Lanmikeman/openvk
Lanmikeman/openvk
1
1
Fork 0
mirror of https://github.com/openvk/openvk synced 2025-07-02 05:58:13 +03:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'OpenVK:master' into master

Browse source
This commit is contained in:
ayato 2025-06-23 20:43:20 +05:00 committed by GitHub
commit 5ecb69e880
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
8 changed files with 76 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
VKAPI/Handlers/Audio.php
View file

@ -21,13 +21,7 @@ final class Audio extends VKAPIRequestHandler
$this->fail(201, "Access denied to audio(" . $audio->getId() . ")"); $this->fail(201, "Access denied to audio(" . $audio->getId() . ")");
} }
# рофлан ебало
$privApi = $hash && $GLOBALS["csrfCheck"];
$audioObj = $audio->toVkApiStruct($this->getUser()); $audioObj = $audio->toVkApiStruct($this->getUser());
if (!$privApi) {
$audioObj->manifest = false;
$audioObj->keys = false;
}
if ($need_user) { if ($need_user) {
$user = (new \openvk\Web\Models\Repositories\Users())->get($audio->getOwner()->getId()); $user = (new \openvk\Web\Models\Repositories\Users())->get($audio->getOwner()->getId());

39
Web/Models/Entities/Note.php
View file

@ -6,12 +6,42 @@ namespace openvk\Web\Models\Entities;
use HTMLPurifier_Config; use HTMLPurifier_Config;
use HTMLPurifier; use HTMLPurifier;
use HTMLPurifier_Filter;
class SecurityFilter extends HTMLPurifier_Filter
{
public function preFilter($html, $config, $context)
{
$html = preg_replace_callback(
'/<img[^>]*src\s*=\s*["\']([^"\']*)["\'][^>]*>/i',
function ($matches) {
$originalSrc = $matches[1];
$src = $originalSrc;
if (OPENVK_ROOT_CONF["openvk"]["preferences"]["notes"]["disableHotlinking"] ?? true) {
if (!str_contains($src, "/image.php?url=")) {
$src = '/image.php?url=' . base64_encode($originalSrc);
} /*else {
$src = preg_replace_callback('/(.*)\/image\.php\?url=(.*)/i', function ($matches) {
return base64_decode($matches[2]);
}, $src);
}*/
}
return str_replace($originalSrc, $src, $matches[0]);
},
$html
);
return $html;
}
}
class Note extends Postable class Note extends Postable
{ {
protected $tableName = "notes"; protected $tableName = "notes";
protected function renderHTML(): string protected function renderHTML(?string $content = null): string
{ {
$config = HTMLPurifier_Config::createDefault(); $config = HTMLPurifier_Config::createDefault();
$config->set("Attr.AllowedClasses", []); $config->set("Attr.AllowedClasses", []);
@ -78,8 +108,10 @@ class Note extends Postable
$config->set("Attr.AllowedClasses", [ $config->set("Attr.AllowedClasses", [
"underline", "underline",
]); ]);
$config->set('Filter.Custom', [new SecurityFilter()]);
$source = null; $source = $content;
if (!$source) {
if (is_null($this->getRecord())) { if (is_null($this->getRecord())) {
if (isset($this->changes["source"])) { if (isset($this->changes["source"])) {
$source = $this->changes["source"]; $source = $this->changes["source"];
@ -89,6 +121,7 @@ class Note extends Postable
} else { } else {
$source = $this->getRecord()->source; $source = $this->getRecord()->source;
} }
}
$purifier = new HTMLPurifier($config); $purifier = new HTMLPurifier($config);
return $purifier->purify($source); return $purifier->purify($source);
@ -117,7 +150,7 @@ class Note extends Postable
$this->save(); $this->save();
} }
return $cached; return $this->renderHTML($cached);
} }
public function getSource(): string public function getSource(): string

