<?php
+use \Friendica\Core\Config;
+
require_once("include/oembed.php");
require_once('include/event.php');
require_once('include/map.php');
require_once('mod/proxy.php');
require_once('include/Contact.php');
+require_once('include/plaintext.php');
function bb_PictureCacheExt($matches) {
if (strpos($matches[3], "data:image/") === 0)
function bb_attachment($Text, $simplehtml = false, $tryoembed = true) {
$data = get_attachment_data($Text);
-
if (!$data)
return $Text;
+ if (isset($data["title"])) {
+ $data["title"] = strip_tags($data["title"]);
+ $data["title"] = str_replace(array("http://", "https://"), "", $data["title"]);
+ }
+
if (((strpos($data["text"], "[img=") !== false) OR (strpos($data["text"], "[img]") !== false)) AND ($data["image"] != "")) {
$data["preview"] = $data["image"];
$data["image"] = "";
elseif (($data["preview"] != "") AND !strstr(strtolower($oembed), "<img "))
$text .= sprintf('<a href="%s" target="_blank"><img src="%s" alt="" title="%s" class="attachment-preview" /></a><br />', $data["url"], proxy_url($data["preview"]), $data["title"]);
- $text .= $oembed;
+ if (($data["type"] == "photo") AND ($data["url"] != "") AND ($data["image"] != ""))
+ $text .= sprintf('<a href="%s" target="_blank"><img src="%s" alt="" title="%s" class="attachment-image" /></a>', $data["url"], proxy_url($data["image"]), $data["title"]);
+ else
+ $text .= $oembed;
- $text .= sprintf('<blockquote>%s</blockquote></span>', trim($data["description"]));
+ if (trim($data["description"]) != "")
+ $text .= sprintf('<blockquote>%s</blockquote></span>', trim(bbcode($data["description"])));
}
}
return $data["text"].$text.$data["after"];
return $Text;
if ($nolink)
- return $data["text"];
+ return $data["text"].$data["after"];
- if ($plaintext)
+ $title = htmlentities($data["title"], ENT_QUOTES, 'UTF-8', false);
+ $text = htmlentities($data["text"], ENT_QUOTES, 'UTF-8', false);
+ if ($plaintext OR (($title != "") AND strstr($text, $title)))
+ $data["title"] = $data["url"];
+ elseif (($text != "") AND strstr($title, $text)) {
+ $data["text"] = $data["title"];
$data["title"] = $data["url"];
+ }
if (($data["text"] == "") AND ($data["title"] != "") AND ($data["url"] == ""))
- return $data["title"];
+ return $data["title"].$data["after"];
// If the link already is included in the post, don't add it again
if (($data["url"] != "") AND strpos($data["text"], $data["url"]))
- return $data["text"];
+ return $data["text"].$data["after"];
$text = $data["text"];
if (($data["url"] != "") AND ($data["title"] != ""))
$text .= "\n[url=".$data["url"]."]".$data["title"]."[/url]";
- elseif (($link != ""))
+ elseif (($data["url"] != ""))
$text .= "\n".$data["url"];
- return $text;
+ return $text."\n".$data["after"];
}
function bb_cleanstyle($st) {
if (($char >= "a") and ($char <= "z"))
$cleaned .= $char;
- if (!(strpos(" #;:0123456789-_", $char) === false))
+ if (!(strpos(" #;:0123456789-_.%", $char) === false))
$cleaned .= $char;
}
$itemcache = get_itemcachepath();
- // relative dates only make sense when they aren't cached
- if ($itemcache == "") {
- preg_match("/posted='(.*?)'/ism", $attributes, $matches);
- if ($matches[1] != "")
- $posted = $matches[1];
+ preg_match("/posted='(.*?)'/ism", $attributes, $matches);
+ if ($matches[1] != "")
+ $posted = $matches[1];
- preg_match('/posted="(.*?)"/ism', $attributes, $matches);
- if ($matches[1] != "")
- $posted = $matches[1];
+ preg_match('/posted="(.*?)"/ism', $attributes, $matches);
+ if ($matches[1] != "")
+ $posted = $matches[1];
+ // relative dates only make sense when they aren't cached
+ if ($itemcache == "")
$reldate = (($posted) ? " " . relative_date($posted) : '');
- }
+
+ // We only call this so that a previously unknown contact can be added.
+ // This is important for the function "get_contact_details_by_url".
+ // This function then can fetch an entry from the contact table.
