function common_local_referer()
{
- return parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) === common_config('site', 'server');
+ return isset($_SERVER['HTTP_REFERER'])
+ && parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) === common_config('site', 'server');
}
function common_have_session()
return $email;
}
+function common_to_alphanumeric($str)
+{
+ $filtered = preg_replace('/[^A-Za-z0-9]\s*/', '', $str);
+ if (strlen($filtered) < 1) {
+ throw new Exception('Filtered string was zero-length.');
+ }
+ return $filtered;
+}
+
function common_purify($html, array $args=array())
{
require_once INSTALLDIR.'/extlib/HTMLPurifier/HTMLPurifier.auto.php';
*
* Source: http://microformats.org/wiki/rel
*/
- $cfg->set('Attr.AllowedRel', ['bookmark', 'enclosure', 'nofollow', 'tag']);
+ $cfg->set('Attr.AllowedRel', ['bookmark', 'enclosure', 'nofollow', 'tag', 'noreferrer']);
$cfg->set('HTML.ForbiddenAttributes', array('style')); // id, on* etc. are already filtered by default
$cfg->set('URI.AllowedSchemes', array_fill_keys(common_url_schemes(), true));
if (isset($args['URI.Base'])) {
'(?:/[' . URL_REGEX_VALID_PATH_CHARS . ']*)?'. // path
'(?:\?[' . URL_REGEX_VALID_QSTRING_CHARS . ']*)?'. // ?query string
'(?:\#[' . URL_REGEX_VALID_FRAGMENT_CHARS . ']*)?'. // #fragment
- ')(?<![\?\.\,\#\,])'.
+ ')(?<!['. URL_REGEX_EXCLUDED_END_CHARS .'])'.
')'.
'#ixu';
//preg_match_all($regex,$text,$matches);
}
}
- // Add clippy
- if ($is_attachment) {
- $attrs['class'] = 'attachment';
- if ($has_thumb) {
- $attrs['class'] = 'attachment thumbnail';
- }
- $attrs['id'] = "attachment-{$attachment_id}";
- }
-
// Whether to nofollow
-
$nf = common_config('nofollow', 'external');
if ($nf == 'never') {
$attrs['rel'] = 'nofollow external';
}
+ // Add clippy
+ if ($is_attachment) {
+ $attrs['class'] = 'attachment';
+ if ($has_thumb) {
+ $attrs['class'] = 'attachment thumbnail';
+ }
+ $attrs['id'] = "attachment-{$attachment_id}";
+ $attrs['rel'] .= ' noreferrer';
+ }
+
return XMLStringer::estring('a', $attrs, $url);
}
/**
* Should make up a reasonable root URL
+ *
+ * @param bool $tls true or false to force TLS scheme, null to use server configuration
*/
-function common_root_url($ssl=false)
+function common_root_url($tls=null)
{
- $url = common_path('', $ssl, false);
+ if (is_null($tls)) {
+ $tls = GNUsocial::useHTTPS();
+ }
+ $url = common_path('', $tls, false);
$i = strpos($url, '?');
if ($i !== false) {
$url = substr($url, 0, $i);
}
// Match by our supported file extensions
-function common_supported_ext_to_mime($fileext)
+function common_supported_filename_to_mime($filename)
{
// Accept a filename and take out the extension
- if (strpos($fileext, '.') !== false) {
- $fileext = substr(strrchr($fileext, '.'), 1);
+ if (strpos($filename, '.') === false) {
+ throw new ServerException(sprintf('No extension on filename: %1$s', _ve($filename)));
}
+ $fileext = substr(strrchr($filename, '.'), 1);
+ return common_supported_ext_to_mime($fileext);
+}
+
+function common_supported_ext_to_mime($fileext)
+{
$supported = common_config('attachments', 'supported');
if ($supported === true) {
- throw new ServerException('Supported extension but unknown mimetype relation.');
+ // FIXME: Should we just accept the extension straight off when supported === true?
+ throw new UnknownExtensionMimeException($fileext);
}
foreach($supported as $type => $ext) {
if ($ext === $fileext) {
function common_supported_mime_to_ext($mimetype)
{
$supported = common_config('attachments', 'supported');
- if ($supported === true) {
- throw new ServerException('Supported mimetype but unknown extension relation.');
- }
- foreach($supported as $type => $ext) {
- if ($mimetype === $type) {
- return $ext;
+ if (is_array($supported)) {
+ foreach($supported as $type => $ext) {
+ if ($mimetype === $type) {
+ return $ext;
+ }
}
}
- throw new ServerException('Unsupported MIME type');
+ throw new UnknownMimeExtensionException($mimetype);
}
// The MIME "media" is the part before the slash (video in video/webm)