X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=include%2Fbbcode.php;h=74dde2fdf431ee0f488ab11804a1698058719255;hb=87eb3d5ef268534e1c8fac9ed63dad4fb50989ee;hp=c5c93ca64e0e81e051d88b1b35bf5cc2568603a9;hpb=167a8998d628798699b91b321b23a45a0a1544c5;p=friendica.git diff --git a/include/bbcode.php b/include/bbcode.php index c5c93ca64e..74dde2fdf4 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -1,4 +1,6 @@ %s', trim($data["description"])); + $text .= sprintf('
%s
', trim(bbcode($data["description"]))); } } return $data["text"].$text.$data["after"]; @@ -103,9 +104,9 @@ function bb_remove_share_information($Text, $plaintext = false, $nolink = false) $title = htmlentities($data["title"], ENT_QUOTES, 'UTF-8', false); $text = htmlentities($data["text"], ENT_QUOTES, 'UTF-8', false); - if ($plaintext or strstr($text, $title)) + if ($plaintext OR (($title != "") AND strstr($text, $title))) $data["title"] = $data["url"]; - elseif (strstr($title, $text)) { + elseif (($text != "") AND strstr($title, $text)) { $data["text"] = $data["title"]; $data["title"] = $data["url"]; } @@ -147,7 +148,7 @@ function cleancss($input) { if (($char >= "a") and ($char <= "z")) $cleaned .= $char; - if (!(strpos(" #;:0123456789-_", $char) === false)) + if (!(strpos(" #;:0123456789-_.%", $char) === false)) $cleaned .= $char; } @@ -342,7 +343,7 @@ function bb_replace_images($body, $images) { $newbody = $body; $cnt = 0; - foreach($images as $image) { + foreach ($images as $image) { // We're depending on the property of 'foreach' (specified on the PHP website) that // it loops over the array starting from the first element and going sequentially // to the last element @@ -396,36 +397,40 @@ function bb_ShareAttributes($share, $simplehtml) { $itemcache = get_itemcachepath(); - // relative dates only make sense when they aren't cached - if ($itemcache == "") { - preg_match("/posted='(.*?)'/ism", $attributes, $matches); - if ($matches[1] != "") - $posted = $matches[1]; + preg_match("/posted='(.*?)'/ism", $attributes, $matches); + if ($matches[1] != "") + $posted = $matches[1]; - preg_match('/posted="(.*?)"/ism', $attributes, $matches); - if ($matches[1] != "") - $posted = $matches[1]; + preg_match('/posted="(.*?)"/ism', $attributes, $matches); + if ($matches[1] != "") + $posted = $matches[1]; + // relative dates only make sense when they aren't cached + if ($itemcache == "") $reldate = (($posted) ? " " . relative_date($posted) : ''); - } + + // We only call this so that a previously unknown contact can be added. + // This is important for the function "get_contact_details_by_url". + // This function then can fetch an entry from the contact table. + get_contact($profile, 0); $data = get_contact_details_by_url($profile); - if (isset($data["name"]) AND isset($data["addr"])) + if (isset($data["name"]) AND ($data["name"] != "") AND isset($data["addr"]) AND ($data["addr"] != "")) $userid_compact = $data["name"]." (".$data["addr"].")"; else $userid_compact = GetProfileUsername($profile,$author, true); - if (isset($data["addr"])) + if (isset($data["addr"]) AND ($data["addr"] != "")) $userid = $data["addr"]; else $userid = GetProfileUsername($profile,$author, false); - if (isset($data["name"])) + if (isset($data["name"]) AND ($data["name"] != "")) $author = $data["name"]; - if (isset($data["photo"])) - $avatar = $data["photo"]; + if (isset($data["micro"]) AND ($data["micro"] != "")) + $avatar = $data["micro"]; $preshare = trim($share[1]); @@ -489,13 +494,22 @@ function bb_ShareAttributes($share, $simplehtml) { $text .= "

".$link; break; default: - $headline = trim($share[1]).'
