X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=include%2Fbbcode.php;h=489ef8b2e38e0b7680a701538dad49533305663e;hb=0060e2449e4f225436964a8203b706ddd3e0d01f;hp=52cfa97c8baadb9578bb5987402a7eedc90dcb2a;hpb=2b75ad5e0afd0d458fb5c0330cd1fedecd40beb3;p=friendica.git
diff --git a/include/bbcode.php b/include/bbcode.php
index 52cfa97c8b..489ef8b2e3 100644
--- a/include/bbcode.php
+++ b/include/bbcode.php
@@ -343,7 +343,7 @@ function bb_replace_images($body, $images) {
$newbody = $body;
$cnt = 0;
- foreach($images as $image) {
+ foreach ($images as $image) {
// We're depending on the property of 'foreach' (specified on the PHP website) that
// it loops over the array starting from the first element and going sequentially
// to the last element
@@ -613,9 +613,7 @@ function GetProfileUsername($profile, $username, $compact = false, $getnetwork =
}
function bb_DiasporaLinks($match) {
- $a = get_app();
-
- return "[url=".$a->get_baseurl()."/display/".$match[1]."]".$match[2]."[/url]";
+ return "[url=".App::get_baseurl()."/display/".$match[1]."]".$match[2]."[/url]";
}
function bb_RemovePictureLinks($match) {
@@ -894,7 +892,7 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true, $simplehtml = fal
// we may need to restrict this further if it picks up too many strays
// link acct:user@host to a webfinger profile redirector
- $Text = preg_replace('/acct:([^@]+)@((?!\-)(?:[a-zA-Z\d\-]{0,62}[a-zA-Z\d]\.){1,126}(?!\d+)[a-zA-Z\d]{1,63})/', 'acct:$1@$2',$Text);
+ $Text = preg_replace('/acct:([^@]+)@((?!\-)(?:[a-zA-Z\d\-]{0,62}[a-zA-Z\d]\.){1,126}(?!\d+)[a-zA-Z\d]{1,63})/', 'acct:$1@$2',$Text);
// Perform MAIL Search
$Text = preg_replace("/\[mail\]([$MAILSearchString]*)\[\/mail\]/", '$1', $Text);
@@ -1063,9 +1061,9 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true, $simplehtml = fal
return(bb_ShareAttributes($match, $simplehtml));
},$Text);
- $Text = preg_replace("/\[crypt\](.*?)\[\/crypt\]/ism",'
 . '/images/lock_icon.gif "' . t('Encrypted content') . '")
', $Text);
- $Text = preg_replace("/\[crypt(.*?)\](.*?)\[\/crypt\]/ism",'
', $Text);
- //$Text = preg_replace("/\[crypt=(.*?)\](.*?)\[\/crypt\]/ism",'
', $Text);
+ $Text = preg_replace("/\[crypt\](.*?)\[\/crypt\]/ism",'
 . '/images/lock_icon.gif "' . t('Encrypted content') . '")
', $Text);
+ $Text = preg_replace("/\[crypt(.*?)\](.*?)\[\/crypt\]/ism",'
', $Text);
+ //$Text = preg_replace("/\[crypt=(.*?)\](.*?)\[\/crypt\]/ism",'
', $Text);
// Try to Oembed
@@ -1165,13 +1163,16 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true, $simplehtml = fal
// fix any escaped ampersands that may have been converted into links
$Text = preg_replace('/\<([^>]*?)(src|href)=(.*?)\&\;(.*?)\>/ism', '<$1$2=$3&$4>', $Text);
- // sanitizes src attributes (only relative redir URIs or http URLs)
- $Text = preg_replace('#<([^>]*?)(src)="(?!http|redir)(.*?)"(.*?)>#ism', '<$1$2=""$4 class="invalid-src" title="' . t('Invalid source protocol') . '">', $Text);
+ // sanitizes src attributes (http and redir URLs for displaying in a web page, cid used for inline images in emails)
+ static $allowed_src_protocols = array('http', 'redir', 'cid');
+ $Text = preg_replace('#<([^>]*?)(src)="(?!' . implode('|', $allowed_src_protocols) . ')(.*?)"(.*?)>#ism',
+ '<$1$2=""$4 class="invalid-src" title="' . t('Invalid source protocol') . '">', $Text);
// sanitize href attributes (only whitelisted protocols URLs)
- $allowed_link_protocols = Config::get('system', 'allowed_link_protocols', array());
+ // default value for backward compatibility
+ $allowed_link_protocols = Config::get('system', 'allowed_link_protocols', array('ftp', 'mailto', 'gopher', 'cid'));
- // Always allowed protocol even if config isn't set
+ // Always allowed protocol even if config isn't set or not including it
$allowed_link_protocols[] = 'http';
$regex = '#<([^>]*?)(href)="(?!' . implode('|', $allowed_link_protocols) . ')(.*?)"(.*?)>#ism';