X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=include%2Fitems.php;h=7b0ff2ce6b09e0fbd936012674c6f1fe61585335;hb=2fc89deaeae0341aa12b6b811927e793011055d1;hp=1a5ca5a1fadd8e12285a4609b2f9bab462ab1890;hpb=456a7a97403ce3f6548dbda325719889342ad923;p=friendica.git diff --git a/include/items.php b/include/items.php index 1a5ca5a1fa..7b0ff2ce6b 100644 --- a/include/items.php +++ b/include/items.php @@ -35,6 +35,7 @@ function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0) else killme(); + /** * * Determine the next birthday, but only if the birthday is published @@ -380,7 +381,7 @@ function get_atom_elements($feed,$item) { // It isn't certain at this point whether our content is plaintext or html and we'd be foolish to trust // the content type. Our own network only emits text normally, though it might have been converted to - // html if we used a pubsubhubbub transport. But if we see even one html open tag in our text, we will + // html if we used a pubsubhubbub transport. But if we see even one html tag in our text, we will // have to assume it is all html and needs to be purified. // It doesn't matter all that much security wise - because before this content is used anywhere, we are @@ -389,7 +390,7 @@ function get_atom_elements($feed,$item) { // html. - if(strpos($res['body'],'<')) { + if((strpos($res['body'],'<')) || (strpos($res['body'],'>'))) { $res['body'] = preg_replace('#]+>.+?' . 'http://www.youtube.com/((?:v|cp)/[A-Za-z0-9\-_=]+).+?#s', '[youtube]$1[/youtube]', $res['body']); @@ -403,11 +404,12 @@ function get_atom_elements($feed,$item) { $purifier = new HTMLPurifier($config); $res['body'] = $purifier->purify($res['body']); - } + $res['body'] = html2bbcode($res['body']); + } + else + $res['body'] = escape_tags($res['body']); - $res['body'] = html2bbcode($res['body']); - $allow = $item->get_item_tags(NAMESPACE_DFRN,'comment-allow'); if($allow && $allow[0]['data'] == 1) @@ -421,19 +423,29 @@ function get_atom_elements($feed,$item) { else $res['private'] = 0; - $rawcreated = $item->get_item_tags(SIMPLEPIE_NAMESPACE_ATOM_10,'published'); - if($rawcreated) - $res['created'] = unxmlify($rawcreated[0]['data']); $rawlocation = $item->get_item_tags(NAMESPACE_DFRN, 'location'); if($rawlocation) $res['location'] = unxmlify($rawlocation[0]['data']); + $rawcreated = $item->get_item_tags(SIMPLEPIE_NAMESPACE_ATOM_10,'published'); + if($rawcreated) + $res['created'] = unxmlify($rawcreated[0]['data']); + + $rawedited = $item->get_item_tags(SIMPLEPIE_NAMESPACE_ATOM_10,'updated'); if($rawedited) $res['edited'] = unxmlify($rawcreated[0]['data']); + + if(! $res['created']) + $res['created'] = $item->get_date(); + + if(! $res['edited']) + $res['edited'] = $item->get_date(); + + $rawowner = $item->get_item_tags(NAMESPACE_DFRN, 'owner'); if($rawowner[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['name'][0]['data']) $res['owner-name'] = unxmlify($rawowner[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['name'][0]['data']); @@ -495,7 +507,7 @@ function get_atom_elements($feed,$item) { $body = $rawobj[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['summary'][0]['data']; // preserve a copy of the original body content in case we later need to parse out any microformat information, e.g. events $res['object'] .= '' . xmlify($body) . '' . "\n"; - if(strpos($body,'<')) { + if((strpos($body,'<')) || (strpos($body,'>'))) { $body = preg_replace('#]+>.+?' . 'http://www.youtube.com/((?:v|cp)/[A-Za-z0-9\-_=]+).+?#s', '[youtube]$1[/youtube]', $body); @@ -505,9 +517,11 @@ function get_atom_elements($feed,$item) { $purifier = new HTMLPurifier($config); $body = $purifier->purify($body); + $body = html2bbcode($body); } + else + $body = escape_tags($body); - $body = html2bbcode($body); $res['object'] .