return $email;
}
+function common_purify($html)
+{
+ require_once INSTALLDIR.'/extlib/htmLawed/htmLawed.php';
+
+ $config = array('safe' => 1, // means that elements=* means elements=*-applet-embed-iframe-object-script or so
+ 'elements' => '*',
+ 'deny_attribute' => 'id,style,on*');
+
+ // Remove more elements than what the 'safe' filter gives (elements must be '*' before this)
+ // http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/htmLawed_README.htm#s3.6
+ foreach (common_config('htmlfilter') as $tag=>$filter) {
+ if ($filter === true) {
+ $config['elements'] .= "-{$tag}";
+ }
+ }
+
+ $html = common_remove_unicode_formatting($html);
+
+ return htmLawed($html, $config);
+}
+
+function common_remove_unicode_formatting($text)
+{
+ // Strip Unicode text formatting/direction codes
+ // this is pretty dangerous for visualisation of text and can be used for mischief
+ return preg_replace('/[\\x{200b}-\\x{200f}\\x{202a}-\\x{202e}]/u', '', $text);
+}
+
/**
* Partial notice markup rendering step: build links to !group references.
*
*/
function common_render_content($text, Notice $notice)
{
- $r = common_render_text($text);
- $r = common_linkify_mentions($r, $notice);
- return $r;
+ $text = common_render_text($text);
+ $text = common_linkify_mentions($text, $notice);
+ return $text;
}
/**
function common_render_text($text)
{
- $r = nl2br(htmlspecialchars($text));
+ $text = common_remove_unicode_formatting($text);
+ $text = nl2br(htmlspecialchars($text));
- $r = preg_replace('/[\x{0}-\x{8}\x{b}-\x{c}\x{e}-\x{19}]/', '', $r);
- $r = common_replace_urls_callback($r, 'common_linkify');
- $r = preg_replace_callback('/(^|\"\;|\'|\(|\[|\{|\s+)#([\pL\pN_\-\.]{1,64})/u',
- function ($m) { return "{$m[1]}#".common_tag_link($m[2]); }, $r);
+ $text = preg_replace('/[\x{0}-\x{8}\x{b}-\x{c}\x{e}-\x{19}]/', '', $text);
+ $text = common_replace_urls_callback($text, 'common_linkify');
+ $text = preg_replace_callback('/(^|\"\;|\'|\(|\[|\{|\s+)#([\pL\pN_\-\.]{1,64})/u',
+ function ($m) { return "{$m[1]}#".common_tag_link($m[2]); }, $text);
// XXX: machine tags
- return $r;
+ return $text;
}
/**
function common_slugify($str)
{
+ // php5-intl is highly recommended...
+ if (!function_exists('transliterator_transliterate')) {
+ $str = preg_replace('/[^\pL\pN]/u', '', $str);
+ $str = mb_convert_case($str, MB_CASE_LOWER, 'UTF-8');
+ $str = substr($str, 0, 64);
+ return $str;
+ }
$str = transliterator_transliterate(
'Any-Latin;' . // any charset to latin compatible
'NFD;' . // decompose
$path = $r->build($action, $args, $params, $fragment);
$ssl = common_config('site', 'ssl') === 'always'
- || StatusNet::isHTTPS()
+ || GNUsocial::isHTTPS()
|| common_is_sensitive($action);
if (common_config('site','fancy')) {
$pathpart = (common_config('site', 'path')) ? common_config('site', 'path')."/" : '';
if (($ssl && (common_config('site', 'ssl') === 'sometimes'))
- || StatusNet::isHTTPS()
+ || GNUsocial::isHTTPS()
|| common_config('site', 'ssl') === 'always') {
$proto = 'https';
if (is_string(common_config('site', 'sslserver')) &&
return $besttype;
}
-function common_config($main, $sub)
+function common_config($main, $sub=null)
{
global $config;
+ if (is_null($sub)) {
+ // Return the config category array
+ return array_key_exists($main, $config) ? $config[$main] : array();
+ }
+ // Return the config value
return (array_key_exists($main, $config) &&
array_key_exists($sub, $config[$main])) ? $config[$main][$sub] : false;
}