+ get_contact($profile, 0);
$data = get_contact_details_by_url($profile);
- if (isset($data["name"]) AND isset($data["addr"]))
+ if (isset($data["name"]) AND ($data["name"] != "") AND isset($data["addr"]) AND ($data["addr"] != ""))
$userid_compact = $data["name"]." (".$data["addr"].")";
else
$userid_compact = GetProfileUsername($profile,$author, true);
- if (isset($data["addr"]))
+ if (isset($data["addr"]) AND ($data["addr"] != ""))
$userid = $data["addr"];
else
$userid = GetProfileUsername($profile,$author, false);
- if (isset($data["name"]))
+ if (isset($data["name"]) AND ($data["name"] != ""))
$author = $data["name"];
- if (isset($data["photo"]))
- $avatar = $data["photo"];
+ if (isset($data["micro"]) AND ($data["micro"] != ""))
+ $avatar = $data["micro"];
$preshare = trim($share[1]);
$text .= "<br /><br />".$link;
break;
default:
- $headline = trim($share[1]).'<div class="shared_header">';
- if ($avatar != "")
- $headline .= '<img src="'.proxy_url($avatar, false, PROXY_SIZE_MICRO).'" height="32" width="32" >';
-
- $headline .= sprintf(t('<span><a href="%s" target="_blank">%s</a> wrote the following <a href="%s" target="_blank">post</a>'.$reldate.':</span>'), $profile, $author, $link);
- $headline .= "</div>";
- $text = $headline.'<blockquote class="shared_content">'.trim($share[3])."</blockquote>";
+ $text = trim($share[1])."\n";
+
+ $avatar = proxy_url($avatar, false, PROXY_SIZE_THUMB);
+
+ $tpl = get_markup_template('shared_content.tpl');
+ $text .= replace_macros($tpl,
+ array(
+ '$profile' => $profile,
+ '$avatar' => $avatar,
+ '$author' => $author,
+ '$link' => $link,
+ '$posted' => $posted,
+ '$reldate' => $reldate,
+ '$content' => trim($share[3])
+ )
+ );
break;
}
return($text);
}
function bb_DiasporaLinks($match) {
- $a = get_app();
-
- return "[url=".$a->get_baseurl()."/display/".$match[1]."]".$match[2]."[/url]";
+ return "[url=".App::get_baseurl()."/display/".$match[1]."]".$match[2]."[/url]";
}
function bb_RemovePictureLinks($match) {
return ($text);
}
+function bb_highlight($match) {
+ if(in_array(strtolower($match[1]),['php','css','mysql','sql','abap','diff','html','perl','ruby',
+ 'vbscript','avrc','dtd','java','xml','cpp','python','javascript','js','sh']))
+ return text_highlight($match[2],strtolower($match[1]));
+ return $match[0];
+}
+
// BBcode 2 HTML was written by WAY2WEB.net
// extended to work with Mistpark/Friendica - Mike Macgirvin
if (!$tryoembed)
$Text = preg_replace("/\[share(.*?)avatar\s?=\s?'.*?'\s?(.*?)\]\s?(.*?)\s?\[\/share\]\s?/ism","\n[share$1$2]$3[/share]",$Text);
+ // Check for [code] text here, before the linefeeds are messed with.
+ // The highlighter will unescape and re-escape the content.
+ if (strpos($Text,'[code=') !== false) {
+ $Text = preg_replace_callback("/\[code=(.*?)\](.*?)\[\/code\]/ism", 'bb_highlight', $Text);
+ }
// Convert new line chars to html <br /> tags
// nlbr seems to be hopelessly messed up
$Text = preg_replace("/([@])\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism",
'$1<span class="vcard"><a href="$2" class="url" title="$3"><span class="fn nickname mention">$3</span></a></span>',
$Text);
-
+ elseif (!$simplehtml)
+ $Text = preg_replace("/([@])\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism",
+ '$1<a href="$2" class="userinfo mention" title="$3">$3</a>',
+ $Text);
// Bookmarks in red - will be converted to bookmarks in friendica
$Text = preg_replace("/#\^\[url\]([$URLSearchString]*)\[\/url\]/ism", '[bookmark=$1]$1[/bookmark]', $Text);
if ($tryoembed)
$Text = preg_replace_callback("/\[url\]([$URLSearchString]*)\[\/url\]/ism",'tryoembed',$Text);
+ $Text = preg_replace("/([#])\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism",
+ '$1<a href="$2" class="tag" title="$3">$3</a>', $Text);
+
$Text = preg_replace("/\[url\]([$URLSearchString]*)\[\/url\]/ism", '<a href="$1" target="_blank">$1</a>', $Text);
$Text = preg_replace("/\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism", '<a href="$1" target="_blank">$2</a>', $Text);
//$Text = preg_replace("/\[url\=([$URLSearchString]*)\]([$URLSearchString]*)\[\/url\]/ism", '<a href="$1" target="_blank">$2</a>', $Text);
