1
0
Fork 0
mirror of https://github.com/sbrl/Pepperminty-Wiki.git synced 2024-11-22 04:23:01 +00:00

Moar htmlentities calls

This commit is contained in:
Starbeamrainbowlabs 2017-07-29 10:50:42 +01:00
parent a90b72e3ad
commit ecd155c4d4
3 changed files with 14 additions and 178 deletions

View file

@ -1450,7 +1450,9 @@ class page_renderer
$result = self::get_css_as_html();
$result .= self::getJS();
if(module_exists("feature-search"))
// We can't use module_exists here because sometimes global $modules
// hasn't populated yet when we get called O.o
if(class_exists("search"))
$result .= "\t\t<link rel='search' type='application/opensearchdescription+xml' href='?action=opensearch-description' title='$settings->sitename Search' />\n";
if(!empty($settings->enable_math_rendering))
@ -3284,7 +3286,7 @@ register_module([
/// Search Box ///
$content .= "<form method='get' action=''>\n";
$content .= " <input type='search' id='search-box' name='query' placeholder='Type your query here and then press enter.' value='" . $_GET["query"] . "' />\n";
$content .= " <input type='search' id='search-box' name='query' placeholder='Type your query here and then press enter.' value='" . htmlentities($_GET["query"], ENT_HTML5 | ENT_QUOTES) . "' />\n";
$content .= " <input type='hidden' name='action' value='search' />\n";
$content .= "</form>";
@ -4384,7 +4386,7 @@ register_module([
http_response_code(413); // file is too large
else
http_response_code(500); // something else went wrong
exit(page_renderer::render("Upload failed - $settings->sitename", "<p>Your upload couldn't be processed because " . (($_FILES["file"]["error"] == 1 || $_FILES["file"]["error"] == 2) ? "the file is too large" : "an error occurred") . ".</p><p>Please contact the administrator for assistance.</p>"));
exit(page_renderer::render("Upload failed - $settings->sitename", "<p>Your upload couldn't be processed because " . (($_FILES["file"]["error"] == 1 || $_FILES["file"]["error"] == 2) ? "the file is too large" : "an error occurred") . ".</p><p>Please contact $settings->admindetails_name, $settings->sitename's administrator for help.</p>"));
}
@ -4560,7 +4562,7 @@ register_module([
exit();
}
$filepath = getcwd() . "/" . $env->storage_prefix . $pageindex->{$env->page}->uploadedfilepath;
$filepath = realpath($env->storage_prefix . $pageindex->{$env->page}->uploadedfilepath);
$mime_type = $pageindex->{$env->page}->uploadedfilemime;
$shortFilename = substr($filepath, 1 + (strrpos($filepath, '/') !== false ? strrpos($filepath, '/') : -1));
@ -5591,11 +5593,11 @@ register_module([
}
$content .= "<form method='post' name='edit-form' action='index.php?action=preview-edit&page=$env->page' class='editform'>
$content .= "<form method='post' name='edit-form' action='index.php?action=preview-edit&page=" . rawurlencode($env->page) . "' class='editform'>
<input type='hidden' name='prev-content-hash' value='" . ((isset($old_pagetext)) ? sha1($old_pagetext) : sha1($pagetext)) . "' />
<textarea name='content' autofocus tabindex='1'>$pagetext</textarea>
<pre class='fit-text-mirror'></pre>
<input type='text' name='tags' value='$page_tags' placeholder='Enter some tags for the page here. Separate them with commas.' title='Enter some tags for the page here. Separate them with commas.' tabindex='2' />
<input type='text' name='tags' value='" . htmlentities($page_tags, ENT_HTML5 | ENT_QUOTES) . "' placeholder='Enter some tags for the page here. Separate them with commas.' title='Enter some tags for the page here. Separate them with commas.' tabindex='2' />
<p class='editing-message'>$settings->editing_message</p>
<input name='preview-edit' class='edit-page-button' type='submit' value='Preview Changes' tabindex='4' />
<input name='submit-edit' class='edit-page-button' type='submit' value='Save Page' tabindex='3' />
