Merge remote-tracking branch 'upstream/nightly' into nightly

[quix0rs-gnu-social.git] / lib / util.php

diff --git a/lib/util.php b/lib/util.php
index b35eff84d8c4f2c402eef2bf7807768c5dc1efff..985b3773df38a4a63e4659339a14f114e3f7af80 100644 (file)
--- a/lib/util.php
+++ b/lib/util.php
@@ -594,7 +594,7 @@ function common_purify($html, array $args=array())
      *
      * Source: http://microformats.org/wiki/rel
      */
-    $cfg->set('Attr.AllowedRel', ['bookmark', 'enclosure', 'nofollow', 'tag']);
+    $cfg->set('Attr.AllowedRel', ['bookmark', 'enclosure', 'nofollow', 'tag', 'noreferrer']);
     $cfg->set('HTML.ForbiddenAttributes', array('style'));  // id, on* etc. are already filtered by default
     $cfg->set('URI.AllowedSchemes', array_fill_keys(common_url_schemes(), true));
     if (isset($args['URI.Base'])) {
@@ -1140,17 +1140,7 @@ function common_linkify($url) {
         }
     }
 
-    // Add clippy
-    if ($is_attachment) {
-        $attrs['class'] = 'attachment';
-        if ($has_thumb) {
-            $attrs['class'] = 'attachment thumbnail';
-        }
-        $attrs['id'] = "attachment-{$attachment_id}";
-    }
-
     // Whether to nofollow
-
     $nf = common_config('nofollow', 'external');
 
     if ($nf == 'never') {
@@ -1159,6 +1149,16 @@ function common_linkify($url) {
         $attrs['rel'] = 'nofollow external';
     }
 
+    // Add clippy
+    if ($is_attachment) {
+        $attrs['class'] = 'attachment';
+        if ($has_thumb) {
+            $attrs['class'] = 'attachment thumbnail';
+        }
+        $attrs['id'] = "attachment-{$attachment_id}";
+        $attrs['rel'] .= ' noreferrer';
+    }
+
     return XMLStringer::estring('a', $attrs, $url);
 }
 
@@ -1991,16 +1991,23 @@ function common_accept_to_prefs($accept, $def = '*/*')
 }
 
 // Match by our supported file extensions
-function common_supported_ext_to_mime($fileext)
+function common_supported_filename_to_mime($filename)
 {
     // Accept a filename and take out the extension
-    if (strpos($fileext, '.') !== false) {
-        $fileext = substr(strrchr($fileext, '.'), 1);
+    if (strpos($filename, '.') === false) {
+        throw new ServerException(sprintf('No extension on filename: %1$s', _ve($filename)));
     }
 
+    $fileext = substr(strrchr($filename, '.'), 1);
+    return common_supported_ext_to_mime($fileext);
+}
+
+function common_supported_ext_to_mime($fileext)
+{
     $supported = common_config('attachments', 'supported');
     if ($supported === true) {
-        throw new ServerException('Supported extension but unknown mimetype relation.');
+        // FIXME: Should we just accept the extension straight off when supported === true?
+        throw new UnknownExtensionMimeException($fileext);
     }
     foreach($supported as $type => $ext) {
         if ($ext === $fileext) {
@@ -2015,16 +2022,15 @@ function common_supported_ext_to_mime($fileext)
 function common_supported_mime_to_ext($mimetype)
 {
     $supported = common_config('attachments', 'supported');
-    if ($supported === true) {
-        throw new ServerException('Supported mimetype but unknown extension relation.');
-    }
-    foreach($supported as $type => $ext) {
-        if ($mimetype === $type) {
-            return $ext;
+    if (is_array($supported)) {
+        foreach($supported as $type => $ext) {
+            if ($mimetype === $type) {
+                return $ext;
+            }
         }
     }
 
-    throw new ServerException('Unsupported MIME type');
+    throw new UnknownMimeExtensionException($mimetype);
 }
 
 // The MIME "media" is the part before the slash (video in video/webm)