Fix various encoding issues (#477)

* fix html-entity issue in username

* remove kses

let other platforms decide what to allow and what not

* Remove html_entity_decode to prevent encoding issues (#454)

I've tested this on content which includes MarkDown, HTML, encoded entities, unencoded entities, etc.

Fixes #445

Co-authored-by: Matthias Pfefferle <pfefferle@users.noreply.github.com>

* remove allowed tags

---------

Co-authored-by: Terence Eden <edent@users.noreply.github.com>
This commit is contained in:
Matthias Pfefferle 2023-10-02 17:11:56 +02:00 committed by GitHub
parent 46b1b4797a
commit 336f3e5a62
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 55 deletions

View file

@ -67,7 +67,13 @@ class Blog_User extends User {
* @return string The User-Name. * @return string The User-Name.
*/ */
public function get_name() { public function get_name() {
return \esc_html( \get_bloginfo( 'name' ) ); return \wp_strip_all_tags(
\html_entity_decode(
\get_bloginfo( 'name' ),
\ENT_QUOTES,
'UTF-8'
)
);
} }
/** /**

View file

@ -30,58 +30,6 @@ class Post {
*/ */
protected $wp_post; protected $wp_post;
/**
* The Allowed Tags, used in the content.
*
* @var array
*/
protected $allowed_tags = array(
'a' => array(
'href' => array(),
'title' => array(),
'class' => array(),
'rel' => array(),
),
'br' => array(),
'p' => array(
'class' => array(),
),
'span' => array(
'class' => array(),
),
'div' => array(
'class' => array(),
),
'ul' => array(),
'ol' => array(
'reversed' => array(),
'start' => array(),
),
'li' => array(
'value' => array(),
),
'strong' => array(
'class' => array(),
),
'b' => array(
'class' => array(),
),
'i' => array(
'class' => array(),
),
'em' => array(
'class' => array(),
),
'blockquote' => array(),
'cite' => array(),
'code' => array(
'class' => array(),
),
'pre' => array(
'class' => array(),
),
);
/** /**
* Static function to Transform a WP_Post Object. * Static function to Transform a WP_Post Object.
* *
@ -513,13 +461,11 @@ class Post {
$content = do_shortcode( $content ); $content = do_shortcode( $content );
wp_reset_postdata(); wp_reset_postdata();
$content = \wp_kses( $content, $this->allowed_tags );
$content = \wpautop( $content ); $content = \wpautop( $content );
$content = \preg_replace( '/[\n\r\t]/', '', $content ); $content = \preg_replace( '/[\n\r\t]/', '', $content );
$content = \trim( $content ); $content = \trim( $content );
$content = \apply_filters( 'activitypub_the_content', $content, $post ); $content = \apply_filters( 'activitypub_the_content', $content, $post );
$content = \html_entity_decode( $content, \ENT_QUOTES, 'UTF-8' );
return $content; return $content;
} }