if (common_config('site', 'langdetect')) {
$httplang = isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? $_SERVER['HTTP_ACCEPT_LANGUAGE'] : null;
if (!empty($httplang)) {
- $language = client_prefered_language($httplang);
+ $language = client_preferred_language($httplang);
if ($language)
return $language;
}
function common_local_referer()
{
- return parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) === common_config('site', 'server');
+ return isset($_SERVER['HTTP_REFERER'])
+ && parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) === common_config('site', 'server');
}
function common_have_session()
return (0 != strcmp(session_id(), ''));
}
+/**
+ * Make sure session is started and handled by
+ * the correct handler.
+ */
function common_ensure_session()
{
- $c = null;
- if (array_key_exists(session_name(), $_COOKIE)) {
- $c = $_COOKIE[session_name()];
- }
if (!common_have_session()) {
if (common_config('sessions', 'handle')) {
- Session::setSaveHandler();
+ session_set_save_handler(new InternalSessionHandler(), true);
+ }
+ if (array_key_exists(session_name(), $_GET)) {
+ $id = $_GET[session_name()];
+ } else if (array_key_exists(session_name(), $_COOKIE)) {
+ $id = $_COOKIE[session_name()];
}
- if (array_key_exists(session_name(), $_GET)) {
- $id = $_GET[session_name()];
- } else if (array_key_exists(session_name(), $_COOKIE)) {
- $id = $_COOKIE[session_name()];
- }
- if (isset($id)) {
- session_id($id);
- }
- @session_start();
+ if (isset($id)) {
+ session_id($id);
+ }
+ session_start();
if (!isset($_SESSION['started'])) {
$_SESSION['started'] = time();
if (!empty($id)) {
return $email;
}
-function common_purify($html)
+function common_to_alphanumeric($str)
+{
+ $filtered = preg_replace('/[^A-Za-z0-9]\s*/', '', $str);
+ if (strlen($filtered) < 1) {
+ throw new Exception('Filtered string was zero-length.');
+ }
+ return $filtered;
+}
+
+function common_purify($html, array $args=array())
{
require_once INSTALLDIR.'/extlib/HTMLPurifier/HTMLPurifier.auto.php';
$cfg = HTMLPurifier_Config::createDefault();
- $cfg->set('Attr.AllowedRel', ['bookmark', 'directory', 'enclosure', 'home', 'license', 'nofollow', 'payment', 'tag']); // http://microformats.org/wiki/rel
+ /**
+ * rel values that should be avoided since they can be used to infer
+ * information about the _current_ page, not the h-entry:
+ *
+ * directory, home, license, payment
+ *
+ * Source: http://microformats.org/wiki/rel
+ */
+ $cfg->set('Attr.AllowedRel', ['bookmark', 'enclosure', 'nofollow', 'tag', 'noreferrer']);
$cfg->set('HTML.ForbiddenAttributes', array('style')); // id, on* etc. are already filtered by default
$cfg->set('URI.AllowedSchemes', array_fill_keys(common_url_schemes(), true));
+ if (isset($args['URI.Base'])) {
+ $cfg->set('URI.Base', $args['URI.Base']); // if null this is like unsetting it I presume
+ $cfg->set('URI.MakeAbsolute', !is_null($args['URI.Base'])); // if we have a URI base, convert relative URLs to absolute ones.
+ }
+ if (common_config('cache', 'dir')) {
+ $cfg->set('Cache.SerializerPath', common_config('cache', 'dir'));
+ }
+ // if you don't want to use the default cache dir for htmlpurifier, set it specifically as $config['htmlpurifier']['Cache.SerializerPath'] = '/tmp'; or something.
+ foreach (common_config('htmlpurifier') as $key=>$val) {
+ $cfg->set($key, $val);
+ }
// Remove more elements than what the default filter removes, default in GNU social are remotely
// linked resources such as img, video, audio
$xs = new XMLStringer(false);
$attrs = array('href' => $mention['url'],
- 'class' => 'h-card '.$mention['type']);
+ 'class' => 'h-card u-url p-nickname '.$mention['type']);
if (!empty($mention['title'])) {
$attrs['title'] = $mention['title'];
}
}
- $matches = common_find_mentions_raw($text);
+ $matches = common_find_mentions_raw($text, '@');
foreach ($matches as $match) {
try {
'url' => $url);
}
- preg_match_all('/'.Nickname::BEFORE_MENTIONS.'!(' . Nickname::DISPLAY_FMT . ')/',
- $text, $hmatches, PREG_OFFSET_CAPTURE);
- foreach ($hmatches[1] as $hmatch) {
+ $hmatches = common_find_mentions_raw($text, '!');
+ foreach ($hmatches as $hmatch) {
$nickname = Nickname::normalize($hmatch[0]);
$group = User_group::getForNickname($nickname, $sender);
* Should generally not be called directly; for use in common_find_mentions.
*
* @param string $text
+ * @param string $preMention Character(s) that signals a mention ('@', '!'...)
* @return array of PCRE match arrays
*/
-function common_find_mentions_raw($text)
+function common_find_mentions_raw($text, $preMention='@')
{
$tmatches = array();
preg_match_all('/^T (' . Nickname::DISPLAY_FMT . ') /',
$atmatches = array();
// the regexp's "(?!\@)" makes sure it doesn't matches the single "@remote" in "@remote@server.com"
- preg_match_all('/'.Nickname::BEFORE_MENTIONS.'@(' . Nickname::DISPLAY_FMT . ')\b(?!\@)/',
+ preg_match_all('/'.Nickname::BEFORE_MENTIONS.preg_quote($preMention, '/').'(' . Nickname::DISPLAY_FMT . ')\b(?!\@)/',
$text,
$atmatches,
PREG_OFFSET_CAPTURE);
')'.
