X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;ds=sidebyside;f=include%2Ftext.php;h=ff9fa5511a0158c2867d8445a08a83c382664c5d;hb=5aacb335ae0522abbc9bde6fb2684a5646a39fe7;hp=d2e3d0c9f9f12fcdc7d17423569faaa423a732c0;hpb=8821d33f73785884cfce83e7b23d3ef19cc1bc11;p=friendica.git diff --git a/include/text.php b/include/text.php index d2e3d0c9f9..ff9fa5511a 100644 --- a/include/text.php +++ b/include/text.php @@ -26,144 +26,10 @@ use Friendica\Util\Proxy as ProxyUtils; use Friendica\Core\Logger; use Friendica\Core\Renderer; use Friendica\Model\FileTag; +use Friendica\Util\Strings; use Friendica\Util\XML; use Friendica\Content\Text\HTML; -require_once "include/conversation.php"; - -/** - * @brief Generates a pseudo-random string of hexadecimal characters - * - * @param int $size - * @return string - */ -function random_string($size = 64) -{ - $byte_size = ceil($size / 2); - - $bytes = random_bytes($byte_size); - - $return = substr(bin2hex($bytes), 0, $size); - - return $return; -} - -/** - * This is our primary input filter. - * - * The high bit hack only involved some old IE browser, forget which (IE5/Mac?) - * that had an XSS attack vector due to stripping the high-bit on an 8-bit character - * after cleansing, and angle chars with the high bit set could get through as markup. - * - * This is now disabled because it was interfering with some legitimate unicode sequences - * and hopefully there aren't a lot of those browsers left. - * - * Use this on any text input where angle chars are not valid or permitted - * They will be replaced with safer brackets. This may be filtered further - * if these are not allowed either. - * - * @param string $string Input string - * @return string Filtered string - */ -function notags($string) { - return str_replace(["<", ">"], ['[', ']'], $string); - -// High-bit filter no longer used -// return str_replace(array("<",">","\xBA","\xBC","\xBE"), array('[',']','','',''), $string); -} - - -/** - * use this on "body" or "content" input where angle chars shouldn't be removed, - * and allow them to be safely displayed. - * @param string $string - * @return string - */ -function escape_tags($string) { - return htmlspecialchars($string, ENT_COMPAT, 'UTF-8', false); -} - - -/** - * generate a string that's random, but usually pronounceable. - * used to generate initial passwords - * @param int $len - * @return string - */ -function autoname($len) { - - if ($len <= 0) { - return ''; - } - - $vowels = ['a','a','ai','au','e','e','e','ee','ea','i','ie','o','ou','u']; - if (mt_rand(0, 5) == 4) { - $vowels[] = 'y'; - } - - $cons = [ - 'b','bl','br', - 'c','ch','cl','cr', - 'd','dr', - 'f','fl','fr', - 'g','gh','gl','gr', - 'h', - 'j', - 'k','kh','kl','kr', - 'l', - 'm', - 'n', - 'p','ph','pl','pr', - 'qu', - 'r','rh', - 's','sc','sh','sm','sp','st', - 't','th','tr', - 'v', - 'w','wh', - 'x', - 'z','zh' - ]; - - $midcons = ['ck','ct','gn','ld','lf','lm','lt','mb','mm', 'mn','mp', - 'nd','ng','nk','nt','rn','rp','rt']; - - $noend = ['bl', 'br', 'cl','cr','dr','fl','fr','gl','gr', - 'kh', 'kl','kr','mn','pl','pr','rh','tr','qu','wh','q']; - - $start = mt_rand(0,2); - if ($start == 0) { - $table = $vowels; - } else { - $table = $cons; - } - - $word = ''; - - for ($x = 0; $x < $len; $x ++) { - $r = mt_rand(0,count($table) - 1); - $word .