22
Web/Presenters/InternalAPIPresenter.php
View file

@ -176,4 +176,26 @@ final class InternalAPIPresenter extends OpenVKPresenter
exit(''); exit('');
} }
} }
public function renderImageFilter()
{
$is_enabled = OPENVK_ROOT_CONF["openvk"]["preferences"]["notes"]["disableHotlinking"] ?? true;
$allowed_hosts = OPENVK_ROOT_CONF["openvk"]["preferences"]["notes"]["allowedHosts"] ?? [];
$url = $this->requestParam("url");
$url = base64_decode($url);
if (!$is_enabled) {
$this->redirect($url);
}
$url_parsed = parse_url($url);
$host = $url_parsed['host'];
if (in_array($host, $allowed_hosts)) {
$this->redirect($url);
} else {
$this->redirect('/assets/packages/static/openvk/img/fn_placeholder.jpg');
}
}
} }

8
Web/Presenters/templates/About/Version.xml
View file

@ -385,8 +385,8 @@
<tr> <tr>
<td class="e"> <td class="e">
Vladimir Barinov (veselcraft), Celestora, Konstantin Kichulkin (kosfurler), Vladimir Barinov (veselcraft), Celestora, Konstantin Kichulkin (kosfurler),
Daniel Myslivets, Maxim Leshchenko (maksales / maksalees), n1rwana and Daniel Myslivets, Maxim Leshchenko (maksales / maksalees), n1rwana,
Jillian Österreich (Lumaeris) Jillian Österreich (Lumaeris) and MrIlyew (V00d00 M4g1c)
</td> </td>
</tr> </tr>
</tbody> </tbody>
@ -472,7 +472,7 @@
</tbody> </tbody>
</table> </table>
<table> {*<table>
<tbody> <tbody>
<tr class="h"> <tr class="h">
<th>OpenVK QA Team</th> <th>OpenVK QA Team</th>
@ -486,7 +486,7 @@
</td> </td>
</tr> </tr>
</tbody> </tbody>
</table> </table>*}
<hr/> <hr/>

4
Web/Presenters/templates/components/textArea.xml
View file

@ -22,6 +22,8 @@
{if !is_null($thisUser) && !is_null($club ?? NULL) && $owner < 0} {if !is_null($thisUser) && !is_null($club ?? NULL) && $owner < 0}
{if $club->canBeModifiedBy($thisUser)} {if $club->canBeModifiedBy($thisUser)}
{var $anonHide = true}
<script> <script>
function onWallAsGroupClick(el) { function onWallAsGroupClick(el) {
document.querySelector("#forceSignOpt").style.display = el.checked ? "block" : "none"; document.querySelector("#forceSignOpt").style.display = el.checked ? "block" : "none";
@ -41,7 +43,7 @@
{/if} {/if}
{/if} {/if}
<label n:if="$anonEnabled" id="octoberAnonOpt" style="display: none;"> <label n:if="$anonEnabled" id="octoberAnonOpt" {if $anonHide}style="display: none;"{/if}>
<input type="checkbox" name="anon" /> {_as_anonymous} <input type="checkbox" name="anon" /> {_as_anonymous}
</label> </label>

2
Web/routes.yml
View file

@ -413,6 +413,8 @@ routes:
handler: "InternalAPI->getPhotosFromPost" handler: "InternalAPI->getPhotosFromPost"
- url: "/iapi/getPostTemplate/{num}_{num}" - url: "/iapi/getPostTemplate/{num}_{num}"
handler: "InternalAPI->getPostTemplate" handler: "InternalAPI->getPostTemplate"
- url: "/image.php"
handler: "InternalAPI->imageFilter"
- url: "/tour" - url: "/tour"
handler: "About->tour" handler: "About->tour"
- url: "/fave" - url: "/fave"

BIN
Web/static/img/fn_placeholder.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 14 KiB

3
openvk-example.yml
View file

@ -60,6 +60,9 @@ openvk:
exposeOriginalURLs: true exposeOriginalURLs: true
newsfeed: newsfeed:
ignoredSourcesLimit: 50 ignoredSourcesLimit: 50
notes:
disableHotlinking: true
allowedHosts: []
wall: wall:
christian: false christian: false
anonymousPosting: anonymousPosting: