X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=plugins%2FTwitterBridge%2Ftwitterimport.php;h=301e7afd7afa7552b182d797dff5fe34eb20639a;hb=108aa5c467f54442561ece3db3c4fc9d37d4c95b;hp=143543d8efa8621e3932c9b62074409e614123a5;hpb=c65f19948613db5c59d403ae7c134874244d5b63;p=quix0rs-gnu-social.git
diff --git a/plugins/TwitterBridge/twitterimport.php b/plugins/TwitterBridge/twitterimport.php
index 143543d8ef..301e7afd7a 100644
--- a/plugins/TwitterBridge/twitterimport.php
+++ b/plugins/TwitterBridge/twitterimport.php
@@ -207,7 +207,7 @@ class TwitterImport
*/
function makeStatusURI($username, $id)
{
- return 'http://twitter.com/'
+ return 'http://twitter.com/#!/'
. $username
. '/status/'
. $id;
@@ -554,8 +554,8 @@ class TwitterImport
}
// Move all the entities into order so we can
- // replace them in reverse order and thus
- // not mess up their indices
+ // replace them and escape surrounding plaintext
+ // in order
$toReplace = array();
@@ -577,56 +577,85 @@ class TwitterImport
}
}
- // sort in reverse order by key
+ // sort in forward order by key
- krsort($toReplace);
+ ksort($toReplace);
+
+ $result = '';
+ $cursor = 0;
foreach ($toReplace as $part) {
list($type, $object) = $part;
+ $start = $object->indices[0];
+ $end = $object->indices[1];
+ if ($cursor < $start) {
+ // Copy in the preceding plaintext
+ $result .= $this->twitEscape(mb_substr($text, $cursor, $start - $cursor));
+ $cursor = $start;
+ }
+ $orig = $this->twitEscape(mb_substr($text, $start, $end - $start));
switch($type) {
case self::URL:
- $linkText = $this->makeUrlLink($object);
+ $linkText = $this->makeUrlLink($object, $orig);
break;
case self::HASHTAG:
- $linkText = $this->makeHashtagLink($object);
+ $linkText = $this->makeHashtagLink($object, $orig);
break;
case self::MENTION:
- $linkText = $this->makeMentionLink($object);
+ $linkText = $this->makeMentionLink($object, $orig);
break;
default:
+ $linkText = $orig;
continue;
}
- $text = mb_substr($text, 0, $object->indices[0]) . $linkText . mb_substr($text, $object->indices[1]);
+ $result .= $linkText;
+ $cursor = $end;
}
- return $text;
+ $last = $this->twitEscape(mb_substr($text, $cursor));
+ $result .= $last;
+
+ return $result;
}
- function makeUrlLink($object)
+ function twitEscape($str)
{
- return "{$object->url}";
+ // Twitter seems to preemptive turn < and > into < and >
+ // but doesn't for &, so while you may have some magic protection
+ // against XSS by not bothing to escape manually, you still get
+ // invalid XHTML. Thanks!
+ //
+ // Looks like their web interface pretty much sends anything
+ // through intact, so.... to do equivalent, decode all entities
+ // and then re-encode the special ones.
+ return htmlspecialchars(html_entity_decode($str, ENT_COMPAT, 'UTF-8'));
}
- function makeHashtagLink($object)
+ function makeUrlLink($object, $orig)
{
- return "#" . self::tagLink($object->text);
+ return ''.htmlspecialchars($object->display_url).'';
}
- function makeMentionLink($object)
+ function makeHashtagLink($object, $orig)
{
- return "@".self::atLink($object->screen_name, $object->name);
+ return "#" . self::tagLink($object->text, substr($orig, 1));
}
- static function tagLink($tag)
+ function makeMentionLink($object, $orig)
{
- return "{$tag}";
+ return "@".self::atLink($object->screen_name, $object->name, substr($orig, 1));
}
- static function atLink($screenName, $fullName=null)
+ static function tagLink($tag, $orig)
+ {
+ return "{$orig}";
+ }
+
+ static function atLink($screenName, $fullName, $orig)
{
if (!empty($fullName)) {
- return "{$screenName}";
+ return "{$orig}";
} else {
- return "{$screenName}";
+ return "{$orig}";
}
}
@@ -646,6 +675,7 @@ class TwitterImport
$reply = new Reply();
$reply->notice_id = $notice->id;
$reply->profile_id = $user->id;
+ $reply->modified = $notice->created;
common_log(LOG_INFO, __METHOD__ . ": saving reply: notice {$notice->id} to profile {$user->id}");
$id = $reply->insert();
}
@@ -670,4 +700,4 @@ class TwitterImport
}
}
}
-}
\ No newline at end of file
+}