X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=include%2Fbbcode.php;h=74dde2fdf431ee0f488ab11804a1698058719255;hb=d82ed5d1b4a3af4d0a4782b809837e3b22d1211d;hp=8f19566b587850286e0959769b4b49e87d31dd13;hpb=1627401cfaca09ea63f59df1a97ae08701b40d11;p=friendica.git diff --git a/include/bbcode.php b/include/bbcode.php index 8f19566b58..74dde2fdf4 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -1,4 +1,6 @@ %s', trim($data["description"])); + $text .= sprintf('
%s
', trim(bbcode($data["description"]))); } } return $data["text"].$text.$data["after"]; @@ -96,8 +102,14 @@ function bb_remove_share_information($Text, $plaintext = false, $nolink = false) if ($nolink) return $data["text"].$data["after"]; - if ($plaintext) + $title = htmlentities($data["title"], ENT_QUOTES, 'UTF-8', false); + $text = htmlentities($data["text"], ENT_QUOTES, 'UTF-8', false); + if ($plaintext OR (($title != "") AND strstr($text, $title))) $data["title"] = $data["url"]; + elseif (($text != "") AND strstr($title, $text)) { + $data["text"] = $data["title"]; + $data["title"] = $data["url"]; + } if (($data["text"] == "") AND ($data["title"] != "") AND ($data["url"] == "")) return $data["title"].$data["after"]; @@ -110,10 +122,10 @@ function bb_remove_share_information($Text, $plaintext = false, $nolink = false) if (($data["url"] != "") AND ($data["title"] != "")) $text .= "\n[url=".$data["url"]."]".$data["title"]."[/url]"; - elseif (($link != "")) + elseif (($data["url"] != "")) $text .= "\n".$data["url"]; - return $text.$data["after"]; + return $text."\n".$data["after"]; } function bb_cleanstyle($st) { @@ -136,7 +148,7 @@ function cleancss($input) { if (($char >= "a") and ($char <= "z")) $cleaned .= $char; - if (!(strpos(" #;:0123456789-_", $char) === false)) + if (!(strpos(" #;:0123456789-_.%", $char) === false)) $cleaned .= $char; } @@ -331,7 +343,7 @@ function bb_replace_images($body, $images) { $newbody = $body; $cnt = 0; - foreach($images as $image) { + foreach ($images as $image) { // We're depending on the property of 'foreach' (specified on the PHP website) that // it loops over the array starting from the first element and going sequentially // to the last element @@ -385,36 +397,40 @@ function bb_ShareAttributes($share, $simplehtml) { $itemcache = get_itemcachepath(); - // relative dates only make sense when they aren't cached - if ($itemcache == "") { - preg_match("/posted='(.*?)'/ism", $attributes, $matches); - if ($matches[1] != "") - $posted = $matches[1]; + preg_match("/posted='(.*?)'/ism", $attributes, $matches); + if ($matches[1] != "") + $posted = $matches[1]; - preg_match('/posted="(.*?)"/ism', $attributes, $matches); - if ($matches[1] != "") - $posted = $matches[1]; + preg_match('/posted="(.*?)"/ism', $attributes, $matches); + if ($matches[1] != "") + $posted = $matches[1]; + // relative dates only make sense when they aren't cached + if ($itemcache == "") $reldate = (($posted) ? " " . relative_date($posted) : ''); - } + + // We only call this so that a previously unknown contact can be added. + // This is important for the function "get_contact_details_by_url". + // This function then can fetch an entry from the contact table. + get_contact($profile, 0); $data = get_contact_details_by_url($profile); - if (isset($data["name"]) AND isset($data["addr"])) + if (isset($data["name"]) AND ($data["name"] != "") AND isset($data["addr"]) AND ($data["addr"] != "")) $userid_compact = $data["name"]." (".$data["addr"].")"; else $userid_compact = GetProfileUsername($profile,$author, true); - if (isset($data["addr"])) + if (isset($data["addr"]) AND ($data["addr"] != "")) $userid = $data["addr"]; else $userid = GetProfileUsername($profile,$author, false); - if (isset($data["name"])) + if (isset($data["name"]) AND ($data["name"] != "")) $author = $data["name"]; - if (isset($data["photo"])) - $avatar = $data["photo"]; + if (isset($data["micro"]) AND ($data["micro"] != "")) + $avatar = $data["micro"]; $preshare = trim($share[1]); @@ -478,13 +494,22 @@ function bb_ShareAttributes($share, $simplehtml) { $text .= "

