commit fdaaeae0de36f8a19fc46f53b78c4a4b1aaa6202
parent aaa20e3a9f24cf041f075e6a37a950cb2c588a3d
Author: markseu <mark2011@mayberg.se>
Date: Mon, 25 Aug 2014 15:05:22 +0200
Better location handling (HTML filter)
Diffstat:
4 files changed, 26 insertions(+), 21 deletions(-)
diff --git a/README.md b/README.md
@@ -1,4 +1,4 @@
-Yellow 0.3.16
+Yellow 0.3.17
=============
Yellow is for people who make websites. [Visit website](http://datenstrom.se/yellow).
diff --git a/system/config/config.ini b/system/config/config.ini
@@ -26,7 +26,7 @@ contentDir = content/
contentHomeDir = home/
contentDefaultFile = page.txt
contentPagination = page
-contentRemoveHtml = 0
+contentHtmlFilter = 0
contentExtension = .txt
configExtension = .ini
errorPageFile = error(.*).txt
diff --git a/system/core/core-markdownextra.php b/system/core/core-markdownextra.php
@@ -5,7 +5,7 @@
// Markdown extra core plugin
class YellowMarkdownExtra
{
- const Version = "0.3.8";
+ const Version = "0.3.9";
var $yellow; //access to API
// Handle plugin initialisation
@@ -34,11 +34,12 @@ class YellowMarkdownExtraParser extends MarkdownExtraParser
$this->yellow = $yellow;
$this->page = $page;
$this->idAttributes = array();
- $this->no_markup = (bool)$this->yellow->config->get("contentRemoveHtml");
- $this->no_entities = (bool)$this->yellow->config->get("contentRemoveHtml");
+ $this->no_markup = (bool)$this->yellow->config->get("contentHtmlFilter");
+ $this->no_entities = (bool)$this->yellow->config->get("contentHtmlFilter");
$this->url_filter_func = function($url) use ($yellow, $page)
{
- return $yellow->toolbox->normaliseLocation($url, $page->base, $page->location);
+ return $yellow->toolbox->normaliseLocation($url, $page->base, $page->location,
+ (bool)$yellow->config->get("contentHtmlFilter") && $page->statusCode!=424);
};
parent::__construct();
}
diff --git a/system/core/core.php b/system/core/core.php
@@ -5,7 +5,7 @@
// Yellow main class
class Yellow
{
- const Version = "0.3.16";
+ const Version = "0.3.17";
var $page; //current page
var $pages; //pages from file system
var $config; //configuration
@@ -44,7 +44,7 @@ class Yellow
$this->config->setDefault("contentHomeDir", "home/");
$this->config->setDefault("contentDefaultFile", "page.txt");
$this->config->setDefault("contentPagination", "page");
- $this->config->setDefault("contentRemoveHtml", "0");
+ $this->config->setDefault("contentHtmlFilter", "0");
$this->config->setDefault("contentExtension", ".txt");
$this->config->setDefault("configExtension", ".ini");
$this->config->setDefault("configFile", "config.ini");
@@ -1435,7 +1435,7 @@ class YellowToolbox
{
$token = $tokens[$i];
if($this->normaliseName($token) != $token) $invalid = true;
- $regex = "/^[\d\-\_\.]*".strreplaceu('-', '.', $token)."$/";
+ $regex = $invalid ? "//" : "/^[\d\-\_\.]*".strreplaceu('-', '.', $token)."$/";
foreach($this->getDirectoryEntries($path, $regex, false, true, false) as $entry)
{
if($this->normaliseName($entry) == $token) { $token = $entry; break; }
@@ -1446,7 +1446,7 @@ class YellowToolbox
$i = 1;
$token = $tokens[0] = rtrim($pathHome, '/');
if($this->normaliseName($token) != $token) $invalid = true;
- $regex = "/^[\d\-\_\.]*".strreplaceu('-', '.', $token)."$/";
+ $regex = $invalid ? "//" : "/^[\d\-\_\.]*".strreplaceu('-', '.', $token)."$/";
foreach($this->getDirectoryEntries($path, $regex, false, true, false) as $entry)
{
if($this->normaliseName($entry) == $token) { $token = $entry; break; }
@@ -1461,7 +1461,7 @@ class YellowToolbox
$fileFolder = $tokens[$i-1].$fileExtension;
if($token==$fileDefault || $token==$fileFolder) $invalid = true;
if($this->normaliseName($token) != $token) $invalid = true;
- $regex = "/^[\d\-\_\.]*".strreplaceu('-', '.', $token)."$/";
+ $regex = $invalid ? "//" : "/^[\d\-\_\.]*".strreplaceu('-', '.', $token)."$/";
foreach($this->getDirectoryEntries($path, $regex, false, false, false) as $entry)
{
if($this->normaliseName($entry) == $token) { $token = $entry; break; }
@@ -1542,18 +1542,14 @@ class YellowToolbox
$fileNameText = empty($matches[2]) ? $fileDefault : $matches[2].$fileExtension;
return dirname($fileName)."/".$fileNamePrefix.$fileNameText;
}
-
- // Normalise location arguments
- function normaliseArgs($text, $appendSlash = true, $filterStrict = true)
- {
- if($appendSlash) $text .= '/';
- if($filterStrict) $text = strreplaceu(' ', '-', strtoloweru($text));
- return strreplaceu(array('%3A','%2F'), array(':','/'), rawurlencode($text));
- }
// Normalise location, make absolute location
- function normaliseLocation($location, $pageBase, $pageLocation)
+ function normaliseLocation($location, $pageBase, $pageLocation, $filterStrict = true)
{
+ if($filterStrict)
+ {
+ if(preg_match("/^javascript:/i", $location)) $location = "xss";
+ }
if(!preg_match("/^\w+:/", html_entity_decode($location, ENT_QUOTES, "UTF-8")))
{
if(!preg_match("/^\//", $location))
@@ -1567,7 +1563,15 @@ class YellowToolbox
}
return $location;
}
-
+
+ // Normalise location arguments
+ function normaliseArgs($text, $appendSlash = true, $filterStrict = true)
+ {
+ if($appendSlash) $text .= '/';
+ if($filterStrict) $text = strreplaceu(' ', '-', strtoloweru($text));
+ return strreplaceu(array('%3A','%2F'), array(':','/'), rawurlencode($text));
+ }
+
// Normalise file/directory/other name
function normaliseName($text, $removePrefix = true, $removeExtension = false, $filterStrict = false)
{