@ -5799,7 +5801,7 @@ window.addEventListener("load", function(event) {
<h2>Your content</h2>
<textarea id='new-content'>$pagedata</textarea>
<input type='text' name='tags' value='" . $_POST["tags"] . "' placeholder='Enter some tags for the page here. Separate them with commas.' title='Enter some tags for the page here. Separate them with commas.' tabindex='2' />
<input type='text' name='tags' value='" . htmlentities($_POST["tags"]) . "' placeholder='Enter some tags for the page here. Separate them with commas.' title='Enter some tags for the page here. Separate them with commas.' tabindex='2' />
<p class='editing_message'>$settings->editing_message</p>
<input name='submit-edit' type='submit' value='Resolve Conflict' tabindex='3' />
</form>";
@ -6944,172 +6946,6 @@ register_module([
register_module([
"name" => "Old Default Parser",
"version" => "0.10",
"author" => "Johnny Broadway & Starbeamrainbowlabs",
"description" => "The *old* default parser for Pepperminty Wiki. Based on Johnny Broadway's Slimdown (with more than a few modifications). This parser's features are documented in the help page. Superceded by a customised extension of parsedown extra.",
"id" => "parser-default-old",
"optional" => true,
"code" => function() {
global $settings;
add_parser("default", function($markdown) {
return Slimdown::render($markdown);
});
// Register the help section
if($settings->parser != "default")
return; // Don't register the help section if we aren't the currently set parser.
add_help_section("20-parser-default", "Editor Syntax", "<p>$settings->sitename's editor uses a modified version of slimdown, a flavour of markdown that is implementated using regular expressions. See the credits page for more information and links to the original source for this. A quick reference can be found below:</p>
<table>
<tr><th>Type This</th><th>To get this</th>
<tr><td><code>_italics_</code></td><td><em>italics</em></td></tr>
<tr><td><code>*bold*</code></td><td><strong>bold</strong></td></tr>
<tr><td><code>~~Strikethrough~~</code></td><td><del>Strikethough</del></td></tr>
<tr><td><code>`code`</code></td><td><code>code</code></td></tr>
<tr><td><code># Heading</code></td><td><h2>Heading</h2></td></tr>
<tr><td><code>## Sub Heading</code></td><td><h3>Sub Heading</h3></td></tr>
<tr><td><code>[[Internal Link]]</code></td><td><a href='index.php?page=Internal Link'>Internal Link</a></td></tr>
<tr><td><code>[[Display Text|Internal Link]]</code></td><td><a href='index.php?page=Internal Link'>Display Text</a></td></tr>
<tr><td><code>[Display text](//google.com/)</code></td><td><a href='//google.com/'>Display Text</a></td></tr>
<tr><td><code>&gt; Blockquote<br />&gt; Some text</code></td><td><blockquote> Blockquote<br />Some text</td></tr>
<tr><td><code> - Apples<br /> * Oranges</code></td><td><ul><li>Apples</li><li>Oranges</li></ul></td></tr>
<tr><td><code>1. This is<br />2. an ordered list</code></td><td><ol><li>This is</li><li>an ordered list</li></ol></td></tr>
<tr><td><code>
---
</code></td><td><hr /></td></tr>
<!--<tr><tds><code> - One
- Two
- Three</code></td><td><ul><li>One</li><li>Two</li><li>Three</li></ul></td></tr>-->
<tr><td><code>![Alt text](//starbeamrainbowlabs.com/favicon-small.png)</code></td><td><img src='//starbeamrainbowlabs.com/favicon-small.png' alt='Alt text' /></td></code>
</table>
<p>In addition, the following extra syntax is supported for images:</p>
<pre><code>Size the image to at most 250 pixels wide:
![Alt text](//starbeamrainbowlabs.com/favicon-small.png 250px)
Size the image to at most 120px wide and have it float at the right ahnd size of the page:
![Alt text](//starbeamrainbowlabs.com/favicon-small.png 120px right)</code></pre>");
}
]);
/***********************************************************************
* ███████ ██ ██ ███ ███ ██████ ██████ ██ ██ ███ ██ *
