\n";
+ $text = trim($share[1])."\n";
+
+ $avatar = proxy_url($avatar, false, PROXY_SIZE_THUMB);
+
+ $tpl = get_markup_template('shared_content.tpl');
+ $text .= replace_macros($tpl,
+ array(
+ '$profile' => $profile,
+ '$avatar' => $avatar,
+ '$author' => $author,
+ '$link' => $link,
+ '$posted' => $posted,
+ '$reldate' => $reldate,
+ '$content' => trim($share[3])
+ )
+ );
break;
}
return($text);
@@ -603,9 +613,7 @@ function GetProfileUsername($profile, $username, $compact = false, $getnetwork =
}
function bb_DiasporaLinks($match) {
- $a = get_app();
-
- return "[url=".$a->get_baseurl()."/display/".$match[1]."]".$match[2]."[/url]";
+ return "[url=".App::get_baseurl()."/display/".$match[1]."]".$match[2]."[/url]";
}
function bb_RemovePictureLinks($match) {
@@ -715,6 +723,13 @@ function bb_CleanPictureLinks($text) {
return ($text);
}
+function bb_highlight($match) {
+ if(in_array(strtolower($match[1]),['php','css','mysql','sql','abap','diff','html','perl','ruby',
+ 'vbscript','avrc','dtd','java','xml','cpp','python','javascript','js','sh']))
+ return text_highlight($match[2],strtolower($match[1]));
+ return $match[0];
+}
+
// BBcode 2 HTML was written by WAY2WEB.net
// extended to work with Mistpark/Friendica - Mike Macgirvin
@@ -767,6 +782,11 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true, $simplehtml = fal
if (!$tryoembed)
$Text = preg_replace("/\[share(.*?)avatar\s?=\s?'.*?'\s?(.*?)\]\s?(.*?)\s?\[\/share\]\s?/ism","\n[share$1$2]$3[/share]",$Text);
+ // Check for [code] text here, before the linefeeds are messed with.
+ // The highlighter will unescape and re-escape the content.
+ if (strpos($Text,'[code=') !== false) {
+ $Text = preg_replace_callback("/\[code=(.*?)\](.*?)\[\/code\]/ism", 'bb_highlight', $Text);
+ }
// Convert new line chars to html
tags
// nlbr seems to be hopelessly messed up
@@ -813,7 +833,10 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true, $simplehtml = fal
$Text = preg_replace("/([@])\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism",
'$1
$3',
$Text);
-
+ elseif (!$simplehtml)
+ $Text = preg_replace("/([@])\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism",
+ '$1
$3',
+ $Text);
// Bookmarks in red - will be converted to bookmarks in friendica
$Text = preg_replace("/#\^\[url\]([$URLSearchString]*)\[\/url\]/ism", '[bookmark=$1]$1[/bookmark]', $Text);
@@ -855,6 +878,9 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true, $simplehtml = fal
if ($tryoembed)
$Text = preg_replace_callback("/\[url\]([$URLSearchString]*)\[\/url\]/ism",'tryoembed',$Text);
+ $Text = preg_replace("/([#])\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism",
+ '$1
$3', $Text);
+
$Text = preg_replace("/\[url\]([$URLSearchString]*)\[\/url\]/ism", '
$1', $Text);
$Text = preg_replace("/\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism", '
$2', $Text);
//$Text = preg_replace("/\[url\=([$URLSearchString]*)\]([$URLSearchString]*)\[\/url\]/ism", '
$2', $Text);
@@ -866,8 +892,7 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true, $simplehtml = fal
// we may need to restrict this further if it picks up too many strays
// link acct:user@host to a webfinger profile redirector
- $Text = preg_replace('/acct:(.*?)@(.*?)([ ,])/', '
