<?php
+use \Friendica\Core\Config;
+
require_once("include/oembed.php");
require_once('include/event.php');
require_once('include/map.php');
function bb_attachment($Text, $simplehtml = false, $tryoembed = true) {
$data = get_attachment_data($Text);
-
if (!$data)
return $Text;
$text .= $oembed;
if (trim($data["description"]) != "")
- $text .= sprintf('<blockquote>%s</blockquote></span>', trim($data["description"]));
+ $text .= sprintf('<blockquote>%s</blockquote></span>', trim(bbcode($data["description"])));
}
}
return $data["text"].$text.$data["after"];
if (($char >= "a") and ($char <= "z"))
$cleaned .= $char;
- if (!(strpos(" #;:0123456789-_", $char) === false))
+ if (!(strpos(" #;:0123456789-_.%", $char) === false))
$cleaned .= $char;
}
$newbody = $body;
$cnt = 0;
- foreach($images as $image) {
+ foreach ($images as $image) {
// We're depending on the property of 'foreach' (specified on the PHP website) that
// it loops over the array starting from the first element and going sequentially
// to the last element
$data = get_contact_details_by_url($profile);
- if (isset($data["name"]) AND isset($data["addr"]))
+ if (isset($data["name"]) AND ($data["name"] != "") AND isset($data["addr"]) AND ($data["addr"] != ""))
$userid_compact = $data["name"]." (".$data["addr"].")";
else
$userid_compact = GetProfileUsername($profile,$author, true);
- if (isset($data["addr"]))
+ if (isset($data["addr"]) AND ($data["addr"] != ""))
$userid = $data["addr"];
else
$userid = GetProfileUsername($profile,$author, false);
- if (isset($data["name"]))
+ if (isset($data["name"]) AND ($data["name"] != ""))
$author = $data["name"];
- if (isset($data["thumb"]))
- $avatar = $data["thumb"];
+ if (isset($data["micro"]) AND ($data["micro"] != ""))
+ $avatar = $data["micro"];
$preshare = trim($share[1]);
}
function bb_DiasporaLinks($match) {
- $a = get_app();
-
- return "[url=".$a->get_baseurl()."/display/".$match[1]."]".$match[2]."[/url]";
+ return "[url=".App::get_baseurl()."/display/".$match[1]."]".$match[2]."[/url]";
}
function bb_RemovePictureLinks($match) {
return ($text);
}
+function bb_highlight($match) {
+ if(in_array(strtolower($match[1]),['php','css','mysql','sql','abap','diff','html','perl','ruby',
+ 'vbscript','avrc','dtd','java','xml','cpp','python','javascript','js','sh']))
+ return text_highlight($match[2],strtolower($match[1]));
+ return $match[0];
+}
+
// BBcode 2 HTML was written by WAY2WEB.net
// extended to work with Mistpark/Friendica - Mike Macgirvin
if (!$tryoembed)
$Text = preg_replace("/\[share(.*?)avatar\s?=\s?'.*?'\s?(.*?)\]\s?(.*?)\s?\[\/share\]\s?/ism","\n[share$1$2]$3[/share]",$Text);
+ // Check for [code] text here, before the linefeeds are messed with.
+ // The highlighter will unescape and re-escape the content.
+ if (strpos($Text,'[code=') !== false) {
+ $Text = preg_replace_callback("/\[code=(.*?)\](.*?)\[\/code\]/ism", 'bb_highlight', $Text);
+ }
// Convert new line chars to html <br /> tags
// nlbr seems to be hopelessly messed up
// we may need to restrict this further if it picks up too many strays
// link acct:user@host to a webfinger profile redirector
- $Text = preg_replace('/acct:(.*?)@(.*?)([ ,])/', '<a href="' . $a->get_baseurl() . '/acctlink?addr=' . "$1@$2"
- . '" target="extlink" >acct:' . "$1@$2$3" . '</a>',$Text);
+ $Text = preg_replace('/acct:([^@]+)@((?!\-)(?:[a-zA-Z\d\-]{0,62}[a-zA-Z\d]\.){1,126}(?!\d+)[a-zA-Z\d]{1,63})/', '<a href="' . App::get_baseurl() . '/acctlink?addr=$1@$2" target="extlink">acct:$1@$2</a>',$Text);
// Perform MAIL Search
$Text = preg_replace("/\[mail\]([$MAILSearchString]*)\[\/mail\]/", '<a href="mailto:$1">$1</a>', $Text);