= $table[$r]; - - if ($table == $vowels) { - $table = array_merge($cons,$midcons); - } else { - $table = $vowels; - } - - } - - $word = substr($word,0,$len); - - foreach ($noend as $noe) { - $noelen = strlen($noe); - if ((strlen($word) > $noelen) && (substr($word, -$noelen) == $noe)) { - $word = autoname($len); - break; - } - } - - return $word; -} - /** * Turn user/group ACLs stored as angle bracketed text into arrays * @@ -194,7 +60,7 @@ function expand_acl($s) { */ function sanitise_acl(&$item) { if (intval($item)) { - $item = '<' . intval(notags(trim($item))) . '>'; + $item = '<' . intval(Strings::escapeTags(trim($item))) . '>'; } else { unset($item); } @@ -255,78 +121,6 @@ function activity_match($haystack,$needle) { return (($haystack === $needle) || ((basename($needle) === $haystack) && strstr($needle, NAMESPACE_ACTIVITY_SCHEMA))); } - -/** - * @brief Pull out all #hashtags and @person tags from $string. - * - * We also get @person@domain.com - which would make - * the regex quite complicated as tags can also - * end a sentence. So we'll run through our results - * and strip the period from any tags which end with one. - * Returns array of tags found, or empty array. - * - * @param string $string Post content - * @return array List of tag and person names - */ -function get_tags($string) { - $ret = []; - - // Convert hashtag links to hashtags - $string = preg_replace('/#\[url\=([^\[\]]*)\](.*?)\[\/url\]/ism', '#$2', $string); - - // ignore anything in a code block - $string = preg_replace('/\[code\](.*?)\[\/code\]/sm', '', $string); - - // Force line feeds at bbtags - $string = str_replace(['[', ']'], ["\n[", "]\n"], $string); - - // ignore anything in a bbtag - $string = preg_replace('/\[(.*?)\]/sm', '', $string); - - // Match full names against @tags including the space between first and last - // We will look these up afterward to see if they are full names or not recognisable. - - if (preg_match_all('/(@[^ \x0D\x0A,:?]+ [^ \x0D\x0A@,:?]+)([ \x0D\x0A@,:?]|$)/', $string, $matches)) { - foreach ($matches[1] as $match) { - if (strstr($match, ']')) { - // we might be inside a bbcode color tag - leave it alone - continue; - } - if (substr($match, -1, 1) === '.') { - $ret[] = substr($match, 0, -1); - } else { - $ret[] = $match; - } - } - } - - // Otherwise pull out single word tags. These can be @nickname, @first_last - // and #hash tags. - - if (preg_match_all('/([!#@][^\^ \x0D\x0A,;:?]+)([ \x0D\x0A,;:?]|$)/', $string, $matches)) { - foreach ($matches[1] as $match) { - if (strstr($match, ']')) { - // we might be inside a bbcode color tag - leave it alone - continue; - } - if (substr($match, -1, 1) === '.') { - $match = substr($match,0,-1); - } - // ignore strictly numeric tags like #1 - if ((strpos($match, '#') === 0) && ctype_digit(substr($match, 1))) { - continue; - } - // try not to catch url fragments - if (strpos($string, $match) && preg_match('/[a-zA-z0-9\/]/', substr($string, strpos($string, $match) - 1, 1))) { - continue; - } - $ret[] = $match; - } - } - return $ret; -} - - /** * quick and dirty quoted_printable encoding * @@ -337,45 +131,6 @@ function qp($s) { return str_replace("%", "=", rawurlencode($s)); } -/** - * @brief Check for a valid email string - * - * @param string $email_address - * @return boolean - */ -function valid_email($email_address) -{ - return preg_match('/^[_a-zA-Z0-9\-\+]+(\.[_a-zA-Z0-9\-\+]+)*@[a-zA-Z0-9-]+(\.