render('layout.php', array_merge($data, array('page' => $page))); }; function partial($template, $data=array(), $debug=false) { global $app; if($debug) { $tpl = new Savant3(\Slim\Extras\Views\Savant::$savantOptions); echo '
' . $tpl->fetch($template . '.php') . '
'; return ''; } ob_start(); $tpl = new Savant3(\Slim\Extras\Views\Savant::$savantOptions); foreach($data as $k=>$v) { $tpl->{$k} = $v; } $tpl->display($template . '.php'); return ob_get_clean(); } function js_bookmarklet($partial, $context) { return str_replace('+','%20',urlencode(str_replace(array("\n"),array(''),partial($partial, $context)))); } function session($key) { if(array_key_exists($key, $_SESSION)) return $_SESSION[$key]; else return null; } function profile($key) { if(!session('auth')) { return null; } $auth = session('auth'); if(isset($auth['profile'][$key])) { return $auth['profile'][$key]; } return null; } function k($a, $k, $default=null) { if(is_array($k)) { $result = true; foreach($k as $key) { $result = $result && array_key_exists($key, $a); } return $result; } else { if(is_array($a) && array_key_exists($k, $a) && $a[$k]) return $a[$k]; elseif(is_object($a) && property_exists($a, $k) && $a->$k) return $a->$k; else return $default; } } function display_url($url) { $parts = parse_url($url); if(isset($parts['path']) && $parts['path'] != '' && $parts['path'] != '/') { return preg_replace('/^https?:\/\//','', $url); } else { return $parts['host']; } } if(!function_exists('http_build_url')) { function http_build_url($parsed_url) { $scheme = isset($parsed_url['scheme']) ? $parsed_url['scheme'] . '://' : ''; $host = isset($parsed_url['host']) ? $parsed_url['host'] : ''; $port = isset($parsed_url['port']) ? ':' . $parsed_url['port'] : ''; $user = isset($parsed_url['user']) ? $parsed_url['user'] : ''; $pass = isset($parsed_url['pass']) ? ':' . $parsed_url['pass'] : ''; $pass = ($user || $pass) ? "$pass@" : ''; $path = isset($parsed_url['path']) ? $parsed_url['path'] : ''; $query = isset($parsed_url['query']) ? '?' . $parsed_url['query'] : ''; $fragment = isset($parsed_url['fragment']) ? '#' . $parsed_url['fragment'] : ''; return "$scheme$user$pass$host$port$path$query$fragment"; } } function micropub_post_for_user(&$user, $params, $file = NULL, $json = false) { // Now send to the micropub endpoint $r = micropub_post($user->micropub_endpoint, $params, $user->micropub_access_token, $file, $json); $user->last_micropub_response = substr(json_encode($r), 0, 1024); $user->last_micropub_response_date = date('Y-m-d H:i:s'); // Check the response and look for a "Location" header containing the URL if($r['response'] && ($r['code'] == 201 || $r['code'] == 202) && isset($r['headers']['Location'])) { $r['location'] = $r['headers']['Location'][0]; $user->micropub_success = 1; } else { $r['location'] = false; } $user->save(); return $r; } function micropub_media_post_for_user(&$user, $file) { // Send to the media endpoint $r = micropub_post($user->micropub_media_endpoint, [], $user->micropub_access_token, $file, true, 'file'); // Check the response and look for a "Location" header containing the URL if($r['headers'] && $r['headers']['Location']) { $r['location'] = $r['headers']['Location']; } else { $r['location'] = false; } return $r; } function micropub_post($endpoint, $params, $access_token, $file = NULL, $json = false, $file_prop = 'photo') { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $endpoint); curl_setopt($ch, CURLOPT_POST, true); if($file) { if(is_string($file)) { $file_path = $file; $file_content = file_get_contents($file_path); $filename = 'file'; } else { $file_path = $file['tmp_name']; $file_content = file_get_contents($file_path); $filename = $file['name']; } } else { $file_path = false; } // Send the access token in both the header and post body to support more clients // https://github.com/aaronpk/Quill/issues/4 // http://indiewebcamp.com/irc/2015-02-14#t1423955287064 $httpheaders = array('Authorization: Bearer ' . $access_token); if(!$json) { $params = array_merge(array( 'h' => 'entry', 'access_token' => $access_token ), $params); } if(!