$Text = preg_replace("(\[h5\](.*?)\[\/h5\])ism",'<h5>$1</h5>',$Text);
$Text = preg_replace("(\[h6\](.*?)\[\/h6\])ism",'<h6>$1</h6>',$Text);
+ // Check for paragraph
+ $Text = preg_replace("(\[p\](.*?)\[\/p\])ism",'<p>$1</p>',$Text);
+
// Check for bold text
$Text = preg_replace("(\[b\](.*?)\[\/b\])ism",'<strong>$1</strong>',$Text);
return(bb_ShareAttributes($match, $simplehtml));
},$Text);
- $Text = preg_replace("/\[crypt\](.*?)\[\/crypt\]/ism",'<br/><img src="' .$a->get_baseurl() . '/images/lock_icon.gif" alt="' . t('Encrypted content') . '" title="' . t('Encrypted content') . '" /><br />', $Text);
- $Text = preg_replace("/\[crypt(.*?)\](.*?)\[\/crypt\]/ism",'<br/><img src="' .$a->get_baseurl() . '/images/lock_icon.gif" alt="' . t('Encrypted content') . '" title="' . '$1' . ' ' . t('Encrypted content') . '" /><br />', $Text);
- //$Text = preg_replace("/\[crypt=(.*?)\](.*?)\[\/crypt\]/ism",'<br/><img src="' .$a->get_baseurl() . '/images/lock_icon.gif" alt="' . t('Encrypted content') . '" title="' . '$1' . ' ' . t('Encrypted content') . '" /><br />', $Text);
+ $Text = preg_replace("/\[crypt\](.*?)\[\/crypt\]/ism",'<br/><img src="' .App::get_baseurl() . '/images/lock_icon.gif" alt="' . t('Encrypted content') . '" title="' . t('Encrypted content') . '" /><br />', $Text);
+ $Text = preg_replace("/\[crypt(.*?)\](.*?)\[\/crypt\]/ism",'<br/><img src="' .App::get_baseurl() . '/images/lock_icon.gif" alt="' . t('Encrypted content') . '" title="' . '$1' . ' ' . t('Encrypted content') . '" /><br />', $Text);
+ //$Text = preg_replace("/\[crypt=(.*?)\](.*?)\[\/crypt\]/ism",'<br/><img src="' .App::get_baseurl() . '/images/lock_icon.gif" alt="' . t('Encrypted content') . '" title="' . '$1' . ' ' . t('Encrypted content') . '" /><br />', $Text);
// Try to Oembed
$Text = preg_replace("/\[event\-finish\](.*?)\[\/event\-finish\]/ism",'',$Text);
$Text = preg_replace("/\[event\-location\](.*?)\[\/event\-location\]/ism",'',$Text);
$Text = preg_replace("/\[event\-adjust\](.*?)\[\/event\-adjust\]/ism",'',$Text);
+ $Text = preg_replace("/\[event\-id\](.*?)\[\/event\-id\]/ism",'',$Text);
}
$Text = preg_replace('/\"\;/','"',$Text);
// fix any escaped ampersands that may have been converted into links
- $Text = preg_replace("/\<([^>]*?)(src|href)=(.*?)\&\;(.*?)\>/ism",'<$1$2=$3&$4>',$Text);
- $Text = preg_replace("/\<([^>]*?)(src|href)=\"(?!http|ftp|mailto|gopher|cid)(.*?)\>/ism",'<$1$2="">',$Text);
+ $Text = preg_replace('/\<([^>]*?)(src|href)=(.*?)\&\;(.*?)\>/ism', '<$1$2=$3&$4>', $Text);
+
+ // sanitizes src attributes (only relative redir URIs or http URLs)
+ $Text = preg_replace('#<([^>]*?)(src)="(?!http|redir)(.*?)"(.*?)>#ism', '<$1$2=""$4 class="invalid-src" title="' . t('Invalid source protocol') . '">', $Text);
+
+ // sanitize href attributes (only whitelisted protocols URLs)
+ // default value for backward compatibility
+ $allowed_link_protocols = Config::get('system', 'allowed_link_protocols', array('ftp', 'mailto', 'gopher', 'cid'));
- if($saved_image)
+ // Always allowed protocol even if config isn't set or not including it
+ $allowed_link_protocols[] = 'http';
+
+ $regex = '#<([^>]*?)(href)="(?!' . implode('|', $allowed_link_protocols) . ')(.*?)"(.*?)>#ism';
+ $Text = preg_replace($regex, '<$1$2="javascript:void(0)"$4 class="invalid-href" title="' . t('Invalid link protocol') . '">', $Text);
+
+ if($saved_image) {
$Text = bb_replace_images($Text, $saved_image);
+ }
// Clean up the HTML by loading and saving the HTML with the DOM.
// Bad structured html can break a whole page.
projects / friendica.git / blobdiff