[a-zA-Z0-9-]+)+$/', $email_address); -} - -/** - * Normalize url - * - * @param string $url - * @return string - */ -function normalise_link($url) { - $ret = str_replace(['https:', '//www.'], ['http:', '//'], $url); - return rtrim($ret,'/'); -} - - -/** - * Compare two URLs to see if they are the same, but ignore - * slight but hopefully insignificant differences such as if one - * is https and the other isn't, or if one is www.something and - * the other isn't - and also ignore case differences. - * - * @param string $a first url - * @param string $b second url - * @return boolean True if the URLs match, otherwise False - * - */ -function link_compare($a, $b) { - return (strcasecmp(normalise_link($a), normalise_link($b)) === 0); -} - - /** * @brief Find any non-embedded images in private items and add redir links to them * @@ -400,236 +155,6 @@ function redir_private_images($a, &$item) } } -/** - * Sets the "rendered-html" field of the provided item - * - * Body is preserved to avoid side-effects as we modify it just-in-time for spoilers and private image links - * - * @param array $item - * @param bool $update - * - * @todo Remove reference, simply return "rendered-html" and "rendered-hash" - */ -function put_item_in_cache(&$item, $update = false) -{ - $body = $item["body"]; - - $rendered_hash = defaults($item, 'rendered-hash', ''); - $rendered_html = defaults($item, 'rendered-html', ''); - - if ($rendered_hash == '' - || $rendered_html == "" - || $rendered_hash != hash("md5", $item["body"]) - || Config::get("system", "ignore_cache") - ) { - $a = get_app(); - redir_private_images($a, $item); - - $item["rendered-html"] = prepare_text($item["body"]); - $item["rendered-hash"] = hash("md5", $item["body"]); - - $hook_data = ['item' => $item, 'rendered-html' => $item['rendered-html'], 'rendered-hash' => $item['rendered-hash']]; - Addon::callHooks('put_item_in_cache', $hook_data); - $item['rendered-html'] = $hook_data['rendered-html']; - $item['rendered-hash'] = $hook_data['rendered-hash']; - unset($hook_data); - - // Force an update if the generated values differ from the existing ones - if ($rendered_hash != $item["rendered-hash"]) { - $update = true; - } - - // Only compare the HTML when we forcefully ignore the cache - if (Config::get("system", "ignore_cache") && ($rendered_html != $item["rendered-html"])) { - $update = true; - } - - if ($update && !empty($item["id"])) { - Item::update(['rendered-html' => $item["rendered-html"], 'rendered-hash' => $item["rendered-hash"]], - ['id' => $item["id"]]); - } - } - - $item["body"] = $body; -} - -/** - * @brief Given an item array, convert the body element from bbcode to html and add smilie icons. - * If attach is true, also add icons for item attachments. - * - * @param array $item - * @param boolean $attach - * @param boolean $is_preview - * @return string item body html - * @hook prepare_body_init item array before any work - * @hook prepare_body_content_filter ('item'=>item array, 'filter_reasons'=>string array) before first bbcode to html - * @hook prepare_body ('item'=>item array, 'html'=>body string, 'is_preview'=>boolean, 'filter_reasons'=>string array) after first bbcode to html - * @hook prepare_body_final ('item'=>item array, 'html'=>body string) after attach icons and blockquote special case handling (spoiler, author) - */ -function prepare_body(array &$item, $attach = false, $is_preview = false) -{ - $a = get_app(); - Addon::callHooks('prepare_body_init', $item); - - // In order to provide theme developers more possibilities, event items - // are treated differently. - if ($item['object-type'] === ACTIVITY_OBJ_EVENT && isset($item['event-id'])) { - $ev = Event::getItemHTML($item); - return $ev; - } - - $tags = \Friendica\Model\Term::populateTagsFromItem($item); - - $item['tags'] = $tags['tags']; - $item['hashtags'] = $tags['hashtags']; - $item['mentions'] = $tags['mentions']; - - // Compile eventual content filter reasons - $filter_reasons = []; - if (!