function common_local_referer()
{
- return parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) === common_config('site', 'server');
+ return isset($_SERVER['HTTP_REFERER'])
+ && parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) === common_config('site', 'server');
}
function common_have_session()
*
* Source: http://microformats.org/wiki/rel
*/
- $cfg->set('Attr.AllowedRel', ['bookmark', 'enclosure', 'nofollow', 'tag']);
+ $cfg->set('Attr.AllowedRel', ['bookmark', 'enclosure', 'nofollow', 'tag', 'noreferrer']);
$cfg->set('HTML.ForbiddenAttributes', array('style')); // id, on* etc. are already filtered by default
$cfg->set('URI.AllowedSchemes', array_fill_keys(common_url_schemes(), true));
if (isset($args['URI.Base'])) {
')'.
'(?:'.
'(?:\:\d+)?'. //:port
- '(?:/[\pN\pL$\,\!\(\)\.\:\-\_\+\/\=\&\;\%\~\*\$\+\'@]*)?'. // /path
- '(?:\?[\pN\pL\$\,\!\(\)\.\:\-\_\+\/\=\&\;\%\~\*\$\+\'@\/]*)?'. // ?query string
- '(?:\#[\pN\pL$\,\!\(\)\.\:\-\_\+\/\=\&\;\%\~\*\$\+\'\@/\?\#]*)?'. // #fragment
- ')(?<![\?\.\,\#\,])'.
+ '(?:/[' . URL_REGEX_VALID_PATH_CHARS . ']*)?'. // path
+ '(?:\?[' . URL_REGEX_VALID_QSTRING_CHARS . ']*)?'. // ?query string
+ '(?:\#[' . URL_REGEX_VALID_FRAGMENT_CHARS . ']*)?'. // #fragment
+ ')(?<!['. URL_REGEX_EXCLUDED_END_CHARS .'])'.
')'.
'#ixu';
//preg_match_all($regex,$text,$matches);
}
}
- // Add clippy
- if ($is_attachment) {
- $attrs['class'] = 'attachment';
- if ($has_thumb) {
- $attrs['class'] = 'attachment thumbnail';
- }
- $attrs['id'] = "attachment-{$attachment_id}";
- }
-
// Whether to nofollow
-
$nf = common_config('nofollow', 'external');
if ($nf == 'never') {
$attrs['rel'] = 'nofollow external';
}
+ // Add clippy
+ if ($is_attachment) {
+ $attrs['class'] = 'attachment';
+ if ($has_thumb) {
+ $attrs['class'] = 'attachment thumbnail';
+ }
+ $attrs['id'] = "attachment-{$attachment_id}";
+ $attrs['rel'] .= ' noreferrer';
+ }
+
return XMLStringer::estring('a', $attrs, $url);
}
/**
* Should make up a reasonable root URL
+ *
+ * @param bool $tls true or false to force TLS scheme, null to use server configuration
*/
-function common_root_url($ssl=false)
+function common_root_url($tls=null)
{
- $url = common_path('', $ssl, false);
+ if (is_null($tls)) {
+ $tls = GNUsocial::useHTTPS();
+ }
+ $url = common_path('', $tls, false);
$i = strpos($url, '?');
if ($i !== false) {
$url = substr($url, 0, $i);