GNUsocial/gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity

[CORE][SECURITY][HTML] Refactor Security::sanitize to HTML::sanitize

Browse Source 
Update composer dependencies, move more general deps from ActivityPub to Core
This commit is contained in:
Diogo Peralta Cordeiro
2022-01-12 17:12:26 +00:00
parent 968b1751fd
commit 480f570238
9 changed files with 322 additions and 262 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
components/Posting/Posting.php
View File

@@ -30,7 +30,6 @@ use App\Core\GSFile;
use function App\Core\I18n\_m;
use App\Core\Modules\Component;
use App\Core\Router\Router;
use App\Core\Security;
use App\Core\VisibilityScope;
use App\Entity\Activity;
use App\Entity\Actor;
@@ -43,6 +42,7 @@ use App\Util\Exception\RedirectException;
use App\Util\Exception\ServerException;
use App\Util\Form\FormFields;
use App\Util\Formatting;
use App\Util\HTML;
use Component\Attachment\Entity\ActorToAttachment;
use Component\Attachment\Entity\AttachmentToNote;
use Component\Conversation\Conversation;
@@ -74,7 +74,7 @@ class Posting extends Component
return Event::next;
}
$actor = $user->getActor();
$actor = $user->getActor();
$placeholder_strings = ['How are you feeling?', 'Have something to share?', 'How was your day?'];
Event::handle('PostingPlaceHolderString', [&$placeholder_strings]);
@@ -146,7 +146,7 @@ class Posting extends Component
$extra_args = [];
Event::handle('AddExtraArgsToNoteContent', [$request, $actor, $data, &$extra_args, $form_params, $form]);
$target = !array_key_exists('in', $data) || $data['in'] === 'public' ? $context_actor : null;
$target = !\array_key_exists('in', $data) || $data['in'] === 'public' ? $context_actor : null;
self::storeLocalNote(
actor: $user->getActor(),
@@ -290,7 +290,6 @@ class Posting extends Component
Event::handle('NewNotification', [$actor, $activity, ['object' => $mention_ids], _m('{nickname} created a note {note_id}.', ['{nickname}' => $actor->getNickname(), '{note_id}' => $activity->getObjectId()])]);
}
return $note;
}
@@ -303,7 +302,7 @@ class Posting extends Component
return Event::stop;
case 'text/html':
// TODO: It has to linkify and stuff as well
$rendered = Security::sanitize($content);
$rendered = HTML::sanitize($content);
return Event::stop;
default:
return Event::next;