* ██ ██ ██ ████ ████ ██ ██ ██ ██ ██ ██ ████ ██ *
* ███████ ██ ██ ██ ████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ *
* ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ███ ██ ██ ██ ██ *
* ███████ ███████ ██ ██ ██ ██████ ██████ ███ ███ ██ ████ *
***********************************************************************/
/**
* Slimdown - A very basic regex-based Markdown parser. Supports the
* following elements (and can be extended via Slimdown::add_rule()):
*
* - Headers
* - Links
* - Bold
* - Emphasis
* - Deletions
* - Quotes
* - Inline code
* - Blockquotes
* - Ordered/unordered lists
* - Horizontal rules
*
* Author: Johnny Broadway <johnny@johnnybroadway.com>
* Website: https://gist.github.com/jbroadway/2836900
* License: MIT
*/
/**
* Modified by Starbeamrainbowlabs (starbeamrainbowlabs)
*
* Changed bold to use single asterisks
* Changed italics to use single underscores
* Added one to add the heading levels (no <h1> tags allowed)
* Added wiki style internal link parsing
* Added wiki style internal link parsing with display text
* Added image support
*/
class Slimdown {
public static $rules = array (
'/\r\n/' => "\n", // new line normalisation
'/^(#+)(.*)/' => 'self::header', // headers
'/(\*+)(.*?)\1/' => '<strong>\2</strong>', // bold
'/(_)(.*?)\1/' => '<em>\2</em>', // emphasis
'/!\[(.*)\]\(([^\s]+)\s(\d+.+)\s(left|right)\)/' => '<img src="\2" alt="\1" style="max-width: \3; float: \4;" />', // images with size
'/!\[(.*)\]\(([^\s]+)\s(\d+.+)\)/' => '<img src="\2" alt="\1" style="max-width: \3;" />', // images with size
'/!\[(.*)\]\((.*)\)/' => '<img src="\2" alt="\1" />', // basic images
'/\[\[([a-zA-Z0-9\_\- ]+)\|([a-zA-Z0-9\_\- ]+)\]\]/' => '<a href=\'index.php?page=\1\'>\2</a>', //internal links with display text
'/\[\[([a-zA-Z0-9\_\- ]+)\]\]/' => '<a href=\'index.php?page=\1\'>\1</a>', //internal links
'/\[([^\[]+)\]\(([^\)]+)\)/' => '<a href=\'\2\' target=\'_blank\'>\1</a>', // links
'/\~\~(.*?)\~\~/' => '<del>\1</del>', // del
'/\:\"(.*?)\"\:/' => '<q>\1</q>', // quote
'/`(.*?)`/' => '<code>\1</code>', // inline code
'/\n\s*(\*|-)(.*)/' => 'self::ul_list', // ul lists
'/\n[0-9]+\.(.*)/' => 'self::ol_list', // ol lists
'/\n(&gt;|\>)(.*)/' => 'self::blockquote', // blockquotes
'/\n-{3,}/' => "\n<hr />", // horizontal rule
'/\n([^\n]+)\n\n/' => 'self::para', // add paragraphs
'/<\/ul>\s?<ul>/' => '', // fix extra ul
'/<\/ol>\s?<ol>/' => '', // fix extra ol
'/<\/blockquote><blockquote>/' => "\n" // fix extra blockquote
);
private static function para ($regs) {
$line = $regs[1];
$trimmed = trim ($line);
if (preg_match ('/^<\/?(ul|ol|li|h|p|bl)/', $trimmed)) {
return "\n" . $line . "\n";
}
return sprintf ("\n<p>%s</p>\n", $trimmed);
}
private static function ul_list ($regs) {
$item = $regs[2];
return sprintf ("\n<ul>\n\t<li>%s</li>\n</ul>", trim($item));
}
private static function ol_list ($regs) {
$item = $regs[1];
return sprintf ("\n<ol>\n\t<li>%s</li>\n</ol>", trim($item));
}
private static function blockquote ($regs) {
$item = $regs[2];
return sprintf ("\n<blockquote>%s</blockquote>", trim($item));
}
private static function header ($regs) {
list ($tmp, $chars, $header) = $regs;
$level = strlen ($chars);
return sprintf ('<h%d>%s</h%d>', $level + 1, trim($header), $level + 1);
}
/**
* Add a rule.
*/
public static function add_rule ($regex, $replacement) {
self::$rules[$regex] = $replacement;
}
/**
* Render some Markdown into HTML.
*/
public static function render ($text) {
foreach (self::$rules as $regex => $replacement) {
if (is_callable ( $replacement)) {
$text = preg_replace_callback ($regex, $replacement, $text);
} else {
$text = preg_replace ($regex, $replacement, $text);
}
}
return trim ($text);
}
}
////////////////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////////////////
register_module([
"name" => "Parsedown",

