diff --git a/winixd/core/app.cpp b/winixd/core/app.cpp index 107918f..6459e0b 100644 --- a/winixd/core/app.cpp +++ b/winixd/core/app.cpp @@ -1244,6 +1244,7 @@ void App::FilterContent() // !! IMPROVE ME may some kind of html_filtered.reserve() here? (optimization) TemplatesFunctions::html_filter.Filter(req.out_main_stream.Str(), html_filtered); req.out_main_stream.Str(std::move(html_filtered)); // !! IMPROVE ME we do not have Str(&&) method + log << log3 << "App: html in the main stream has been filtered" << logend; } if( filter_json ) @@ -1255,6 +1256,8 @@ void App::FilterContent() TemplatesFunctions::html_filter.Filter(stream.Str(), html_filtered); stream.Str(std::move(html_filtered)); } + + log << log3 << "App: html in json out streams have been filtered" << logend; } } diff --git a/winixd/core/item.cpp b/winixd/core/item.cpp index 408c768..b829191 100644 --- a/winixd/core/item.cpp +++ b/winixd/core/item.cpp @@ -110,6 +110,20 @@ void Item::Clear() } +/* + * we're using the HtmlFilter only for those contents + * + */ +bool Item::CanContentBeHtmlFiltered(Item::ContentType ct) +{ + return ct == ct_text || ct == ct_formatted_text || ct == ct_html || ct == ct_bbcode; +} + +bool Item::CanContentBeHtmlFiltered() +{ + return CanContentBeHtmlFiltered(content_type); +} + } // namespace Winix diff --git a/winixd/core/item.h b/winixd/core/item.h index d3a12e2..9be1670 100644 --- a/winixd/core/item.h +++ b/winixd/core/item.h @@ -82,6 +82,7 @@ struct Item ct_formatted_text, ct_html, ct_bbcode, + ct_other, // no auto-formatting is applied }; ContentType content_type; @@ -134,6 +135,10 @@ struct Item void Clear(); + static bool CanContentBeHtmlFiltered(Item::ContentType ct); + bool CanContentBeHtmlFiltered(); + + private: // used by the database long content_id; // content id in 'content' table diff --git a/winixd/core/system.cpp b/winixd/core/system.cpp index d4cb56a..9e40bce 100644 --- a/winixd/core/system.cpp +++ b/winixd/core/system.cpp @@ -753,6 +753,12 @@ bool System::CanUseBBCode(long user_id) } +// !! IMPROVE ME change to a better name +bool System::CanUseOther(long user_id) +{ + return IsSuperUser(user_id) || IsMemberOfGroup(user_id, L"allow_other"); +} + bool System::IsSuperUser(long user_id) @@ -1399,6 +1405,7 @@ bool System::AddCommonFileToVar(const wchar_t * file_path, const wchar_t * url, file_content_item.type = Item::file; file_content_item.html_template = config->templates_index_raw; file_content_item.content = file_content; + file_content_item.content_type = Item::ct_other; return AddFile(file_content_item, false) == WINIX_ERR_OK; } diff --git a/winixd/core/system.h b/winixd/core/system.h index 6b89725..7cecf75 100644 --- a/winixd/core/system.h +++ b/winixd/core/system.h @@ -158,6 +158,7 @@ public: bool CanUseHtml(long user_id); bool CanUseBBCode(long user_id); + bool CanUseOther(long user_id); bool IsSuperUser(long user_id); bool IsMemberOfGroup(long user_id, const wchar_t * group_name); diff --git a/winixd/functions/cat.cpp b/winixd/functions/cat.cpp index 9cfe5c3..4b168d9 100644 --- a/winixd/functions/cat.cpp +++ b/winixd/functions/cat.cpp @@ -5,7 +5,7 @@ */ /* - * Copyright (c) 2008-2014, Tomasz Sowa + * Copyright (c) 2008-2016, Tomasz Sowa * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -56,7 +56,6 @@ void Cat::MakeGet() cur->request->status = WINIX_ERR_NO_ITEM; return; } - if( !system->HasReadAccess(cur->request->item) ) { diff --git a/winixd/functions/functions.cpp b/winixd/functions/functions.cpp index 29478fd..1d68ace 100644 --- a/winixd/functions/functions.cpp +++ b/winixd/functions/functions.cpp @@ -444,9 +444,14 @@ void Functions::MakeFunction() if( cur->request->method == Request::head ) { // do nothing + + // !! IMPROVE ME + // we should make a page similar like in a GET request but the content should not be returned only } else + { log << log1 << "Functions: unknown request method (skipping)" << logend; + } } @@ -578,7 +583,6 @@ void Functions::ReadItemContentWithType(Item & item) long user_id = cur->session->puser->id; - if( temp == L"2" ) { if( system->CanUseHtml(user_id) ) @@ -590,6 +594,12 @@ void Functions::ReadItemContentWithType(Item & item) if( system->CanUseBBCode(user_id) ) item.content_type = Item::ct_bbcode; } + else + if( temp == L"4" ) + { + if( system->CanUseOther(user_id) ) + item.content_type = Item::ct_other; + } } diff --git a/winixd/functions/run.cpp b/winixd/functions/run.cpp index efd0293..b04d21a 100644 --- a/winixd/functions/run.cpp +++ b/winixd/functions/run.cpp @@ -1,3 +1,4 @@ + /* * This file is a part of Winix * and is distributed under the 2-Clause BSD licence. diff --git a/winixd/html/fun_cat.html b/winixd/html/fun_cat.html index 12c8265..725a879 100644 --- a/winixd/html/fun_cat.html +++ b/winixd/html/fun_cat.html @@ -1,37 +1,38 @@ -[if mount_page_arg_is "subject"][if mount_page_arg_is "info"]

