return (!is_null(common_current_user()));
}
+function common_local_referer()
+{
+ return isset($_SERVER['HTTP_REFERER'])
+ && parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) === common_config('site', 'server');
+}
+
function common_have_session()
{
return (0 != strcmp(session_id(), ''));
return $email;
}
-function common_purify($html)
+function common_purify($html, array $args=array())
{
require_once INSTALLDIR.'/extlib/HTMLPurifier/HTMLPurifier.auto.php';
$cfg = HTMLPurifier_Config::createDefault();
- $cfg->set('Attr.AllowedRel', ['bookmark', 'directory', 'enclosure', 'home', 'license', 'nofollow', 'payment', 'tag']); // http://microformats.org/wiki/rel
+ /**
+ * rel values that should be avoided since they can be used to infer
+ * information about the _current_ page, not the h-entry:
+ *
+ * directory, home, license, payment
+ *
+ * Source: http://microformats.org/wiki/rel
+ */
+ $cfg->set('Attr.AllowedRel', ['bookmark', 'enclosure', 'nofollow', 'tag', 'noreferrer']);
$cfg->set('HTML.ForbiddenAttributes', array('style')); // id, on* etc. are already filtered by default
$cfg->set('URI.AllowedSchemes', array_fill_keys(common_url_schemes(), true));
+ if (isset($args['URI.Base'])) {
+ $cfg->set('URI.Base', $args['URI.Base']); // if null this is like unsetting it I presume
+ $cfg->set('URI.MakeAbsolute', !is_null($args['URI.Base'])); // if we have a URI base, convert relative URLs to absolute ones.
+ }
+ foreach (common_config('htmlpurifier') as $key=>$val) {
+ $cfg->set($key, $val);
+ }
// Remove more elements than what the default filter removes, default in GNU social are remotely
// linked resources such as img, video, audio
$xs = new XMLStringer(false);
$attrs = array('href' => $mention['url'],
- 'class' => 'h-card '.$mention['type']);
+ 'class' => 'h-card u-url p-nickname '.$mention['type']);
if (!empty($mention['title'])) {
$attrs['title'] = $mention['title'];
// @#tag => mention of all subscriptions tagged 'tag'
- preg_match_all('/(?:^|[\s\.\,\:\;]+)@#([\pL\pN_\-\.]{1,64})/',
+ preg_match_all('/'.Nickname::BEFORE_MENTIONS.'@#([\pL\pN_\-\.]{1,64})/',
$text, $hmatches, PREG_OFFSET_CAPTURE);
foreach ($hmatches[1] as $hmatch) {
$tag = common_canonical_tag($hmatch[0]);
'url' => $url);
}
- preg_match_all('/(?:^|[\s\.\,\:\;]+)!(' . Nickname::DISPLAY_FMT . ')/',
+ preg_match_all('/'.Nickname::BEFORE_MENTIONS.'!(' . Nickname::DISPLAY_FMT . ')/',
$text, $hmatches, PREG_OFFSET_CAPTURE);
foreach ($hmatches[1] as $hmatch) {
$nickname = Nickname::normalize($hmatch[0]);
$atmatches = array();
// the regexp's "(?!\@)" makes sure it doesn't matches the single "@remote" in "@remote@server.com"
- preg_match_all('/(?:^|\s+)@(' . Nickname::DISPLAY_FMT . ')\b(?!\@)/',
+ preg_match_all('/'.Nickname::BEFORE_MENTIONS.'@(' . Nickname::DISPLAY_FMT . ')\b(?!\@)/',
$text,
$atmatches,
PREG_OFFSET_CAPTURE);
')'.
'(?:'.
'(?:\:\d+)?'. //:port
- '(?:/[\pN\pL$\,\!\(\)\.\:\-\_\+\/\=\&\;\%\~\*\$\+\'@]*)?'. // /path
- '(?:\?[\pN\pL\$\,\!\(\)\.\:\-\_\+\/\=\&\;\%\~\*\$\+\'@\/]*)?'. // ?query string
- '(?:\#[\pN\pL$\,\!\(\)\.\:\-\_\+\/\=\&\;\%\~\*\$\+\'\@/\?\#]*)?'. // #fragment
- ')(?<![\?\.\,\#\,])'.
