
return 200;
}
- $logid = random_string(4);
+ $logid = Strings::getRandomHex(4);
$dest_url = ($public_batch ? $contact["batch"] : $contact["notify"]);