'(?:'.
'(?:\:\d+)?'. //:port
- '(?:/[\pN\pL$\,\!\(\)\.\:\-\_\+\/\=\&\;\%\~\*\$\+\'@]*)?'. // /path
- '(?:\?[\pN\pL\$\,\!\(\)\.\:\-\_\+\/\=\&\;\%\~\*\$\+\'@\/]*)?'. // ?query string
- '(?:\#[\pN\pL$\,\!\(\)\.\:\-\_\+\/\=\&\;\%\~\*\$\+\'\@/\?\#]*)?'. // #fragment
- ')(?<![\?\.\,\#\,])'.
+ '(?:/[' . URL_REGEX_VALID_PATH_CHARS . ']*)?'. // path
+ '(?:\?[' . URL_REGEX_VALID_QSTRING_CHARS . ']*)?'. // ?query string
+ '(?:\#[' . URL_REGEX_VALID_FRAGMENT_CHARS . ']*)?'. // #fragment
+ ')(?<!['. URL_REGEX_EXCLUDED_END_CHARS .'])'.
')'.
'#ixu';
//preg_match_all($regex,$text,$matches);
}
}
- // Add clippy
- if ($is_attachment) {
- $attrs['class'] = 'attachment';
- if ($has_thumb) {
- $attrs['class'] = 'attachment thumbnail';
- }
- $attrs['id'] = "attachment-{$attachment_id}";
- }
-
// Whether to nofollow
-
$nf = common_config('nofollow', 'external');
if ($nf == 'never') {
$attrs['rel'] = 'nofollow external';
}
+ // Add clippy
+ if ($is_attachment) {
+ $attrs['class'] = 'attachment';
+ if ($has_thumb) {
+ $attrs['class'] = 'attachment thumbnail';
+ }
+ $attrs['id'] = "attachment-{$attachment_id}";
+ $attrs['rel'] .= ' noreferrer';
+ }
+
return XMLStringer::estring('a', $attrs, $url);
}
/**
* Should make up a reasonable root URL
+ *
+ * @param bool $tls true or false to force TLS scheme, null to use server configuration
*/
-function common_root_url($ssl=false)
+function common_root_url($tls=null)
{
- $url = common_path('', $ssl, false);
+ if (is_null($tls)) {
+ $tls = GNUsocial::useHTTPS();
+ }
+ $url = common_path('', $tls, false);
$i = strpos($url, '?');
if ($i !== false) {
$url = substr($url, 0, $i);
function common_valid_http_url($url, $secure=false)
{
+ if (empty($url)) {
+ return false;
+ }
+
// If $secure is true, only allow https URLs to pass
// (if false, we use '?' in 'https?' to say the 's' is optional)
$regex = $secure ? '/^https$/' : '/^https?$/';
}
// Match by our supported file extensions
-function common_supported_ext_to_mime($fileext)
+function common_supported_filename_to_mime($filename)
{
// Accept a filename and take out the extension
- if (strpos($fileext, '.') !== false) {
- $fileext = substr(strrchr($fileext, '.'), 1);
+ if (strpos($filename, '.') === false) {
+ throw new ServerException(sprintf('No extension on filename: %1$s', _ve($filename)));
}
+ $fileext = substr(strrchr($filename, '.'), 1);
+ return common_supported_ext_to_mime($fileext);
+}
+
+function common_supported_ext_to_mime($fileext)
+{
$supported = common_config('attachments', 'supported');
if ($supported === true) {
- throw new ServerException('Supported extension but unknown mimetype relation.');
+ // FIXME: Should we just accept the extension straight off when supported === true?
+ throw new UnknownExtensionMimeException($fileext);
}
foreach($supported as $type => $ext) {
if ($ext === $fileext) {
function common_supported_mime_to_ext($mimetype)
{
$supported = common_config('attachments', 'supported');
- if ($supported === true) {
- throw new ServerException('Supported mimetype but unknown extension relation.');
- }
- foreach($supported as $type => $ext) {
- if ($mimetype === $type) {
- return $ext;
+ if (is_array($supported)) {
+ foreach($supported as $type => $ext) {
+ if ($mimetype === $type) {
+ return $ext;
+ }
}
}
- throw new ServerException('Unsupported MIME type');
+ throw new UnknownMimeExtensionException($mimetype);
}
// The MIME "media" is the part before the slash (video in video/webm)
if ($semicolon = mb_strpos($mimetype, ';')) {
$mimetype = mb_substr($mimetype, 0, $semicolon);
}
- return $mimetype;
+ return trim($mimetype);
}
function common_mime_type_match($type, $avail)
function common_strip_html($html, $trim=true, $save_whitespace=false)
{
+ // first replace <br /> with \n
+ $html = preg_replace('/\<(\s*)?br(\s*)?\/?(\s*)?\>/i', "\n", $html);
+ // then, unless explicitly avoided, remove excessive whitespace
if (!$save_whitespace) {
$html = preg_replace('/\s+/', ' ', $html);
}