Browse Source

replace common markdown filter with limited html version to prevent users deanon by remote images request

main 1.2.1
ghost 12 months ago
parent
commit
2d2e79cd07
  1. 2
      .env
  2. 36
      src/Twig/AppExtension.php
  3. 5
      templates/default/room/index.html.twig

2
.env

@ -19,7 +19,7 @@ APP_ENV=dev
APP_SECRET=EDIT_ME APP_SECRET=EDIT_ME
###< symfony/framework-bundle ### ###< symfony/framework-bundle ###
APP_VERSION=1.2.0 APP_VERSION=1.2.1
APP_NAME=KevaChat APP_NAME=KevaChat

36
src/Twig/AppExtension.php

@ -52,6 +52,20 @@ class AppExtension extends AbstractExtension
'mentionToMarkdown' 'mentionToMarkdown'
] ]
), ),
new TwigFilter(
'url_to_html',
[
$this,
'urlToHtml'
]
),
new TwigFilter(
'mention_to_html',
[
$this,
'mentionToHtml'
]
),
new TwigFilter( new TwigFilter(
'keva_namespace_value', 'keva_namespace_value',
[ [
@ -170,6 +184,28 @@ class AppExtension extends AbstractExtension
); );
} }
public function urlToHtml(
string $text
): string
{
return preg_replace(
'~(https?://(?:www\.)?[^\(\s\)]+)~i',
'<a href="$1">$1</a>',
$text
);
}
public function mentionToHtml(
string $text
): string
{
return preg_replace(
'~@([A-z0-9]{64})~i',
'<a href="#$1">@$1</a>',
$text
);
}
private function plural(int $number, array $texts) private function plural(int $number, array $texts)
{ {
$cases = [2, 0, 1, 1, 1, 2]; $cases = [2, 0, 1, 1, 1, 2];

5
templates/default/room/index.html.twig

@ -34,8 +34,13 @@
</svg> </svg>
</span> </span>
{% endif %} {% endif %}
{# markdown filter enabled could deanon chat users by external image request, disabled
<br /> <br />
{{ post.message | message_to_markdown | markdown_to_html }} {{ post.message | message_to_markdown | markdown_to_html }}
#}
<p>
{{ post.message | trim | nl2br | url_to_html | mention_to_html }}
</p>
</li> </li>
{% endfor %} {% endfor %}
</ul> </ul>

Loading…
Cancel
Save