diff options
author | Joas Schilling <coding@schilljs.com> | 2016-10-26 17:34:03 +0200 |
---|---|---|
committer | Joas Schilling <coding@schilljs.com> | 2016-10-28 12:32:10 +0200 |
commit | 286482656bd77b9a162c4ab291508c5fed78b8da (patch) | |
tree | 94d43c935e75d2b6efe4989120f0b45f701776f4 /apps/comments/lib/Activity/Extension.php | |
parent | b98dfaccd96fb9b0da13bc59f55ed9b61cbbd528 (diff) | |
download | nextcloud-server-286482656bd77b9a162c4ab291508c5fed78b8da.tar.gz nextcloud-server-286482656bd77b9a162c4ab291508c5fed78b8da.zip |
Fix comment mentions in activities
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat (limited to 'apps/comments/lib/Activity/Extension.php')
-rw-r--r-- | apps/comments/lib/Activity/Extension.php | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/apps/comments/lib/Activity/Extension.php b/apps/comments/lib/Activity/Extension.php index 6bf7bc9ac0b..2a155dd0064 100644 --- a/apps/comments/lib/Activity/Extension.php +++ b/apps/comments/lib/Activity/Extension.php @@ -29,6 +29,7 @@ use OCP\Comments\NotFoundException; use OCP\IL10N; use OCP\IURLGenerator; use OCP\L10N\IFactory; +use OCP\Util; /** * Class Extension @@ -306,6 +307,25 @@ class Extension implements IExtension { $comment = $this->commentsManager->get((int) $matches[1]); $message = $comment->getMessage(); $message = str_replace("\n", '<br />', str_replace(['<', '>'], ['<', '>'], $message)); + + foreach ($comment->getMentions() as $mention) { + if ($mention['type'] !== 'user') { + continue; + } + + try { + $displayName = $this->commentsManager->resolveDisplayName($mention['type'], $mention['id']); + } catch (\OutOfBoundsException $e) { + // No displayname, upon client's discretion what to display. + $displayName = $mention['id']; + } + + $message = preg_replace( + '/(^|\s)(' . '@' . $mention['id'] . ')(\b)/', + '${1}' . $this->regexSafeUser($mention['id'], $displayName) . '${3}', + $message + ); + } return $message; } catch (NotFoundException $e) { return ''; @@ -314,4 +334,9 @@ class Extension implements IExtension { return ''; } + + protected function regexSafeUser($uid, $displayName) { + // FIXME evil internal API hackery, do NOT copy this + return str_replace('$', '\$', '<user display-name="' . Util::sanitizeHTML($displayName) . '">' . Util::sanitizeHTML($uid) . '</user>'); + } } |