$is_preview && public_contact() != $item['author-id']) { - if (!empty($item['content-warning']) && (!local_user() || !PConfig::get(local_user(), 'system', 'disable_cw', false))) { - $filter_reasons[] = L10n::t('Content warning: %s', $item['content-warning']); - } - - $hook_data = [ - 'item' => $item, - 'filter_reasons' => $filter_reasons - ]; - Addon::callHooks('prepare_body_content_filter', $hook_data); - $filter_reasons = $hook_data['filter_reasons']; - unset($hook_data); - } - - // Update the cached values if there is no "zrl=..." on the links. - $update = (!local_user() && !remote_user() && ($item["uid"] == 0)); - - // Or update it if the current viewer is the intented viewer. - if (($item["uid"] == local_user()) && ($item["uid"] != 0)) { - $update = true; - } - - put_item_in_cache($item, $update); - $s = $item["rendered-html"]; - - $hook_data = [ - 'item' => $item, - 'html' => $s, - 'preview' => $is_preview, - 'filter_reasons' => $filter_reasons - ]; - Addon::callHooks('prepare_body', $hook_data); - $s = $hook_data['html']; - unset($hook_data); - - if (!$attach) { - // Replace the blockquotes with quotes that are used in mails. - $mailquote = '
'; - $s = str_replace(['
', '
', '
'], [$mailquote, $mailquote, $mailquote], $s); - return $s; - } - - $as = ''; - $vhead = false; - $matches = []; - preg_match_all('|\[attach\]href=\"(.*?)\" length=\"(.*?)\" type=\"(.*?)\"(?: title=\"(.*?)\")?|', $item['attach'], $matches, PREG_SET_ORDER); - foreach ($matches as $mtch) { - $mime = $mtch[3]; - - $the_url = Contact::magicLinkById($item['author-id'], $mtch[1]); - - if (strpos($mime, 'video') !== false) { - if (!$vhead) { - $vhead = true; - $a->page['htmlhead'] .= Renderer::replaceMacros(Renderer::getMarkupTemplate('videos_head.tpl'), [ - '$baseurl' => System::baseUrl(), - ]); - } - - $url_parts = explode('/', $the_url); - $id = end($url_parts); - $as .= Renderer::replaceMacros(Renderer::getMarkupTemplate('video_top.tpl'), [ - '$video' => [ - 'id' => $id, - 'title' => L10n::t('View Video'), - 'src' => $the_url, - 'mime' => $mime, - ], - ]); - } - - $filetype = strtolower(substr($mime, 0, strpos($mime, '/'))); - if ($filetype) { - $filesubtype = strtolower(substr($mime, strpos($mime, '/') + 1)); - $filesubtype = str_replace('.', '-', $filesubtype); - } else { - $filetype = 'unkn'; - $filesubtype = 'unkn'; - } - - $title = escape_tags(trim(!empty($mtch[4]) ? $mtch[4] : $mtch[1])); - $title .= ' ' . $mtch[2] . ' ' . L10n::t('bytes'); - - $icon = '
'; - $as .= '' . $icon . ''; - } - - if ($as != '') { - $s .= '
'.$as.'
'; - } - - // Map. - if (strpos($s, '
') !== false && x($item, 'coord')) { - $x = Map::byCoordinates(trim($item['coord'])); - if ($x) { - $s = preg_replace('/\
/', '$0' . $x, $s); - } - } - - - // Look for spoiler. - $spoilersearch = '
'; - - // Remove line breaks before the spoiler. - while ((strpos($s, "\n" . $spoilersearch) !== false)) { - $s = str_replace("\n" . $spoilersearch, $spoilersearch, $s); - } - while ((strpos($s, "
" . $spoilersearch) !== false)) { - $s = str_replace("
" . $spoilersearch, $spoilersearch, $s); - } - - while ((strpos($s, $spoilersearch) !== false)) { - $pos = strpos($s, $spoilersearch); - $rnd = random_string(8); - $spoilerreplace = '
' . L10n::t('Click to open/close') . ''. - '