acct:' . "$1@$2$3" . '',$Text);
+ $Text = preg_replace('/acct:([^@]+)@((?!\-)(?:[a-zA-Z\d\-]{0,62}[a-zA-Z\d]\.){1,126}(?!\d+)[a-zA-Z\d]{1,63})/', '
acct:$1@$2',$Text);
// Perform MAIL Search
$Text = preg_replace("/\[mail\]([$MAILSearchString]*)\[\/mail\]/", '
$1', $Text);
@@ -894,6 +919,9 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true, $simplehtml = fal
$Text = preg_replace("(\[h5\](.*?)\[\/h5\])ism",'
$1
',$Text);
$Text = preg_replace("(\[h6\](.*?)\[\/h6\])ism",'
$1
',$Text);
+ // Check for paragraph
+ $Text = preg_replace("(\[p\](.*?)\[\/p\])ism",'
$1
',$Text);
+
// Check for bold text
$Text = preg_replace("(\[b\](.*?)\[\/b\])ism",'
$1',$Text);
@@ -1033,9 +1061,9 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true, $simplehtml = fal
return(bb_ShareAttributes($match, $simplehtml));
},$Text);
- $Text = preg_replace("/\[crypt\](.*?)\[\/crypt\]/ism",'
', $Text);
- $Text = preg_replace("/\[crypt(.*?)\](.*?)\[\/crypt\]/ism",'
', $Text);
- //$Text = preg_replace("/\[crypt=(.*?)\](.*?)\[\/crypt\]/ism",'
', $Text);
+ $Text = preg_replace("/\[crypt\](.*?)\[\/crypt\]/ism",'
', $Text);
+ $Text = preg_replace("/\[crypt(.*?)\](.*?)\[\/crypt\]/ism",'
', $Text);
+ //$Text = preg_replace("/\[crypt=(.*?)\](.*?)\[\/crypt\]/ism",'
', $Text);
// Try to Oembed
@@ -1113,6 +1141,7 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true, $simplehtml = fal
$Text = preg_replace("/\[event\-finish\](.*?)\[\/event\-finish\]/ism",'',$Text);
$Text = preg_replace("/\[event\-location\](.*?)\[\/event\-location\]/ism",'',$Text);
$Text = preg_replace("/\[event\-adjust\](.*?)\[\/event\-adjust\]/ism",'',$Text);
+ $Text = preg_replace("/\[event\-id\](.*?)\[\/event\-id\]/ism",'',$Text);
}
@@ -1132,11 +1161,24 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true, $simplehtml = fal
$Text = preg_replace('/\"\;/','"',$Text);
// fix any escaped ampersands that may have been converted into links
- $Text = preg_replace("/\<([^>]*?)(src|href)=(.*?)\&\;(.*?)\>/ism",'<$1$2=$3&$4>',$Text);
- $Text = preg_replace("/\<([^>]*?)(src|href)=\"(?!http|ftp|mailto|gopher|cid)(.*?)\>/ism",'<$1$2="">',$Text);
+ $Text = preg_replace('/\<([^>]*?)(src|href)=(.*?)\&\;(.*?)\>/ism', '<$1$2=$3&$4>', $Text);
- if($saved_image)
+ // sanitizes src attributes (only relative redir URIs or http URLs)
+ $Text = preg_replace('#<([^>]*?)(src)="(?!http|redir)(.*?)"(.*?)>#ism', '<$1$2=""$4 class="invalid-src" title="' . t('Invalid source protocol') . '">', $Text);
+
+ // sanitize href attributes (only whitelisted protocols URLs)
+ // default value for backward compatibility
+ $allowed_link_protocols = Config::get('system', 'allowed_link_protocols', array('ftp', 'mailto', 'gopher', 'cid'));
+
+ // Always allowed protocol even if config isn't set or not including it
+ $allowed_link_protocols[] = 'http';
+
+ $regex = '#<([^>]*?)(href)="(?!' . implode('|', $allowed_link_protocols) . ')(.*?)"(.*?)>#ism';
+ $Text = preg_replace($regex, '<$1$2="javascript:void(0)"$4 class="invalid-href" title="' . t('Invalid link protocol') . '">', $Text);
+
+ if($saved_image) {
$Text = bb_replace_images($Text, $saved_image);
+ }
// Clean up the HTML by loading and saving the HTML with the DOM.
// Bad structured html can break a whole page.