Compare commits

..

1 commit

Author SHA1 Message Date
Mikita Wiśniewski
efa84129ca
Merge c19765d48e into b90a0fa013 2025-06-03 21:34:01 +07:00
9 changed files with 20 additions and 77 deletions

View file

@ -21,7 +21,13 @@ final class Audio extends VKAPIRequestHandler
$this->fail(201, "Access denied to audio(" . $audio->getId() . ")"); $this->fail(201, "Access denied to audio(" . $audio->getId() . ")");
} }
# рофлан ебало
$privApi = $hash && $GLOBALS["csrfCheck"];
$audioObj = $audio->toVkApiStruct($this->getUser()); $audioObj = $audio->toVkApiStruct($this->getUser());
if (!$privApi) {
$audioObj->manifest = false;
$audioObj->keys = false;
}
if ($need_user) { if ($need_user) {
$user = (new \openvk\Web\Models\Repositories\Users())->get($audio->getOwner()->getId()); $user = (new \openvk\Web\Models\Repositories\Users())->get($audio->getOwner()->getId());

View file

@ -6,42 +6,12 @@ namespace openvk\Web\Models\Entities;
use HTMLPurifier_Config; use HTMLPurifier_Config;
use HTMLPurifier; use HTMLPurifier;
use HTMLPurifier_Filter;
class SecurityFilter extends HTMLPurifier_Filter
{
public function preFilter($html, $config, $context)
{
$html = preg_replace_callback(
'/<img[^>]*src\s*=\s*["\']([^"\']*)["\'][^>]*>/i',
function ($matches) {
$originalSrc = $matches[1];
$src = $originalSrc;
if (OPENVK_ROOT_CONF["openvk"]["preferences"]["notes"]["disableHotlinking"] ?? true) {
if (!str_contains($src, "/image.php?url=")) {
$src = '/image.php?url=' . base64_encode($originalSrc);
} /*else {
$src = preg_replace_callback('/(.*)\/image\.php\?url=(.*)/i', function ($matches) {
return base64_decode($matches[2]);
}, $src);
}*/
}
return str_replace($originalSrc, $src, $matches[0]);
},
$html
);
return $html;
}
}
class Note extends Postable class Note extends Postable
{ {
protected $tableName = "notes"; protected $tableName = "notes";
protected function renderHTML(?string $content = null): string protected function renderHTML(): string
{ {
$config = HTMLPurifier_Config::createDefault(); $config = HTMLPurifier_Config::createDefault();
$config->set("Attr.AllowedClasses", []); $config->set("Attr.AllowedClasses", []);
@ -108,19 +78,16 @@ class Note extends Postable
$config->set("Attr.AllowedClasses", [ $config->set("Attr.AllowedClasses", [
"underline", "underline",
]); ]);
$config->set('Filter.Custom', [new SecurityFilter()]);
$source = $content; $source = null;
if (!$source) { if (is_null($this->getRecord())) {
if (is_null($this->getRecord())) { if (isset($this->changes["source"])) {
if (isset($this->changes["source"])) { $source = $this->changes["source"];
$source = $this->changes["source"];
} else {
throw new \LogicException("Can't render note without content set.");
}
} else { } else {
$source = $this->getRecord()->source; throw new \LogicException("Can't render note without content set.");
} }
} else {
$source = $this->getRecord()->source;
} }
$purifier = new HTMLPurifier($config); $purifier = new HTMLPurifier($config);
@ -150,7 +117,7 @@ class Note extends Postable
$this->save(); $this->save();
} }
return $this->renderHTML($cached); return $cached;
} }
public function getSource(): string public function getSource(): string

