Split up source and source_link. Never trust HTML!

https://community.highlandarrow.com/notice/269667
or alternatively: https://social.umeahackerspace.se/conversation/495655
This commit is contained in:
Mikael Nordfeldth 2016-09-02 00:55:46 +02:00
parent 15ab9ff9e3
commit a7043bf7cc
4 changed files with 41 additions and 34 deletions

View File

@ -337,21 +337,21 @@ class ApiSearchAtomAction extends ApiPrivateAuthAction
// @todo: Here is where we'd put in a link to an atom feed for threads // @todo: Here is where we'd put in a link to an atom feed for threads
$source = null; $source = null;
$source_link = null;
$ns = $notice->getSource(); $ns = $notice->getSource();
if ($ns instanceof Notice_source) { if ($ns instanceof Notice_source) {
if (!empty($ns->name) && !empty($ns->url)) {
$source = '<a href="'
. htmlspecialchars($ns->url)
. '" rel="nofollow">'
. htmlspecialchars($ns->name)
. '</a>';
} else {
$source = $ns->code; $source = $ns->code;
if (!empty($ns->url)) {
$source_link = $ns->url;
if (!empty($ns->name)) {
$source = $ns->name;
}
} }
} }
$this->element("twitter:source", null, $source); $this->element("twitter:source", null, $source);
$this->element("twitter:source_link", null, $source_link);
$this->elementStart('author'); $this->elementStart('author');

View File

@ -2101,11 +2101,7 @@ class Notice extends Managed_DataObject
if (!empty($ns->url)) { if (!empty($ns->url)) {
$noticeInfoAttr['source_link'] = $ns->url; $noticeInfoAttr['source_link'] = $ns->url;
if (!empty($ns->name)) { if (!empty($ns->name)) {
$noticeInfoAttr['source'] = '<a href="' $noticeInfoAttr['source'] = $ns->name;
. htmlspecialchars($ns->url)
. '" rel="nofollow">'
. htmlspecialchars($ns->name)
. '</a>';
} }
} }
} }

View File

@ -337,22 +337,22 @@ class ApiAction extends Action
$twitter_status['in_reply_to_status_id'] = $in_reply_to; $twitter_status['in_reply_to_status_id'] = $in_reply_to;
$source = null; $source = null;
$source_link = null;
$ns = $notice->getSource(); $ns = $notice->getSource();
if ($ns instanceof Notice_source) { if ($ns instanceof Notice_source) {
if (!empty($ns->name) && !empty($ns->url)) {
$source = '<a href="'
. htmlspecialchars($ns->url)
. '" rel="nofollow">'
. htmlspecialchars($ns->name)
. '</a>';
} else {
$source = $ns->code; $source = $ns->code;
if (!empty($ns->url)) {
$source_link = $ns->url;
if (!empty($ns->name)) {
$source = $ns->name;
}
} }
} }
$twitter_status['uri'] = $notice->getUri(); $twitter_status['uri'] = $notice->getUri();
$twitter_status['source'] = $source; $twitter_status['source'] = $source;
$twitter_status['source_link'] = $source_link;
$twitter_status['id'] = intval($notice->id); $twitter_status['id'] = intval($notice->id);
$replier_profile = null; $replier_profile = null;

View File

@ -184,7 +184,8 @@ class ResultItem
var $id; var $id;
var $from_user_id; var $from_user_id;
var $iso_language_code; var $iso_language_code;
var $source; var $source = null;
var $source_link = null;
var $profile_image_url; var $profile_image_url;
var $created_at; var $created_at;
@ -234,7 +235,8 @@ class ResultItem
$this->iso_language_code = Profile_prefs::getConfigData($this->profile, 'site', 'language'); $this->iso_language_code = Profile_prefs::getConfigData($this->profile, 'site', 'language');
$this->source = $this->getSourceLink($this->notice->source); // set source and source_link
$this->setSourceData();
$this->profile_image_url = $this->profile->avatarUrl(AVATAR_STREAM_SIZE); $this->profile_image_url = $this->profile->avatarUrl(AVATAR_STREAM_SIZE);
@ -242,34 +244,43 @@ class ResultItem
} }
/** /**
* Show the source of the notice * Set the notice's source data (api/app name and URL)
* *
* Either the name (and link) of the API client that posted the notice, * Either the name (and link) of the API client that posted the notice,
* or one of other other channels. * or one of other other channels. Uses the local notice object.
* *
* @param string $source the source of the Notice * @return void
*
* @return string a fully rendered source of the Notice
*/ */
function getSourceLink($source) function setSourceData()
{ {
// Gettext translations for the below source types are available. $source = null;
$source_name = _($source); $source_link = null;
switch ($source) { switch ($source) {
case 'web': case 'web':
case 'xmpp': case 'xmpp':
case 'mail': case 'mail':
case 'omb': case 'omb':
case 'api': case 'api':
// Gettext translations for the below source types are available.
$source = _($this->notice->source);
break; break;
default: default:
$ns = Notice_source::getKV($source); $ns = Notice_source::getKV($this->notice->source);
if ($ns instanceof Notice_source) { if ($ns instanceof Notice_source) {
$source_name = '<a href="' . $ns->url . '">' . $ns->name . '</a>'; $source = $ns->code;
if (!empty($ns->url)) {
$source_link = $ns->url;
if (!empty($ns->name)) {
$source = $ns->name;
}
}
} }
break; break;
} }
return $source_name; $this->source = $source;
$this->source_link = $source_link;
} }
} }