$file_path) { $httpheaders[] = 'Accept: application/json'; if($json) { // $params['access_token'] = $access_token; $httpheaders[] = 'Content-type: application/json'; $post = json_encode($params); } else { $post = http_build_query($params); $post = preg_replace('/%5B[0-9]+%5D/', '%5B%5D', $post); // change [0] to [] } } else { $finfo = finfo_open(FILEINFO_MIME_TYPE); $mimetype = finfo_file($finfo, $file_path); $multipart = new p3k\Multipart(); $multipart->addArray($params); $multipart->addFile($file_prop, $filename, $mimetype, $file_content); $post = $multipart->data(); $httpheaders[] = 'Content-Type: ' . $multipart->contentType(); } curl_setopt($ch, CURLOPT_HTTPHEADER, $httpheaders); curl_setopt($ch, CURLOPT_POSTFIELDS, $post); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_HEADER, true); curl_setopt($ch, CURLINFO_HEADER_OUT, true); $response = curl_exec($ch); $error = curl_error($ch); $sent_headers = curl_getinfo($ch, CURLINFO_HEADER_OUT); $header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE); $header_str = trim(substr($response, 0, $header_size)); $request = $sent_headers . (is_string($post) ? $post : http_build_query($post)); return array( 'request' => $request, 'response' => $response, 'code' => curl_getinfo($ch, CURLINFO_HTTP_CODE), 'headers' => parse_headers($header_str), 'error' => $error, 'curlinfo' => curl_getinfo($ch) ); } function micropub_get($endpoint, $params, $access_token) { $url = parse_url($endpoint); if(!k($url, 'query')) { $url['query'] = http_build_query($params); } else { $url['query'] .= '&' . http_build_query($params); } $endpoint = http_build_url($url); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $endpoint); curl_setopt($ch, CURLOPT_HTTPHEADER, array( 'Authorization: Bearer ' . $access_token, 'Accept: application/json' )); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $response = curl_exec($ch); $data = array(); if($response) { $data = json_decode($response, true); } $error = curl_error($ch); return array( 'response' => $response, 'data' => $data, 'error' => $error, 'curlinfo' => curl_getinfo($ch) ); } function revoke_micropub_token($access_token, $token_endpoint) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $token_endpoint); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query([ 'action' => 'revoke', 'token' => $access_token, ])); curl_exec($ch); } function parse_headers($headers) { $retVal = array(); $fields = explode("\r\n", preg_replace('/\x0D\x0A[\x09\x20]+/', ' ', $headers)); foreach($fields as $field) { if(preg_match('/([^:]+): (.+)/m', $field, $match)) { $match[1] = preg_replace_callback('/(?<=^|[\x09\x20\x2D])./', function($m) { return strtoupper($m[0]); }, strtolower(trim($match[1]))); // If there's already a value set for the header name being returned, turn it into an array and add the new value $match[1] = preg_replace_callback('/(?<=^|[\x09\x20\x2D])./', function($m) { return strtoupper($m[0]); }, strtolower(trim($match[1]))); if(isset($retVal[$match[1]])) { $retVal[$match[1]][] = trim($match[2]); } else { $retVal[$match[1]] = [trim($match[2])]; } } } return $retVal; } function get_micropub_config(&$user, $query=[]) { $targets = []; $channels = []; $r = micropub_get($user->micropub_endpoint, $query, $user->micropub_access_token); if($r['data'] && is_array($r['data']) && array_key_exists('syndicate-to', $r['data'])) { if(is_array($r['data']['syndicate-to'])) { $data = $r['data']['syndicate-to']; } else { $data = []; } foreach($data as $t) { if(is_array($t) && array_key_exists('service', $t) && array_key_exists('photo', $t['service'])) { $icon = $t['service']['photo']; } else { $icon = false; } if(is_array($t) && array_key_exists('uid', $t) && array_key_exists('name', $t)) { $targets[] = [ 'target' => $t['name'], 'uid' => $t['uid'], 'favicon' => $icon ]; } } } if($r['data'] && is_array($r['data']) && array_key_exists('channels', $r['data']) && is_array($r['data']['channels'])) { $channels = $r['data']['channels']; } // Reset the values so they can be overwritten $user->syndication_targets = ''; $user->channels = ''; $user->supported_post_types = ''; $user->supported_visibility = ''; $user->micropub_media_endpoint = ''; if(count($targets)) $user->syndication_targets = json_encode($targets); if(count($channels)) $user->channels = json_encode($channels); $media_endpoint = false; $supported_post_types = false; if($r['data'] && is_array($r['data'])) { if(isset($r['data']['media-endpoint'])) { $media_endpoint = $r['data']['media-endpoint']; $user->micropub_media_endpoint = $media_endpoint; } if(isset($r['data']['post-types'])) { $supported_post_types = json_encode($r['data']['post-types']); $user->supported_post_types = $supported_post_types; } } if(isset($r['data']['visibility']) && is_array($r['data']['visibility'])) { $user->supported_visibility = json_encode($r['data']['visibility']); } $user->save(); return [ 'targets' => $targets, 'channels' => $channels, 'response' => $r ]; } function supports_post_type(&$user, $type) { if(!