'; - if ($avatar != "") - $headline .= ''; - - $headline .= sprintf(t('%s wrote the following post'.$reldate.':'), $profile, $author, $link); - $headline .= "
"; - $text = $headline.'
'.trim($share[3])."
"; + $text = trim($share[1])."\n"; + + $avatar = proxy_url($avatar, false, PROXY_SIZE_THUMB); + + $tpl = get_markup_template('shared_content.tpl'); + $text .= replace_macros($tpl, + array( + '$profile' => $profile, + '$avatar' => $avatar, + '$author' => $author, + '$link' => $link, + '$posted' => $posted, + '$reldate' => $reldate, + '$content' => trim($share[3]) + ) + ); break; } return($text); @@ -599,9 +613,7 @@ function GetProfileUsername($profile, $username, $compact = false, $getnetwork = } function bb_DiasporaLinks($match) { - $a = get_app(); - - return "[url=".$a->get_baseurl()."/display/".$match[1]."]".$match[2]."[/url]"; + return "[url=".App::get_baseurl()."/display/".$match[1]."]".$match[2]."[/url]"; } function bb_RemovePictureLinks($match) { @@ -711,6 +723,13 @@ function bb_CleanPictureLinks($text) { return ($text); } +function bb_highlight($match) { + if(in_array(strtolower($match[1]),['php','css','mysql','sql','abap','diff','html','perl','ruby', + 'vbscript','avrc','dtd','java','xml','cpp','python','javascript','js','sh'])) + return text_highlight($match[2],strtolower($match[1])); + return $match[0]; +} + // BBcode 2 HTML was written by WAY2WEB.net // extended to work with Mistpark/Friendica - Mike Macgirvin @@ -763,6 +782,11 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true, $simplehtml = fal if (!$tryoembed) $Text = preg_replace("/\[share(.*?)avatar\s?=\s?'.*?'\s?(.*?)\]\s?(.*?)\s?\[\/share\]\s?/ism","\n[share$1$2]$3[/share]",$Text); + // Check for [code] text here, before the linefeeds are messed with. + // The highlighter will unescape and re-escape the content. + if (strpos($Text,'[code=') !== false) { + $Text = preg_replace_callback("/\[code=(.*?)\](.*?)\[\/code\]/ism", 'bb_highlight', $Text); + } // Convert new line chars to html
tags // nlbr seems to be hopelessly messed up @@ -809,7 +833,10 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true, $simplehtml = fal $Text = preg_replace("/([@])\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism", '$1$3', $Text); - + elseif (!$simplehtml) + $Text = preg_replace("/([@])\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism", + '$1$3', + $Text); // Bookmarks in red - will be converted to bookmarks in friendica $Text = preg_replace("/#\^\[url\]([$URLSearchString]*)\[\/url\]/ism", '[bookmark=$1]$1[/bookmark]', $Text); @@ -851,6 +878,9 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true, $simplehtml = fal if ($tryoembed) $Text = preg_replace_callback("/\[url\]([$URLSearchString]*)\[\/url\]/ism",'tryoembed',$Text); + $Text = preg_replace("/([#])\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism", + '$1$3', $Text); + $Text = preg_replace("/\[url\]([$URLSearchString]*)\[\/url\]/ism", '$1', $Text); $Text = preg_replace("/\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism", '$2', $Text); //$Text = preg_replace("/\[url\=([$URLSearchString]*)\]([$URLSearchString]*)\[\/url\]/ism", '$2', $Text); @@ -862,8 +892,7 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true, $simplehtml = fal // we may need to restrict this further if it picks up too many strays // link acct:user@host to a webfinger profile redirector - $Text = preg_replace('/acct:(.*?)@(.*?)([ ,])/', 'acct:' . "$1@$2$3" . '',$Text); + $Text = preg_replace('/acct:([^@]+)@((?!\-)(?:[a-zA-Z\d\-]{0,62}[a-zA-Z\d]\.){1,126}(?!\d+)[a-zA-Z\d]{1,63})/', 'acct:$1@$2',$Text); // Perform MAIL Search $Text = preg_replace("/\[mail\]([$MAILSearchString]*)\[\/mail\]/", '$1', $Text); @@ -890,6 +919,9 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true, $simplehtml = fal $Text = preg_replace("(\[h5\](.*?)\[\/h5\])ism",'
