X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;ds=sidebyside;f=include%2Fbbcode.php;h=c05173f47c559782cf8f1ad401f415112a82e1bf;hb=98b727029570b96febd0c5046b688cab1a9bb882;hp=fd980a9b220387b645c858c1dd86fc4642f80e8b;hpb=598a9f76a68668cb13073e6832138869435ba5ee;p=friendica.git
diff --git a/include/bbcode.php b/include/bbcode.php
index fd980a9b22..c05173f47c 100644
--- a/include/bbcode.php
+++ b/include/bbcode.php
@@ -1,4 +1,6 @@
%s', trim($data["description"]));
+ $text .= sprintf('
%s
', trim(bbcode($data["description"])));
}
}
return $data["text"].$text.$data["after"];
@@ -147,7 +148,7 @@ function cleancss($input) {
if (($char >= "a") and ($char <= "z"))
$cleaned .= $char;
- if (!(strpos(" #;:0123456789-_", $char) === false))
+ if (!(strpos(" #;:0123456789-_.%", $char) === false))
$cleaned .= $char;
}
@@ -612,9 +613,7 @@ function GetProfileUsername($profile, $username, $compact = false, $getnetwork =
}
function bb_DiasporaLinks($match) {
- $a = get_app();
-
- return "[url=".$a->get_baseurl()."/display/".$match[1]."]".$match[2]."[/url]";
+ return "[url=".App::get_baseurl()."/display/".$match[1]."]".$match[2]."[/url]";
}
function bb_RemovePictureLinks($match) {
@@ -893,8 +892,7 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true, $simplehtml = fal
// we may need to restrict this further if it picks up too many strays
// link acct:user@host to a webfinger profile redirector
- $Text = preg_replace('/acct:(.*?)@(.*?)([ ,])/', 'acct:' . "$1@$2$3" . '',$Text);
+ $Text = preg_replace('/acct:([^@]+)@((?!\-)(?:[a-zA-Z\d\-]{0,62}[a-zA-Z\d]\.){1,126}(?!\d+)[a-zA-Z\d]{1,63})/', 'acct:$1@$2',$Text);
// Perform MAIL Search
$Text = preg_replace("/\[mail\]([$MAILSearchString]*)\[\/mail\]/", '$1', $Text);
@@ -921,6 +919,9 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true, $simplehtml = fal
$Text = preg_replace("(\[h5\](.*?)\[\/h5\])ism",'$1
',$Text);
$Text = preg_replace("(\[h6\](.*?)\[\/h6\])ism",'$1
',$Text);
+ // Check for paragraph
+ $Text = preg_replace("(\[p\](.*?)\[\/p\])ism",'$1
',$Text);
+
// Check for bold text
$Text = preg_replace("(\[b\](.*?)\[\/b\])ism",'$1',$Text);
@@ -1060,9 +1061,9 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true, $simplehtml = fal
return(bb_ShareAttributes($match, $simplehtml));
},$Text);
- $Text = preg_replace("/\[crypt\](.*?)\[\/crypt\]/ism",'
', $Text);
- $Text = preg_replace("/\[crypt(.*?)\](.*?)\[\/crypt\]/ism",'
', $Text);
- //$Text = preg_replace("/\[crypt=(.*?)\](.*?)\[\/crypt\]/ism",'
', $Text);
+ $Text = preg_replace("/\[crypt\](.*?)\[\/crypt\]/ism",'
', $Text);
+ $Text = preg_replace("/\[crypt(.*?)\](.*?)\[\/crypt\]/ism",'
', $Text);
+ //$Text = preg_replace("/\[crypt=(.*?)\](.*?)\[\/crypt\]/ism",'
', $Text);
// Try to Oembed
@@ -1140,6 +1141,7 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true, $simplehtml = fal
$Text = preg_replace("/\[event\-finish\](.*?)\[\/event\-finish\]/ism",'',$Text);
$Text = preg_replace("/\[event\-location\](.*?)\[\/event\-location\]/ism",'',$Text);
$Text = preg_replace("/\[event\-adjust\](.*?)\[\/event\-adjust\]/ism",'',$Text);
+ $Text = preg_replace("/\[event\-id\](.*?)\[\/event\-id\]/ism",'',$Text);
}
@@ -1159,11 +1161,24 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true, $simplehtml = fal
$Text = preg_replace('/\"\;/','"',$Text);
// fix any escaped ampersands that may have been converted into links
- $Text = preg_replace("/\<([^>]*?)(src|href)=(.*?)\&\;(.*?)\>/ism",'<$1$2=$3&$4>',$Text);
- $Text = preg_replace("/\<([^>]*?)(src|href)=\"(?!http|ftp|mailto|gopher|cid)(.*?)\>/ism",'<$1$2="">',$Text);
+ $Text = preg_replace('/\<([^>]*?)(src|href)=(.*?)\&\;(.*?)\>/ism', '<$1$2=$3&$4>', $Text);
- if($saved_image)
+ // sanitizes src attributes (only relative redir URIs or http URLs)
+ $Text = preg_replace('#<([^>]*?)(src)="(?!http|redir)(.*?)"(.*?)>#ism', '<$1$2=""$4 class="invalid-src" title="' . t('Invalid source protocol') . '">', $Text);
+
+ // sanitize href attributes (only whitelisted protocols URLs)
+ // default value for backward compatibility
+ $allowed_link_protocols = Config::get('system', 'allowed_link_protocols', array('ftp', 'mailto', 'gopher', 'cid'));
+
+ // Always allowed protocol even if config isn't set or not including it
+ $allowed_link_protocols[] = 'http';
+
+ $regex = '#<([^>]*?)(href)="(?!' . implode('|', $allowed_link_protocols) . ')(.*?)"(.*?)>#ism';
+ $Text = preg_replace($regex, '<$1$2="javascript:void(0)"$4 class="invalid-href" title="' . t('Invalid link protocol') . '">', $Text);
+
+ if($saved_image) {
$Text = bb_replace_images($Text, $saved_image);
+ }
// Clean up the HTML by loading and saving the HTML with the DOM.
// Bad structured html can break a whole page.