[else]

[end][item_subject]

[end] -[if mount_page_arg_is "info"][include "item_info.html"][end] +[if item_content_type_is "other"][item_print_content][else] -[if one item_filetype_is_image] + [if mount_page_arg_is "subject"][if mount_page_arg_is "info"]

[else]

[end][item_subject]

[end] + [if mount_page_arg_is "info"][include "item_info.html"][end] - [item_subject] + [if one item_filetype_is_image] + + [item_subject] + + [# we use pre.nowinixbreak to tell the html_filter not to put a blank space into those urles] - [# we use pre.nowinixbreak to tell the html_filter not to put a blank space into those urles] - -
- 
-	{cat_image_url}: [item_link]

-	{cat_image_thumb_url}: [item_link]/-/thumb
-
-
- - [item_print_content] - -[else] - - [if not item_filetype_is_none] - {download}: [item_subject] 
-		{cat_file_url}: [item_link]

+		{cat_image_url}: [item_link]

+		{cat_image_thumb_url}: [item_link]/-/thumb
+ [item_print_content] + [else] - [item_print_content] + + [if not item_filetype_is_none] + {download}: [item_subject] +
+ 
+			{cat_file_url}: [item_link]

+
+
+ + [item_print_content] + + [else] + [item_print_content] + [end] + [end] - [end] - - - - diff --git a/winixd/html/fun_createticket.html b/winixd/html/fun_createticket.html index 9620b78..2db0e57 100644 --- a/winixd/html/fun_createticket.html +++ b/winixd/html/fun_createticket.html @@ -103,7 +103,7 @@ {form_emacs_content_type_formatted_text} [if user_can_use_html]{form_emacs_content_type_html}[end] [if user_can_use_bbcode]{form_emacs_content_type_bbcode}[end] - [if user_can_use_raw]{form_emacs_content_type_raw}[end] + [if user_can_use_other]{form_emacs_content_type_other}[end] diff --git a/winixd/html/fun_emacs_post.html b/winixd/html/fun_emacs_post.html index 7f896cd..34a85d8 100644 --- a/winixd/html/fun_emacs_post.html +++ b/winixd/html/fun_emacs_post.html @@ -20,7 +20,7 @@ {form_emacs_content_type_formatted_text} [if user_can_use_html]{form_emacs_content_type_html}[end] [if user_can_use_bbcode]{form_emacs_content_type_bbcode}[end] - [if user_can_use_raw]{form_emacs_content_type_raw}[end] + [if user_can_use_other]{form_emacs_content_type_other}[end] diff --git a/winixd/html/fun_reply.html b/winixd/html/fun_reply.html index 6e21c4c..d27cc55 100644 --- a/winixd/html/fun_reply.html +++ b/winixd/html/fun_reply.html @@ -31,7 +31,7 @@ [if user_can_use_html][end] [if user_can_use_bbcode][end] - [if user_can_use_raw][end] + [if user_can_use_other][end] diff --git a/winixd/html/fun_run.html b/winixd/html/fun_run.html index 0377beb..077372f 100644 --- a/winixd/html/fun_run.html +++ b/winixd/html/fun_run.html @@ -1,22 +1,25 @@ -
- [if mount_page_arg_is "subject"] - [if mount_page_arg_is "info"] -

