Skip to content

Commit cefc518

Browse files
obenlandobenland
committed
Process emoji after sanitization
1 parent 6df4adb commit cefc518

File tree

2 files changed

+43
-21
lines changed

2 files changed

+43
-21
lines changed

includes/collection/class-interactions.php

Lines changed: 34 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -77,8 +77,22 @@ public static function update_comment( $activity ) {
7777
}
7878

7979
// Found a local comment id.
80-
$commentdata['comment_author'] = self::replace_custom_emoji( $meta['name'] ? $meta['name'] : $meta['preferredUsername'], $meta );
81-
$commentdata['comment_content'] = \addslashes( self::replace_custom_emoji( $activity['object']['content'], $activity['object'] ) );
80+
$commentdata['comment_author'] = \esc_attr( $meta['name'] ? $meta['name'] : $meta['preferredUsername'] );
81+
$commentdata['comment_content'] = \addslashes( $activity['object']['content'] );
82+
83+
add_filter(
84+
'pre_comment_author_name',
85+
function ( $comment_author ) use ( $meta ) {
86+
return self::replace_custom_emoji( $comment_author, $meta );
87+
}
88+
);
89+
add_filter(
90+
'pre_comment_content',
91+
function ( $comment_content ) use ( $activity ) {
92+
return self::replace_custom_emoji( $comment_content, $activity['object'] );
93+
},
94+
20
95+
);
8296

8397
return self::persist( $commentdata, self::UPDATE );
8498
}
@@ -209,22 +223,14 @@ public static function allowed_comment_html( $allowed_tags, $context = '' ) {
209223
}
210224

211225
// Add `p` and `br` to the list of allowed tags.
212-
if ( ! isset( $allowed_tags['br'] ) ) {
226+
if ( ! array_key_exists( 'br', $allowed_tags ) ) {
213227
$allowed_tags['br'] = array();
214228
}
215229

216-
if ( ! isset( $allowed_tags['p'] ) ) {
230+
if ( ! array_key_exists( 'p', $allowed_tags ) ) {
217231
$allowed_tags['p'] = array();
218232
}
219233

220-
if ( ! isset( $allowed_tags['img'] ) ) {
221-
$allowed_tags['img'] = array(
222-
'src' => array(),
223-
'alt' => array(),
224-
'class' => array(),
225-
);
226-
}
227-
228234
return $allowed_tags;
229235
}
230236

@@ -265,9 +271,9 @@ public static function activity_to_comment( $activity ) {
265271
}
266272

267273
$commentdata = array(
268-
'comment_author' => self::replace_custom_emoji( $comment_author, $actor ),
274+
'comment_author' => \esc_attr( $comment_author ),
269275
'comment_author_url' => \esc_url_raw( $url ),
270-
'comment_content' => self::replace_custom_emoji( $comment_content, $activity['object'] ),
276+
'comment_content' => $comment_content,
271277
'comment_type' => 'comment',
272278
'comment_author_email' => '',
273279
'comment_meta' => array(
@@ -284,6 +290,20 @@ public static function activity_to_comment( $activity ) {
284290
$commentdata['comment_meta']['source_url'] = \esc_url_raw( object_to_uri( $activity['object']['url'] ) );
285291
}
286292

293+
add_filter(
294+
'pre_comment_author_name',
295+
function ( $comment_author ) use ( $actor ) {
296+
return self::replace_custom_emoji( $comment_author, $actor );
297+
}
298+
);
299+
add_filter(
300+
'pre_comment_content',
301+
function ( $comment_content ) use ( $activity ) {
302+
return self::replace_custom_emoji( $comment_content, $activity['object'] );
303+
},
304+
20
305+
);
306+
287307
return $commentdata;
288308
}
289309

tests/includes/collection/class-test-interactions.php

Lines changed: 9 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -118,7 +118,7 @@ public function create_test_rich_object( $id = 'https://example.com/123' ) {
118118
'id' => $id,
119119
'url' => 'https://example.com/example',
120120
'inReplyTo' => $this->post_permalink,
121-
'content' => 'Hello<br />example<p>example</p><video src="https://example.com/image.jpg"></video>',
121+
'content' => 'Hello<br />example<p>example</p><img src="https://example.com/image.jpg" />',
122122
),
123123
);
124124
}
@@ -283,9 +283,10 @@ public function test_activity_to_comment_with_emoji() {
283283
'content' => 'Hello world :kappa: and :smile:',
284284
'actor' => $this->user_url,
285285
'object' => array(
286-
'id' => 'https://example.com/objects/1',
287-
'content' => 'Hello world :kappa: and :smile:',
288-
'tag' => array(
286+
'id' => 'https://example.com/objects/1',
287+
'content' => 'Hello world :kappa: and :smile:',
288+
'inReplyTo' => $this->post_permalink,
289+
'tag' => array(
289290
array(
290291
'type' => 'Emoji',
291292
'name' => ':kappa:',
@@ -308,15 +309,16 @@ public function test_activity_to_comment_with_emoji() {
308309
),
309310
);
310311

311-
$commentdata = Interactions::activity_to_comment( $activity );
312+
$comment_id = Interactions::add_comment( $activity );
313+
$comment = get_comment( $comment_id );
312314

313315
$this->assertStringContainsString(
314316
'<img src="https://example.com/files/kappa.png" alt=":kappa:" class="emoji" />',
315-
$commentdata['comment_content']
317+
$comment->comment_content
316318
);
317319
$this->assertStringContainsString(
318320
'<img src="https://example.com/files/smile.png" alt=":smile:" class="emoji" />',
319-
$commentdata['comment_content']
321+
$comment->comment_content
320322
);
321323
}
322324
}

0 commit comments

Comments
 (0)