$user->supported_post_types) return true; $types = json_decode($user->supported_post_types, true); if(!is_array($types)) return true; // syntax error in response, fail safely foreach($types as $t) { if(is_array($t) && isset($t['type']) && $t['type'] == $type) { return true; } } return false; } function get_micropub_source(&$user, $url, $properties) { $r = micropub_get($user->micropub_endpoint, [ 'q' => 'source', 'url' => $url, 'properties' => $properties ], $user->micropub_access_token); if(isset($r['data']) && isset($r['data']['properties'])) { return $r['data']['properties']; } else { return false; } } function static_map($latitude, $longitude, $height=180, $width=700, $zoom=14) { $params = [ 'lat' => $latitude, 'lng' => $longitude, 'h' => $height, 'w' => $width, 'z' => $zoom, ]; return '/map-img?'.http_build_query($params); } function relative_time($date) { static $rel; if(!isset($rel)) { $config = array( 'language' => '\RelativeTime\Languages\English', 'separator' => ', ', 'suffix' => true, 'truncate' => 1, ); $rel = new \RelativeTime\RelativeTime($config); } return $rel->timeAgo($date); } function validate_photo(&$file) { try { if ($_SERVER['REQUEST_METHOD'] == 'POST' && count($_POST) < 1 ) { throw new RuntimeException('File upload size exceeded.'); } // Undefined | Multiple Files | $_FILES Corruption Attack // If this request falls under any of them, treat it invalid. if ( !isset($file['error']) || is_array($file['error']) ) { throw new RuntimeException('Invalid parameters.'); } // Check $file['error'] value. switch ($file['error']) { case UPLOAD_ERR_OK: break; case UPLOAD_ERR_NO_FILE: throw new RuntimeException('No file sent.'); case UPLOAD_ERR_INI_SIZE: case UPLOAD_ERR_FORM_SIZE: throw new RuntimeException('Exceeded filesize limit.'); default: throw new RuntimeException('Unknown errors.'); } // You should also check filesize here. if ($file['size'] > 12000000) { throw new RuntimeException('Exceeded Quill filesize limit.'); } // DO NOT TRUST $file['mime'] VALUE !! // Check MIME Type by yourself. $finfo = new finfo(FILEINFO_MIME_TYPE); if (false === $ext = array_search( $finfo->file($file['tmp_name']), array( 'jpg' => 'image/jpeg', 'png' => 'image/png', 'gif' => 'image/gif', ), true )) { throw new RuntimeException('Invalid file format.'); } } catch (RuntimeException $e) { return $e->getMessage(); } } // Reads the exif rotation data and actually rotates the photo. // Only does anything if the exif library is loaded, otherwise is a noop. function correct_photo_rotation($filename) { if(class_exists('IMagick')) { try { $image = new IMagick($filename); // Don't try to convert animated images if($image->getImageIterations() == 1) return; $orientation = $image->getImageOrientation(); switch($orientation) { case IMagick::ORIENTATION_BOTTOMRIGHT: $image->rotateImage(new ImagickPixel('#00000000'), 180); break; case IMagick::ORIENTATION_RIGHTTOP: $image->rotateImage(new ImagickPixel('#00000000'), 90); break; case IMagick::ORIENTATION_LEFTBOTTOM: $image->rotateImage(new ImagickPixel('#00000000'), -90); break; default: // Don't overwrite if no orientation header was returned return; } $image->setImageOrientation(IMagick::ORIENTATION_TOPLEFT); $image->writeImage($filename); } catch(Exception $e){} } } function sanitize_editor_html($html) { #error_log($html."\n"); $config = HTMLPurifier_Config::createDefault(); $config->autoFinalize = false; $config->set('Cache.DefinitionImpl', null); $config->set('HTML.AllowedElements', [ 'a', 'abbr', 'b', 'br', 'code', 'del', 'em', 'i', 'img', 'q', 'strike', 'strong', 'blockquote', 'pre', 'p', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'ul', 'li', 'ol', 'figcaption', 'figure' ]); $def = $config->getHTMLDefinition(true); // http://developers.whatwg.org/grouping-content.html $def->addElement('figure', 'Block', 'Optional: (figcaption, Flow) | (Flow, figcaption) | Flow', 'Common'); $def->addElement('figcaption', 'Inline', 'Flow', 'Common'); // Allow data: URIs $config->set('URI.AllowedSchemes', array('data' => true, 'http' => true, 'https' => true)); // Strip all classes from elements $config->set('Attr.AllowedClasses', ''); // $def = $config->getHTMLDefinition(true); $purifier = new HTMLPurifier($config); $sanitized = $purifier->purify($html); $sanitized = str_replace(" ","\r",$sanitized); # Remove empty paragraphs $sanitized = str_replace('


','',$sanitized); $sanitized = str_replace('

','',$sanitized); $indenter = new \Gajus\Dindent\Indenter([ 'indentation_character' => ' ' ]); $indenter->setElementType('h1', \Gajus\Dindent\Indenter::ELEMENT_TYPE_INLINE); $indenter->setElementType('h2', \Gajus\Dindent\Indenter::ELEMENT_TYPE_INLINE); $indenter->setElementType('h3', \Gajus\Dindent\Indenter::ELEMENT_TYPE_INLINE); $indenter->setElementType('h4', \Gajus\Dindent\Indenter::ELEMENT_TYPE_INLINE); $indenter->setElementType('h5', \Gajus\Dindent\Indenter::ELEMENT_TYPE_INLINE); $indenter->setElementType('h6', \Gajus\Dindent\Indenter::ELEMENT_TYPE_INLINE); $sanitized = $indenter->indent($sanitized); #error_log($sanitized."\n"); return $sanitized; }