- [else] -

+[if item_content_type_is "other"][item_run][else] + +
+ + [if mount_page_arg_is "subject"] + [if mount_page_arg_is "info"] +

+ [else] +

+ [end] + + [item_subject] +

+ [end] - [item_subject] -

+ [if mount_page_arg_is "info"] + [include "item_info.html"] + [end] - [end] + [item_run] + +
- [if mount_page_arg_is "info"] - [include "item_info.html"] - [end] - - [item_run] - - - - +[end] diff --git a/winixd/locale/en b/winixd/locale/en index b4f2639..caebf29 100644 --- a/winixd/locale/en +++ b/winixd/locale/en @@ -146,7 +146,7 @@ form_emacs_content_type_text = text form_emacs_content_type_formatted_text = formatted text form_emacs_content_type_html = html form_emacs_content_type_bbcode = bbcode -form_emacs_content_type_raw = raw +form_emacs_content_type_other = other \(no formatting\) last_header = Last logged users diff --git a/winixd/locale/pl b/winixd/locale/pl index b69c928..51abd3c 100644 --- a/winixd/locale/pl +++ b/winixd/locale/pl @@ -150,7 +150,7 @@ form_emacs_content_type_text = text form_emacs_content_type_formatted_text = sformatowany text form_emacs_content_type_html = html form_emacs_content_type_bbcode = bbcode -form_emacs_content_type_raw = surowa postać +form_emacs_content_type_other = inny \(brak formatowania\) last_header = Ostatnio logowani użytkownicy diff --git a/winixd/templates/config.cpp b/winixd/templates/config.cpp index 2e67f06..5d95a42 100644 --- a/winixd/templates/config.cpp +++ b/winixd/templates/config.cpp @@ -94,6 +94,10 @@ void config_base_url_common(Info & i) } +void config_is_html_filter_allowed(Info & i) +{ + i.res = config->html_filter; +} } // namespace TemplatesFunctions diff --git a/winixd/templates/item.cpp b/winixd/templates/item.cpp index 0eb2917..221905d 100644 --- a/winixd/templates/item.cpp +++ b/winixd/templates/item.cpp @@ -114,6 +114,9 @@ void item_content_type_is(Item & item, Info & i) else if( item.content_type == Item::ct_bbcode && i.par == L"bbcode" ) i.res = true; + else + if( item.content_type == Item::ct_other && i.par == L"other" ) + i.res = true; } @@ -125,6 +128,9 @@ void item_content_type_is(Info & i) void item_print_content(HtmlTextStream & out, const std::wstring & content, Item::ContentType content_type) { + if( config->html_filter && !Item::CanContentBeHtmlFiltered(content_type) ) + out << R(""); + if( content_type == Item::ct_text ) { out << content; @@ -135,11 +141,6 @@ void item_print_content(HtmlTextStream & out, const std::wstring & content, Item HtmlEscapeFormTxt(out, content); } else - if( content_type == Item::ct_html ) - { - out << R(content); - } - else if( content_type == Item::ct_bbcode ) { static std::wstring out_temp; @@ -149,6 +150,14 @@ void item_print_content(HtmlTextStream & out, const std::wstring & content, Item bbcode_parser.Filter(content.c_str(), out_temp); out << R(out_temp); } + else + { + // ct_html, ct_other + out << R(content); + } + + if( config->html_filter && !Item::CanContentBeHtmlFiltered(content_type) ) + out << R(""); } @@ -476,7 +485,10 @@ void item_admin_meta_tab_has_next(Info & i) } - +void item_can_content_be_html_filtered(Info & i) +{ + i.res = cur->request->item.CanContentBeHtmlFiltered(); +} diff --git a/winixd/templates/templates.cpp b/winixd/templates/templates.cpp index 7499bdb..bd857a7 100644 --- a/winixd/templates/templates.cpp +++ b/winixd/templates/templates.cpp @@ -211,14 +211,15 @@ void Templates::CreateFunctions() /* config */ - ezc_functions.Insert("config_use_ssl", config_use_ssl); - ezc_functions.Insert("config_use_ssl_static", config_use_ssl_static); - ezc_functions.Insert("config_use_ssl_common", config_use_ssl_common); - ezc_functions.Insert("config_url_proto", config_url_proto); - ezc_functions.Insert("config_url_ssl_proto", config_url_ssl_proto); - ezc_functions.Insert("config_base_url", config_base_url); - ezc_functions.Insert("config_base_url_static", config_base_url_static); - ezc_functions.Insert("config_base_url_common", config_base_url_common); + ezc_functions.Insert("config_use_ssl", config_use_ssl); + ezc_functions.Insert("config_use_ssl_static", config_use_ssl_static); + ezc_functions.Insert("config_use_ssl_common", config_use_ssl_common); + ezc_functions.Insert("config_url_proto", config_url_proto); + ezc_functions.Insert("config_url_ssl_proto", config_url_ssl_proto); + ezc_functions.Insert("config_base_url", config_base_url); + ezc_functions.Insert("config_base_url_static", config_base_url_static); + ezc_functions.Insert("config_base_url_common", config_base_url_common); + ezc_functions.Insert("config_is_html_filter_allowed", config_is_html_filter_allowed); /* @@ -465,7 +466,8 @@ void Templates::CreateFunctions() ezc_functions.Insert("item_admin_meta", item_admin_meta); ezc_functions.Insert("item_admin_meta_tab", item_admin_meta_tab); ezc_functions.Insert("item_admin_meta_tab_value", item_admin_meta_tab_value); - ezc_functions.Insert("item_admin_meta_tab_has_next", item_admin_meta_tab_has_next); + ezc_functions.Insert("item_admin_meta_tab_has_next", item_admin_meta_tab_has_next); + ezc_functions.Insert("item_can_content_be_html_filtered", item_can_content_be_html_filtered); ezc_functions.Insert("item_tab", item_tab); ezc_functions.Insert("item_tab_index", item_tab_index); @@ -678,6 +680,7 @@ void Templates::CreateFunctions() ezc_functions.Insert("user_is_in_all_groups", user_is_in_all_groups); ezc_functions.Insert("user_can_use_html", user_can_use_html); ezc_functions.Insert("user_can_use_bbcode", user_can_use_bbcode); + ezc_functions.Insert("user_can_use_other", user_can_use_other); ezc_functions.Insert("user_has_correct_time_zone",user_has_correct_time_zone); ezc_functions.Insert("user_time_zone_name", user_time_zone_name); ezc_functions.Insert("user_time_zone_id", user_time_zone_id); @@ -1042,7 +1045,7 @@ using namespace TemplatesFunctions; Ezc::Pattern * index = 0; - if( !cur->request->last_item->html_template.empty() ) + if( (cur->request->function == &functions->fun_cat || cur->request->function == &functions->fun_run) && !cur->request->last_item->html_template.empty() ) { index = SelectIndexPattern(cur->request->last_item->html_template); } diff --git a/winixd/templates/templates.h b/winixd/templates/templates.h index 6c1a969..a7d96d5 100644 --- a/winixd/templates/templates.h +++ b/winixd/templates/templates.h @@ -111,6 +111,7 @@ namespace TemplatesFunctions void config_base_url(Info & i); void config_base_url_static(Info & i); void config_base_url_common(Info & i); + void config_is_html_filter_allowed(Info & i); /* @@ -359,6 +360,7 @@ namespace TemplatesFunctions void item_admin_meta_tab(Info & i); void item_admin_meta_tab_value(Info & i); void item_admin_meta_tab_has_next(Info & i); + void item_can_content_be_html_filtered(Info & i); void item_tab(Info & i); void item_tab_index(Info & i); @@ -573,6 +575,7 @@ namespace TemplatesFunctions void user_is_in_all_groups(Info & i); void user_can_use_html(Info & i); void user_can_use_bbcode(Info & i); + void user_can_use_other(Info & i); void user_has_correct_time_zone(Info & i); void user_time_zone_name(Info & i); void user_time_zone_id(Info & i); diff --git a/winixd/templates/user.cpp b/winixd/templates/user.cpp index 3e5115b..00f79d1 100644 --- a/winixd/templates/user.cpp +++ b/winixd/templates/user.cpp @@ -128,6 +128,16 @@ void user_can_use_bbcode(Info & i) } +void user_can_use_other(Info & i) +{ + if( !cur->session->puser ) + i.res = false; + else + i.res = system->CanUseOther(cur->session->puser->id); +} + + + void user_has_correct_time_zone(Info & i) { if( cur->session->puser )