// we may need to restrict this further if it picks up too many strays
// link acct:user@host to a webfinger profile redirector
- $Text = preg_replace('/acct:(.*?)@(.*?)([ ,])/', '<a href="' . $a->get_baseurl() . '/acctlink?addr=' . "$1@$2"
- . '" target="extlink" >acct:' . "$1@$2$3" . '</a>',$Text);
+ $Text = preg_replace('/acct:([^@]+)@((?!\-)(?:[a-zA-Z\d\-]{0,62}[a-zA-Z\d]\.){1,126}(?!\d+)[a-zA-Z\d]{1,63})/', '<a href="' . App::get_baseurl() . '/acctlink?addr=$1@$2" target="extlink">acct:$1@$2</a>',$Text);
// Perform MAIL Search
$Text = preg_replace("/\[mail\]([$MAILSearchString]*)\[\/mail\]/", '<a href="mailto:$1">$1</a>', $Text);
$Text = preg_replace("(\[h5\](.*?)\[\/h5\])ism",'<h5>$1</h5>',$Text);
$Text = preg_replace("(\[h6\](.*?)\[\/h6\])ism",'<h6>$1</h6>',$Text);
+ // Check for paragraph
+ $Text = preg_replace("(\[p\](.*?)\[\/p\])ism",'<p>$1</p>',$Text);
+
// Check for bold text
$Text = preg_replace("(\[b\](.*?)\[\/b\])ism",'<strong>$1</strong>',$Text);
return(bb_ShareAttributes($match, $simplehtml));
},$Text);
- $Text = preg_replace("/\[crypt\](.*?)\[\/crypt\]/ism",'<br/><img src="' .$a->get_baseurl() . '/images/lock_icon.gif" alt="' . t('Encrypted content') . '" title="' . t('Encrypted content') . '" /><br />', $Text);
- $Text = preg_replace("/\[crypt(.*?)\](.*?)\[\/crypt\]/ism",'<br/><img src="' .$a->get_baseurl() . '/images/lock_icon.gif" alt="' . t('Encrypted content') . '" title="' . '$1' . ' ' . t('Encrypted content') . '" /><br />', $Text);
- //$Text = preg_replace("/\[crypt=(.*?)\](.*?)\[\/crypt\]/ism",'<br/><img src="' .$a->get_baseurl() . '/images/lock_icon.gif" alt="' . t('Encrypted content') . '" title="' . '$1' . ' ' . t('Encrypted content') . '" /><br />', $Text);
+ $Text = preg_replace("/\[crypt\](.*?)\[\/crypt\]/ism",'<br/><img src="' .App::get_baseurl() . '/images/lock_icon.gif" alt="' . t('Encrypted content') . '" title="' . t('Encrypted content') . '" /><br />', $Text);
+ $Text = preg_replace("/\[crypt(.*?)\](.*?)\[\/crypt\]/ism",'<br/><img src="' .App::get_baseurl() . '/images/lock_icon.gif" alt="' . t('Encrypted content') . '" title="' . '$1' . ' ' . t('Encrypted content') . '" /><br />', $Text);
+ //$Text = preg_replace("/\[crypt=(.*?)\](.*?)\[\/crypt\]/ism",'<br/><img src="' .App::get_baseurl() . '/images/lock_icon.gif" alt="' . t('Encrypted content') . '" title="' . '$1' . ' ' . t('Encrypted content') . '" /><br />', $Text);
// Try to Oembed
$Text = preg_replace("/\[event\-finish\](.*?)\[\/event\-finish\]/ism",'',$Text);
$Text = preg_replace("/\[event\-location\](.*?)\[\/event\-location\]/ism",'',$Text);
$Text = preg_replace("/\[event\-adjust\](.*?)\[\/event\-adjust\]/ism",'',$Text);
+ $Text = preg_replace("/\[event\-id\](.*?)\[\/event\-id\]/ism",'',$Text);
}
$Text = preg_replace('/\"\;/','"',$Text);
// fix any escaped ampersands that may have been converted into links
- $Text = preg_replace("/\<([^>]*?)(src|href)=(.*?)\&\;(.*?)\>/ism",'<$1$2=$3&$4>',$Text);
- $Text = preg_replace("/\<([^>]*?)(src|href)=\"(?!http|ftp|mailto|gopher|cid)(.*?)\>/ism",'<$1$2="">',$Text);
+ $Text = preg_replace('/\<([^>]*?)(src|href)=(.*?)\&\;(.*?)\>/ism', '<$1$2=$3&$4>', $Text);
+
+ // sanitizes src attributes (only relative redir URIs or http URLs)
+ $Text = preg_replace('#<([^>]*?)(src)="(?!http|redir)(.*?)"(.*?)>#ism', '<$1$2=""$4 class="invalid-src" title="' . t('Invalid source protocol') . '">', $Text);
+
+ // sanitize href attributes (only whitelisted protocols URLs)
+ // default value for backward compatibility
+ $allowed_link_protocols = Config::get('system', 'allowed_link_protocols', array('ftp', 'mailto', 'gopher', 'cid'));
- if($saved_image)
+ // Always allowed protocol even if config isn't set or not including it
+ $allowed_link_protocols[] = 'http';
+
+ $regex = '#<([^>]*?)(href)="(?!' . implode('|', $allowed_link_protocols) . ')(.*?)"(.*?)>#ism';
+ $Text = preg_replace($regex, '<$1$2="javascript:void(0)"$4 class="invalid-href" title="' . t('Invalid link protocol') . '">', $Text);
+
+ if($saved_image) {
$Text = bb_replace_images($Text, $saved_image);
+ }
// Clean up the HTML by loading and saving the HTML with the DOM.
// Bad structured html can break a whole page.