Split up source and source_link. Never trust HTML!

https://community.highlandarrow.com/notice/269667
or alternatively: https://social.umeahackerspace.se/conversation/495655
This commit is contained in:
Mikael Nordfeldth 2016-09-02 00:55:46 +02:00
parent 15ab9ff9e3
commit a7043bf7cc
4 changed files with 41 additions and 34 deletions

View File

@ -337,21 +337,21 @@ class ApiSearchAtomAction extends ApiPrivateAuthAction
// @todo: Here is where we'd put in a link to an atom feed for threads
$source = null;
$source_link = null;
$ns = $notice->getSource();
if ($ns instanceof Notice_source) {
if (!empty($ns->name) && !empty($ns->url)) {
$source = '<a href="'
. htmlspecialchars($ns->url)
. '" rel="nofollow">'
. htmlspecialchars($ns->name)
. '</a>';
} else {
$source = $ns->code;
$source = $ns->code;
if (!empty($ns->url)) {
$source_link = $ns->url;
if (!empty($ns->name)) {
$source = $ns->name;
}
}
}
$this->element("twitter:source", null, $source);
$this->element("twitter:source_link", null, $source_link);
$this->elementStart('author');

View File

@ -2101,11 +2101,7 @@ class Notice extends Managed_DataObject
if (!empty($ns->url)) {
$noticeInfoAttr['source_link'] = $ns->url;
if (!empty($ns->name)) {
$noticeInfoAttr['source'] = '<a href="'
. htmlspecialchars($ns->url)
. '" rel="nofollow">'
. htmlspecialchars($ns->name)
. '</a>';
$noticeInfoAttr['source'] = $ns->name;
}
}
}

View File

@ -337,22 +337,22 @@ class ApiAction extends Action
$twitter_status['in_reply_to_status_id'] = $in_reply_to;
$source = null;
$source_link = null;
$ns = $notice->getSource();
if ($ns instanceof Notice_source) {
if (!empty($ns->name) && !empty($ns->url)) {
$source = '<a href="'
. htmlspecialchars($ns->url)
. '" rel="nofollow">'
. htmlspecialchars($ns->name)
. '</a>';
} else {
$source = $ns->code;
$source = $ns->code;
if (!empty($ns->url)) {
$source_link = $ns->url;
if (!empty($ns->name)) {
$source = $ns->name;
}
}
}
$twitter_status['uri'] = $notice->getUri();
$twitter_status['source'] = $source;
$twitter_status['source_link'] = $source_link;
$twitter_status['id'] = intval($notice->id);
$replier_profile = null;

View File

@ -184,7 +184,8 @@ class ResultItem
var $id;
var $from_user_id;
var $iso_language_code;
var $source;
var $source = null;
var $source_link = null;
var $profile_image_url;
var $created_at;
@ -234,7 +235,8 @@ class ResultItem
$this->iso_language_code = Profile_prefs::getConfigData($this->profile, 'site', 'language');
$this->source = $this->getSourceLink($this->notice->source);
// set source and source_link
$this->setSourceData();
$this->profile_image_url = $this->profile->avatarUrl(AVATAR_STREAM_SIZE);
@ -242,34 +244,43 @@ class ResultItem
}
/**
* Show the source of the notice
* Set the notice's source data (api/app name and URL)
*
* Either the name (and link) of the API client that posted the notice,
* or one of other other channels.
* or one of other other channels. Uses the local notice object.
*
* @param string $source the source of the Notice
*
* @return string a fully rendered source of the Notice
* @return void
*/
function getSourceLink($source)
function setSourceData()
{
// Gettext translations for the below source types are available.
$source_name = _($source);
$source = null;
$source_link = null;
switch ($source) {
case 'web':
case 'xmpp':
case 'mail':
case 'omb':
case 'api':
// Gettext translations for the below source types are available.
$source = _($this->notice->source);
break;
default:
$ns = Notice_source::getKV($source);
$ns = Notice_source::getKV($this->notice->source);
if ($ns instanceof Notice_source) {
$source_name = '<a href="' . $ns->url . '">' . $ns->name . '</a>';
$source = $ns->code;
if (!empty($ns->url)) {
$source_link = $ns->url;
if (!empty($ns->name)) {
$source = $ns->name;
}
}
}
break;
}
return $source_name;
$this->source = $source;
$this->source_link = $source_link;
}
}