Event-Federation/wordpress-activitypub
Event-Federation/wordpress-activitypub
7
1
Fork 0
Code Issues 5 Pull requests Projects Releases Wiki Activity Actions 1

Revorked "sanitize output"

Browse source 
This reverts commit 77873d12b3.
This commit is contained in:
Matthias Pfefferle 2023-05-23 11:10:05 +02:00
parent 77873d12b3
commit 677d507fe9
3 changed files with 49 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

51
includes/class-shortcodes.php
View file

@ -43,7 +43,7 @@ class Shortcodes {
$hash_tags[] = \sprintf( $hash_tags[] = \sprintf(
'<a rel="tag" class="u-tag u-category" href="%s">#%s</a>', '<a rel="tag" class="u-tag u-category" href="%s">#%s</a>',
\esc_url( \get_tag_link( $tag ) ), \esc_url( \get_tag_link( $tag ) ),
\esc_html( $tag->slug ) \wp_strip_all_tags( $tag->slug )
); );
} }
@ -66,7 +66,7 @@ class Shortcodes {
return ''; return '';
} }
return \esc_html( \get_the_title( $post_id ) ); return \wp_strip_all_tags( \get_the_title( $post_id ), true );
} }
@ -170,7 +170,7 @@ class Shortcodes {
} }
} }
return $excerpt; return \apply_filters( 'the_excerpt', $excerpt );
} }
/** /**
@ -183,23 +183,36 @@ class Shortcodes {
* @return string * @return string
*/ */
public static function content( $atts, $content, $tag ) { public static function content( $atts, $content, $tag ) {
// prevent inception
remove_shortcode( 'ap_content' );
$post = get_post(); $post = get_post();
if ( ! $post || \post_password_required( $post ) ) { if ( ! $post || \post_password_required( $post ) ) {
return ''; return '';
} }
$atts = shortcode_atts(
array( 'apply_filters' => 'yes' ),
$atts,
$tag
);
$content = \get_post_field( 'post_content', $post ); $content = \get_post_field( 'post_content', $post );
if ( 'yes' === $atts['apply_filters'] ) {
$content = \apply_filters( 'the_content', $content );
} else {
$content = do_blocks( $content ); $content = do_blocks( $content );
$content = wptexturize( $content ); $content = wptexturize( $content );
$content = wp_filter_content_tags( $content ); $content = wp_filter_content_tags( $content );
}
// replace script and style elements $content = strip_shortcodes( $content );
$content = \preg_replace( '@<(script|style)[^>]*?>.*?</\\1>@si', '', $content );
$content = \trim( \preg_replace( '/[\n\r\t]/', '', $content ) ); $content = \trim( \preg_replace( '/[\n\r\t]/', '', $content ) );
add_shortcode( 'ap_content', array( 'Activitypub\Shortcodes', 'content' ) );
return $content; return $content;
} }
@ -231,7 +244,10 @@ class Shortcodes {
return \esc_url( \get_permalink( $post->ID ) ); return \esc_url( \get_permalink( $post->ID ) );
} }
return \sprintf( '<a href="%1$s">%1$s</a>', \esc_url( \get_permalink( $post->ID ) ) ); return \sprintf(
'<a href="%1$s">%1$s</a>',
\esc_url( \get_permalink( $post->ID ) )
);
} }
/** /**
@ -262,7 +278,10 @@ class Shortcodes {
return \esc_url( \wp_get_shortlink( $post->ID ) ); return \esc_url( \wp_get_shortlink( $post->ID ) );
} }
return \sprintf( '<a href="%1$s">%1$s</a>', \esc_url( \wp_get_shortlink( $post->ID ) ) ); return \sprintf(
'<a href="%1$s">%1$s</a>',
\esc_url( \wp_get_shortlink( $post->ID ) )
);
} }
/** /**
@ -336,7 +355,7 @@ class Shortcodes {
$hash_tags[] = \sprintf( $hash_tags[] = \sprintf(
'<a rel="tag" class="u-tag u-category" href="%s">#%s</a>', '<a rel="tag" class="u-tag u-category" href="%s">#%s</a>',
\esc_url( \get_category_link( $category ) ), \esc_url( \get_category_link( $category ) ),
\esc_html( $category->slug ) \wp_strip_all_tags( $category->slug )
); );
} }
@ -359,13 +378,13 @@ class Shortcodes {
return ''; return '';
} }
$name = \esc_html( \get_the_author_meta( 'display_name', $post->post_author ) ); $name = \get_the_author_meta( 'display_name', $post->post_author );
if ( ! $name ) { if ( ! $name ) {
return ''; return '';
} }
return \esc_html( $name ); return wp_strip_all_tags( $name );
} }
/** /**
@ -416,7 +435,7 @@ class Shortcodes {
* @return string * @return string
*/ */
public static function blogname( $atts, $content, $tag ) { public static function blogname( $atts, $content, $tag ) {
return \esc_html( \get_bloginfo( 'name' ) ); return \wp_strip_all_tags( \get_bloginfo( 'name' ) );
} }
/** /**
@ -429,7 +448,7 @@ class Shortcodes {
* @return string * @return string
*/ */
public static function blogdesc( $atts, $content, $tag ) { public static function blogdesc( $atts, $content, $tag ) {
return \esc_html( \get_bloginfo( 'description' ) ); return \wp_strip_all_tags( \get_bloginfo( 'description' ) );
} }
/** /**
@ -458,7 +477,7 @@ class Shortcodes {
return ''; return '';
} }
return \esc_html( $date ); return $date;
} }
/** /**
@ -487,7 +506,7 @@ class Shortcodes {
return ''; return '';
} }
return \esc_html( $date ); return $date;
} }
/** /**
@ -516,6 +535,6 @@ class Shortcodes {
return ''; return '';
} }
return \esc_html( $date ); return $date;
} }
} }

2
includes/class-webfinger.php
View file

@ -51,7 +51,7 @@ class Webfinger {
} }
// try to access author URL // try to access author URL
$response = \wp_safe_remote_get( $response = \wp_remote_get(
$url, $url,
array( array(
'headers' => array( 'Accept' => 'application/activity+json' ), 'headers' => array( 'Accept' => 'application/activity+json' ),

10
includes/model/class-post.php
View file

@ -508,8 +508,12 @@ class Post {
$content = do_shortcode( $content ); $content = do_shortcode( $content );
wp_reset_postdata(); wp_reset_postdata();
$content = \wpautop( \wp_kses( $content, $this->allowed_tags ) ); // replace script and style elements
$content = \trim( \preg_replace( '/[\n\r\t]/', '', $content ) ); $content = \preg_replace( '@<(script|style)[^>]*?>.*?</\\1>@si', '', $content );
$content = \wp_kses( $content, $this->allowed_tags );
$content = \wpautop( $content );
$content = \preg_replace( '/[\n\r\t]/', '', $content );
$content = \trim( $content );
$content = \apply_filters( 'activitypub_the_content', $content, $post ); $content = \apply_filters( 'activitypub_the_content', $content, $post );
$content = \html_entity_decode( $content, \ENT_QUOTES, 'UTF-8' ); $content = \html_entity_decode( $content, \ENT_QUOTES, 'UTF-8' );
@ -537,6 +541,6 @@ class Post {
return "[ap_content]\n\n[ap_hashtags]\n\n[ap_permalink type=\"html\"]"; return "[ap_content]\n\n[ap_hashtags]\n\n[ap_permalink type=\"html\"]";
} }
return $content; return \get_option( 'activitypub_custom_post_content' );
} }
} }