Browse Source

replace common markdown filter with limited html version to prevent users deanon by remote images request

main 1.2.1
ghost 11 months ago
parent
commit
2d2e79cd07
  1. 2
      .env
  2. 36
      src/Twig/AppExtension.php
  3. 5
      templates/default/room/index.html.twig

2
.env

@ -19,7 +19,7 @@ APP_ENV=dev @@ -19,7 +19,7 @@ APP_ENV=dev
APP_SECRET=EDIT_ME
###< symfony/framework-bundle ###
APP_VERSION=1.2.0
APP_VERSION=1.2.1
APP_NAME=KevaChat

36
src/Twig/AppExtension.php

@ -52,6 +52,20 @@ class AppExtension extends AbstractExtension @@ -52,6 +52,20 @@ class AppExtension extends AbstractExtension
'mentionToMarkdown'
]
),
new TwigFilter(
'url_to_html',
[
$this,
'urlToHtml'
]
),
new TwigFilter(
'mention_to_html',
[
$this,
'mentionToHtml'
]
),
new TwigFilter(
'keva_namespace_value',
[
@ -170,6 +184,28 @@ class AppExtension extends AbstractExtension @@ -170,6 +184,28 @@ class AppExtension extends AbstractExtension
);
}
public function urlToHtml(
string $text
): string
{
return preg_replace(
'~(https?://(?:www\.)?[^\(\s\)]+)~i',
'<a href="$1">$1</a>',
$text
);
}
public function mentionToHtml(
string $text
): string
{
return preg_replace(
'~@([A-z0-9]{64})~i',
'<a href="#$1">@$1</a>',
$text
);
}
private function plural(int $number, array $texts)
{
$cases = [2, 0, 1, 1, 1, 2];

5
templates/default/room/index.html.twig

@ -34,8 +34,13 @@ @@ -34,8 +34,13 @@
</svg>
</span>
{% endif %}
{# markdown filter enabled could deanon chat users by external image request, disabled
<br />
{{ post.message | message_to_markdown | markdown_to_html }}
#}
<p>
{{ post.message | trim | nl2br | url_to_html | mention_to_html }}
</p>
</li>
{% endfor %}
</ul>

Loading…
Cancel
Save