+ '(?:/[' . URL_REGEX_VALID_PATH_CHARS . ']*)?'. // path
+ '(?:\?[' . URL_REGEX_VALID_QSTRING_CHARS . ']*)?'. // ?query string
+ '(?:\#[' . URL_REGEX_VALID_FRAGMENT_CHARS . ']*)?'. // #fragment
+ ')(?<!['. URL_REGEX_EXCLUDED_END_CHARS .'])'.
')'.
'#ixu';
//preg_match_all($regex,$text,$matches);
}
}
- // Add clippy
- if ($is_attachment) {
- $attrs['class'] = 'attachment';
- if ($has_thumb) {
- $attrs['class'] = 'attachment thumbnail';
- }
- $attrs['id'] = "attachment-{$attachment_id}";
- }
-
// Whether to nofollow
-
$nf = common_config('nofollow', 'external');
if ($nf == 'never') {
$attrs['rel'] = 'nofollow external';
}
+ // Add clippy
+ if ($is_attachment) {
+ $attrs['class'] = 'attachment';
+ if ($has_thumb) {
+ $attrs['class'] = 'attachment thumbnail';
+ }
+ $attrs['id'] = "attachment-{$attachment_id}";
+ $attrs['rel'] .= ' noreferrer';
+ }
+
return XMLStringer::estring('a', $attrs, $url);
}
return $proto.'://'.$serverpart.'/'.$pathpart.$relative;
}
+// FIXME: Maybe this should also be able to handle non-fancy URLs with index.php?p=...
function common_fake_local_fancy_url($url)
{
/**
// [4] + [5] extract index.php (+ possible leading double /) and the rest of the URL separately.
'(\/?index\.php\/)(.*)$/', $url, $matches)) {
// if preg_match failed to match
- throw Exception('No known change could be made to the URL.');
+ throw new Exception('No known change could be made to the URL.');
}
// now reconstruct the URL with everything except the "index.php/" part
return $fancy_url;
}
+// FIXME: Maybe this should also be able to handle non-fancy URLs with index.php?p=...
+function common_fake_local_nonfancy_url($url)
+{
+ /**
+ * This is a hacky fix to make URIs NOT generated with "index.php/" match against
+ * locally stored URIs WITH that. The reverse from the above.
+ *
+ * It will also "repair" index.php URLs with multiple / prepended. Like https://some.example///index.php/user/1
+ */
+ if (!preg_match(
+ // [1] protocol part, we can only rewrite http/https anyway.
+ '/^(https?:\/\/)' .
+ // [2] site name.
+ // FIXME: Dunno how this acts if we're aliasing ourselves with a .onion domain etc.
+ '('.preg_quote(common_config('site', 'server'), '/').')' .
+ // [3] site path, or if that is empty just '/' (to retain the /)
+ '('.preg_quote(common_config('site', 'path') ?: '/', '/').')' .
+ // [4] should be empty (might contain one or more / and then maybe also index.php). Will be overwritten.
+ // [5] will have the extracted actual URL part (besides site path)
+ '((?!index.php\/)\/*(?:index.php\/)?)(.*)$/', $url, $matches)) {
+ // if preg_match failed to match
+ throw new Exception('No known change could be made to the URL.');
+ }
+
+ $matches[4] = 'index.php/'; // inject the index.php/ rewritethingy
+
+ // remove the first element, which is the full matching string
+ array_shift($matches);
+ return implode($matches);
+}
+
function common_inject_session($url, $serverpart = null)
{
if (!common_have_session()) {
/**
* Should make up a reasonable root URL
+ *
+ * @param bool $tls true or false to force TLS scheme, null to use server configuration
*/
-function common_root_url($ssl=false)
+function common_root_url($tls=null)
{
- $url = common_path('', $ssl, false);
+ if (is_null($tls)) {
+ $tls = GNUsocial::useHTTPS();
+ }
+ $url = common_path('', $tls, false);
$i = strpos($url, '?');
if ($i !== false) {
$url = substr($url, 0, $i);
projects / quix0rs-gnu-social.git / blobdiff