= '' . $body . '' . "\n"; } @@ -534,7 +548,7 @@ function get_atom_elements($feed,$item) { $body = $rawobj[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['summary'][0]['data']; // preserve a copy of the original body content in case we later need to parse out any microformat information, e.g. events $res['object'] .= '' . xmlify($body) . '' . "\n"; - if(strpos($body,'<')) { + if((strpos($body,'<')) || (strpos($body,'>'))) { $body = preg_replace('#]+>.+?' . 'http://www.youtube.com/((?:v|cp)/[A-Za-z0-9\-_=]+).+?#s', '[youtube]$1[/youtube]', $body); @@ -544,9 +558,11 @@ function get_atom_elements($feed,$item) { $purifier = new HTMLPurifier($config); $body = $purifier->purify($body); + $body = html2bbcode($body); } + else + $body = escape_tags($body); - $body = html2bbcode($body); $res['target'] .= '' . $body . '' . "\n"; } @@ -571,7 +587,7 @@ function encode_rel_links($links) { if($link['attribs']['']['type']) $o .= 'type="' . $link['attribs']['']['type'] . '" '; if($link['attribs']['']['href']) - $o .= 'type="' . $link['attribs']['']['href'] . '" '; + $o .= 'href="' . $link['attribs']['']['href'] . '" '; if( (x($link['attribs'],NAMESPACE_MEDIA)) && $link['attribs'][NAMESPACE_MEDIA]['width']) $o .= 'media:width="' . $link['attribs'][NAMESPACE_MEDIA]['width'] . '" '; if( (x($link['attribs'],NAMESPACE_MEDIA)) && $link['attribs'][NAMESPACE_MEDIA]['height']) @@ -630,8 +646,8 @@ function item_store($arr) { // they came through. $arr['body'] = str_replace( - array('&amp;','&gt;','&lt;'), - array('&' ,'>' ,'<'), + array('&amp;', '&gt;', '&lt;', '&quot;'), + array('&' , '>' , '<', '"'), $arr['body'] ); @@ -740,7 +756,7 @@ function get_item_contact($item,$contacts) { } -function dfrn_deliver($owner,$contact,$atom) { +function dfrn_deliver($owner,$contact,$atom, $dissolve = false) { $a = get_app(); @@ -782,8 +798,8 @@ function dfrn_deliver($owner,$contact,$atom) { return (($res->status) ? $res->status : 3); $postvars = array(); - $sent_dfrn_id = hex2bin($res->dfrn_id); - $challenge = hex2bin($res->challenge); + $sent_dfrn_id = hex2bin((string) $res->dfrn_id); + $challenge = hex2bin((string) $res->challenge); $rino_allowed = ((intval($res->rino) === 1) ? 1 : 0); $final_dfrn_id = ''; @@ -811,6 +827,8 @@ function dfrn_deliver($owner,$contact,$atom) { $postvars['dfrn_id'] = $idtosend; $postvars['dfrn_version'] = DFRN_PROTOCOL_VERSION; + if($dissolve) + $postvars['dissolve'] = '1'; if(($contact['rel']) && ($contact['rel'] != REL_FAN) && (! $contact['blocked']) && (! $contact['readonly'])) { $postvars['data'] = $atom; @@ -822,7 +840,7 @@ function dfrn_deliver($owner,$contact,$atom) { $postvars['data'] = str_replace('1','0',$atom); } - if($rino && $rino_allowed) { + if($rino && $rino_allowed && (! $dissolve)) { $key = substr(random_string(),0,16); $data = bin2hex(aes_encrypt($postvars['data'],$key)); $postvars['data'] = $data; @@ -1149,6 +1167,10 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0) { ); $datarray['last-child'] = 1; } + if(($contact['network'] === 'feed') || (! strlen($contact['notify']))) { + // one way feed - no remote comment ability + $datarray['last-child'] = 0; + } $datarray['parent-uri'] = $parent_uri; $datarray['uid'] = $importer['uid']; $datarray['contact-id'] = $contact['id']; @@ -1201,6 +1223,11 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0) { $datarray['last-child'] = 1; } + if(($contact['network'] === 'feed') || (! strlen($contact['notify']))) { + // one way feed - no remote comment ability + $datarray['last-child'] = 0; + } + $datarray['parent-uri'] = $item_id; $datarray['uid'] = $importer['uid']; $datarray['contact-id'] = $contact['id']; @@ -1210,7 +1237,6 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0) { } } } - } function new_follower($importer,$contact,$datarray,$item) {