View file

@ -176,26 +176,4 @@ final class InternalAPIPresenter extends OpenVKPresenter
exit(''); exit('');
} }
} }
public function renderImageFilter()
{
$is_enabled = OPENVK_ROOT_CONF["openvk"]["preferences"]["notes"]["disableHotlinking"] ?? true;
$allowed_hosts = OPENVK_ROOT_CONF["openvk"]["preferences"]["notes"]["allowedHosts"] ?? [];
$url = $this->requestParam("url");
$url = base64_decode($url);
if (!$is_enabled) {
$this->redirect($url);
}
$url_parsed = parse_url($url);
$host = $url_parsed['host'];
if (in_array($host, $allowed_hosts)) {
$this->redirect($url);
} else {
$this->redirect('/assets/packages/static/openvk/img/fn_placeholder.jpg');
}
}
} }

View file

@ -385,8 +385,8 @@
<tr> <tr>
<td class="e"> <td class="e">
Vladimir Barinov (veselcraft), Celestora, Konstantin Kichulkin (kosfurler), Vladimir Barinov (veselcraft), Celestora, Konstantin Kichulkin (kosfurler),
Daniel Myslivets, Maxim Leshchenko (maksales / maksalees), n1rwana, Daniel Myslivets, Maxim Leshchenko (maksales / maksalees), n1rwana and
Jillian Österreich (Lumaeris) and MrIlyew (V00d00 M4g1c) Jillian Österreich (Lumaeris)
</td> </td>
</tr> </tr>
</tbody> </tbody>
@ -472,7 +472,7 @@
</tbody> </tbody>
</table> </table>
{*<table> <table>
<tbody> <tbody>
<tr class="h"> <tr class="h">
<th>OpenVK QA Team</th> <th>OpenVK QA Team</th>
@ -486,7 +486,7 @@
</td> </td>
</tr> </tr>
</tbody> </tbody>
</table>*} </table>
<hr/> <hr/>

View file

@ -22,8 +22,6 @@
{if !is_null($thisUser) && !is_null($club ?? NULL) && $owner < 0} {if !is_null($thisUser) && !is_null($club ?? NULL) && $owner < 0}
{if $club->canBeModifiedBy($thisUser)} {if $club->canBeModifiedBy($thisUser)}
{var $anonHide = true}
<script> <script>
function onWallAsGroupClick(el) { function onWallAsGroupClick(el) {
document.querySelector("#forceSignOpt").style.display = el.checked ? "block" : "none"; document.querySelector("#forceSignOpt").style.display = el.checked ? "block" : "none";
@ -43,7 +41,7 @@
{/if} {/if}
{/if} {/if}
<label n:if="$anonEnabled" id="octoberAnonOpt" {if $anonHide}style="display: none;"{/if}> <label n:if="$anonEnabled" id="octoberAnonOpt" style="display: none;">
<input type="checkbox" name="anon" /> {_as_anonymous} <input type="checkbox" name="anon" /> {_as_anonymous}
</label> </label>

View file

@ -413,8 +413,6 @@ routes:
handler: "InternalAPI->getPhotosFromPost" handler: "InternalAPI->getPhotosFromPost"
- url: "/iapi/getPostTemplate/{num}_{num}" - url: "/iapi/getPostTemplate/{num}_{num}"
handler: "InternalAPI->getPostTemplate" handler: "InternalAPI->getPostTemplate"
- url: "/image.php"
handler: "InternalAPI->imageFilter"
- url: "/tour" - url: "/tour"
handler: "About->tour" handler: "About->tour"
- url: "/fave" - url: "/fave"

Binary file not shown.

Before

Width:  |  Height:  |  Size: 14 KiB

View file

@ -60,9 +60,6 @@ openvk:
exposeOriginalURLs: true exposeOriginalURLs: true
newsfeed: newsfeed:
ignoredSourcesLimit: 50 ignoredSourcesLimit: 50
notes:
disableHotlinking: true
allowedHosts: []
wall: wall:
christian: false christian: false
anonymousPosting: anonymousPosting:

View file

@ -24,7 +24,6 @@ body {
background-size: 80%; background-size: 80%;
background-position-y: 0px; background-position-y: 0px;
background-position-x: 1px; background-position-x: 1px;
width: 145px !important;
text-shadow: none; text-shadow: none;
} }