View file

@ -104,7 +104,7 @@
"author": "Starbeamrainbowlabs",
"description": "Adds proper search functionality to Pepperminty Wiki using an inverted index to provide a full text search engine. If pages don't show up, then you might have hit a stop word. If not, try requesting the `invindex-rebuild` action to rebuild the inverted index from scratch.",
"id": "feature-search",
"lastupdate": 1500311231,
"lastupdate": 1501321430,
"optional": false
},
{
@ -122,7 +122,7 @@
"author": "Starbeamrainbowlabs",
"description": "Adds the ability to upload files to Pepperminty Wiki. Uploaded files act as pages and have the special 'File\/' prefix.",
"id": "feature-upload",
"lastupdate": 1498639443,
"lastupdate": 1501320696,
"optional": false
},
{
@ -167,7 +167,7 @@
"author": "Starbeamrainbowlabs",
"description": "Allows you to edit pages by adding the edit and save actions. You should probably include this one.",
"id": "page-edit",
"lastupdate": 1499103162,
"lastupdate": 1501321761,
"optional": false
},
{

View file

@ -134,7 +134,7 @@ register_module([
<input type='hidden' name='prev-content-hash' value='" . ((isset($old_pagetext)) ? sha1($old_pagetext) : sha1($pagetext)) . "' />
<textarea name='content' autofocus tabindex='1'>$pagetext</textarea>
<pre class='fit-text-mirror'></pre>
<input type='text' name='tags' value='" . htmlentities($page_tags) . "' placeholder='Enter some tags for the page here. Separate them with commas.' title='Enter some tags for the page here. Separate them with commas.' tabindex='2' />
<input type='text' name='tags' value='" . htmlentities($page_tags, ENT_HTML5 | ENT_QUOTES) . "' placeholder='Enter some tags for the page here. Separate them with commas.' title='Enter some tags for the page here. Separate them with commas.' tabindex='2' />
<p class='editing-message'>$settings->editing_message</p>
<input name='preview-edit' class='edit-page-button' type='submit' value='Preview Changes' tabindex='4' />
<input name='submit-edit' class='edit-page-button' type='submit' value='Save Page' tabindex='3' />
@ -338,7 +338,7 @@ window.addEventListener("load", function(event) {
<h2>Your content</h2>
<textarea id='new-content'>$pagedata</textarea>
<input type='text' name='tags' value='" . $_POST["tags"] . "' placeholder='Enter some tags for the page here. Separate them with commas.' title='Enter some tags for the page here. Separate them with commas.' tabindex='2' />
<input type='text' name='tags' value='" . htmlentities($_POST["tags"]) . "' placeholder='Enter some tags for the page here. Separate them with commas.' title='Enter some tags for the page here. Separate them with commas.' tabindex='2' />
<p class='editing_message'>$settings->editing_message</p>
<input name='submit-edit' type='submit' value='Resolve Conflict' tabindex='3' />
</form>";