if (common_config('site', 'langdetect')) {
$httplang = isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? $_SERVER['HTTP_ACCEPT_LANGUAGE'] : null;
if (!empty($httplang)) {
if (common_config('site', 'langdetect')) {
$httplang = isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? $_SERVER['HTTP_ACCEPT_LANGUAGE'] : null;
if (!empty($httplang)) {
- return parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) === common_config('site', 'server');
+ return isset($_SERVER['HTTP_REFERER'])
+ && parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) === common_config('site', 'server');
if (!common_have_session()) {
if (common_config('sessions', 'handle')) {
if (!common_have_session()) {
if (common_config('sessions', 'handle')) {
- if (array_key_exists(session_name(), $_GET)) {
- $id = $_GET[session_name()];
- } else if (array_key_exists(session_name(), $_COOKIE)) {
- $id = $_COOKIE[session_name()];
- }
- if (isset($id)) {
- session_id($id);
- }
- @session_start();
+ if (array_key_exists(session_name(), $_GET)) {
+ $id = $_GET[session_name()];
+ } else if (array_key_exists(session_name(), $_COOKIE)) {
+ $id = $_COOKIE[session_name()];
+ }
+ if (isset($id)) {
+ session_id($id);
+ }
+ session_start();
+function common_to_alphanumeric($str)
+{
+ $filtered = preg_replace('/[^A-Za-z0-9]\s*/', '', $str);
+ if (strlen($filtered) < 1) {
+ throw new Exception('Filtered string was zero-length.');
+ }
+ return $filtered;
+}
+
function common_purify($html, array $args=array())
{
require_once INSTALLDIR.'/extlib/HTMLPurifier/HTMLPurifier.auto.php';
function common_purify($html, array $args=array())
{
require_once INSTALLDIR.'/extlib/HTMLPurifier/HTMLPurifier.auto.php';
- $cfg->set('Attr.AllowedRel', ['bookmark', 'enclosure', 'nofollow', 'tag']);
+ $cfg->set('Attr.AllowedRel', ['bookmark', 'enclosure', 'nofollow', 'tag', 'noreferrer']);
$cfg->set('HTML.ForbiddenAttributes', array('style')); // id, on* etc. are already filtered by default
$cfg->set('URI.AllowedSchemes', array_fill_keys(common_url_schemes(), true));
if (isset($args['URI.Base'])) {
$cfg->set('URI.Base', $args['URI.Base']); // if null this is like unsetting it I presume
$cfg->set('URI.MakeAbsolute', !is_null($args['URI.Base'])); // if we have a URI base, convert relative URLs to absolute ones.
}
$cfg->set('HTML.ForbiddenAttributes', array('style')); // id, on* etc. are already filtered by default
$cfg->set('URI.AllowedSchemes', array_fill_keys(common_url_schemes(), true));
if (isset($args['URI.Base'])) {
$cfg->set('URI.Base', $args['URI.Base']); // if null this is like unsetting it I presume
$cfg->set('URI.MakeAbsolute', !is_null($args['URI.Base'])); // if we have a URI base, convert relative URLs to absolute ones.
}
+ if (common_config('cache', 'dir')) {
+ $cfg->set('Cache.SerializerPath', common_config('cache', 'dir'));
+ }
+ // if you don't want to use the default cache dir for htmlpurifier, set it specifically as $config['htmlpurifier']['Cache.SerializerPath'] = '/tmp'; or something.
- preg_match_all('/'.Nickname::BEFORE_MENTIONS.'!(' . Nickname::DISPLAY_FMT . ')/',
- $text, $hmatches, PREG_OFFSET_CAPTURE);
- foreach ($hmatches[1] as $hmatch) {
+ $hmatches = common_find_mentions_raw($text, '!');
+ foreach ($hmatches as $hmatch) {
$nickname = Nickname::normalize($hmatch[0]);
$group = User_group::getForNickname($nickname, $sender);
$nickname = Nickname::normalize($hmatch[0]);
$group = User_group::getForNickname($nickname, $sender);
// If $secure is true, only allow https URLs to pass
// (if false, we use '?' in 'https?' to say the 's' is optional)
$regex = $secure ? '/^https$/' : '/^https?$/';
// If $secure is true, only allow https URLs to pass
// (if false, we use '?' in 'https?' to say the 's' is optional)
$regex = $secure ? '/^https$/' : '/^https?$/';
- if (strpos($fileext, '.') !== false) {
- $fileext = substr(strrchr($fileext, '.'), 1);
+ if (strpos($filename, '.') === false) {
+ throw new ServerException(sprintf('No extension on filename: %1$s', _ve($filename)));
$supported = common_config('attachments', 'supported');
if ($supported === true) {
$supported = common_config('attachments', 'supported');
if ($supported === true) {
function common_supported_mime_to_ext($mimetype)
{
$supported = common_config('attachments', 'supported');
function common_supported_mime_to_ext($mimetype)
{
$supported = common_config('attachments', 'supported');
- if ($supported === true) {
- throw new ServerException('Supported mimetype but unknown extension relation.');
- }
- foreach($supported as $type => $ext) {
- if ($mimetype === $type) {
- return $ext;
+ if (is_array($supported)) {
+ foreach($supported as $type => $ext) {
+ if ($mimetype === $type) {
+ return $ext;
+ }
if ($semicolon = mb_strpos($mimetype, ';')) {
$mimetype = mb_substr($mimetype, 0, $semicolon);
}
if ($semicolon = mb_strpos($mimetype, ';')) {
$mimetype = mb_substr($mimetype, 0, $semicolon);
}
+ // first replace <br /> with \n
+ $html = preg_replace('/\<(\s*)?br(\s*)?\/?(\s*)?\>/i', "\n", $html);
+ // then, unless explicitly avoided, remove excessive whitespace