$1
',$Text); $Text = preg_replace("(\[h6\](.*?)\[\/h6\])ism",'
$1
',$Text); + // Check for paragraph + $Text = preg_replace("(\[p\](.*?)\[\/p\])ism",'

$1

',$Text); + // Check for bold text $Text = preg_replace("(\[b\](.*?)\[\/b\])ism",'$1',$Text); @@ -1029,9 +1061,9 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true, $simplehtml = fal return(bb_ShareAttributes($match, $simplehtml)); },$Text); - $Text = preg_replace("/\[crypt\](.*?)\[\/crypt\]/ism",'
' . t('Encrypted content') . '
', $Text); - $Text = preg_replace("/\[crypt(.*?)\](.*?)\[\/crypt\]/ism",'
' . t('Encrypted content') . '
', $Text); - //$Text = preg_replace("/\[crypt=(.*?)\](.*?)\[\/crypt\]/ism",'
' . t('Encrypted content') . '
', $Text); + $Text = preg_replace("/\[crypt\](.*?)\[\/crypt\]/ism",'
' . t('Encrypted content') . '
', $Text); + $Text = preg_replace("/\[crypt(.*?)\](.*?)\[\/crypt\]/ism",'
' . t('Encrypted content') . '
', $Text); + //$Text = preg_replace("/\[crypt=(.*?)\](.*?)\[\/crypt\]/ism",'
' . t('Encrypted content') . '
', $Text); // Try to Oembed @@ -1109,6 +1141,7 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true, $simplehtml = fal $Text = preg_replace("/\[event\-finish\](.*?)\[\/event\-finish\]/ism",'',$Text); $Text = preg_replace("/\[event\-location\](.*?)\[\/event\-location\]/ism",'',$Text); $Text = preg_replace("/\[event\-adjust\](.*?)\[\/event\-adjust\]/ism",'',$Text); + $Text = preg_replace("/\[event\-id\](.*?)\[\/event\-id\]/ism",'',$Text); } @@ -1128,11 +1161,24 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true, $simplehtml = fal $Text = preg_replace('/\"\;/','"',$Text); // fix any escaped ampersands that may have been converted into links - $Text = preg_replace("/\<([^>]*?)(src|href)=(.*?)\&\;(.*?)\>/ism",'<$1$2=$3&$4>',$Text); - $Text = preg_replace("/\<([^>]*?)(src|href)=\"(?!http|ftp|mailto|gopher|cid)(.*?)\>/ism",'<$1$2="">',$Text); + $Text = preg_replace('/\<([^>]*?)(src|href)=(.*?)\&\;(.*?)\>/ism', '<$1$2=$3&$4>', $Text); + + // sanitizes src attributes (only relative redir URIs or http URLs) + $Text = preg_replace('#<([^>]*?)(src)="(?!http|redir)(.*?)"(.*?)>#ism', '<$1$2=""$4 class="invalid-src" title="' . t('Invalid source protocol') . '">', $Text); + + // sanitize href attributes (only whitelisted protocols URLs) + // default value for backward compatibility + $allowed_link_protocols = Config::get('system', 'allowed_link_protocols', array('ftp', 'mailto', 'gopher', 'cid')); - if($saved_image) + // Always allowed protocol even if config isn't set or not including it + $allowed_link_protocols[] = 'http'; + + $regex = '#<([^>]*?)(href)="(?!' . implode('|', $allowed_link_protocols) . ')(.*?)"(.*?)>#ism'; + $Text = preg_replace($regex, '<$1$2="javascript:void(0)"$4 class="invalid-href" title="' . t('Invalid link protocol') . '">', $Text); + + if($saved_image) { $Text = bb_replace_images($Text, $saved_image); + } // Clean up the HTML by loading and saving the HTML with the DOM. // Bad structured html can break a whole page.