".$link; break; default: - $headline = trim($share[1]).'
'; - if ($avatar != "") - $headline .= ''; - - $headline .= sprintf(t('%s wrote the following post'.$reldate.':'), $profile, $author, $link); - $headline .= "
"; - $text = $headline.'
'.trim($share[3])."
"; + $text = trim($share[1])."\n"; + + $avatar = proxy_url($avatar, false, PROXY_SIZE_THUMB); + + $tpl = get_markup_template('shared_content.tpl'); + $text .= replace_macros($tpl, + array( + '$profile' => $profile, + '$avatar' => $avatar, + '$author' => $author, + '$link' => $link, + '$posted' => $posted, + '$reldate' => $reldate, + '$content' => trim($share[3]) + ) + ); break; } return($text); @@ -588,9 +613,7 @@ function GetProfileUsername($profile, $username, $compact = false, $getnetwork = } function bb_DiasporaLinks($match) { - $a = get_app(); - - return "[url=".$a->get_baseurl()."/display/".$match[1]."]".$match[2]."[/url]"; + return "[url=".App::get_baseurl()."/display/".$match[1]."]".$match[2]."[/url]"; } function bb_RemovePictureLinks($match) { @@ -700,6 +723,13 @@ function bb_CleanPictureLinks($text) { return ($text); } +function bb_highlight($match) { + if(in_array(strtolower($match[1]),['php','css','mysql','sql','abap','diff','html','perl','ruby', + 'vbscript','avrc','dtd','java','xml','cpp','python','javascript','js','sh'])) + return text_highlight($match[2],strtolower($match[1])); + return $match[0]; +} + // BBcode 2 HTML was written by WAY2WEB.net // extended to work with Mistpark/Friendica - Mike Macgirvin @@ -752,6 +782,11 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true, $simplehtml = fal if (!$tryoembed) $Text = preg_replace("/\[share(.*?)avatar\s?=\s?'.*?'\s?(.*?)\]\s?(.*?)\s?\[\/share\]\s?/ism","\n[share$1$2]$3[/share]",$Text); + // Check for [code] text here, before the linefeeds are messed with. + // The highlighter will unescape and re-escape the content. + if (strpos($Text,'[code=') !== false) { + $Text = preg_replace_callback("/\[code=(.*?)\](.*?)\[\/code\]/ism", 'bb_highlight', $Text); + } // Convert new line chars to html
tags // nlbr seems to be hopelessly messed up @@ -798,7 +833,10 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true, $simplehtml = fal $Text = preg_replace("/([@])\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism", '$1$3', $Text); - + elseif (!$simplehtml) + $Text = preg_replace("/([@])\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism", + '$1$3', + $Text); // Bookmarks in red - will be converted to bookmarks in friendica $Text = preg_replace("/#\^\[url\]([$URLSearchString]*)\[\/url\]/ism", '[bookmark=$1]$1[/bookmark]', $Text); @@ -840,6 +878,9 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true, $simplehtml = fal if ($tryoembed) $Text = preg_replace_callback("/\[url\]([$URLSearchString]*)\[\/url\]/ism",'tryoembed',$Text); + $Text = preg_replace("/([#])\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism", + '$1$3', $Text); + $Text = preg_replace("/\[url\]([$URLSearchString]*)\[\/url\]/ism", '$1', $Text); $Text = preg_replace("/\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism", '$2', $Text); //$Text = preg_replace("/\[url\=([$URLSearchString]*)\]([$URLSearchString]*)\[\/url\]/ism", '$2', $Text); @@ -851,8 +892,7 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true, $simplehtml = fal // we may need to restrict this further if it picks up too many strays // link acct:user@host to a webfinger profile redirector - $Text = preg_replace('/acct:(.*?)@(.*?)([ ,])/', 'acct:' . "$1@$2$3" . '',$Text); + $Text = preg_replace('/acct:([^@]+)@((?!\-)(?:[a-zA-Z\d\-]{0,62}[a-zA-Z\d]\.){1,126}(?!\d+)[a-zA-Z\d]{1,63})/', 'acct:$1@$2',$Text); // Perform MAIL Search $Text = preg_replace("/\[mail\]([$MAILSearchString]*)\[\/mail\]/", '$1', $Text); @@ -879,6 +919,9 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true, $simplehtml = fal $Text = preg_replace("(\[h5\](.*?)\[\/h5\])ism",'
$1
',$Text); $Text = preg_replace("(\[h6\](.*?)\[\/h6\])ism",'
$1
',$Text); + // Check for paragraph + $Text = preg_replace("(\[p\](.*?)\[\/p\])ism",'

$1

',$Text); + // Check for bold text $Text = preg_replace("(\[b\](.*?)\[\/b\])ism",'$1',$Text); @@ -1018,9 +1061,9 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true, $simplehtml = fal return(bb_ShareAttributes($match, $simplehtml)); },$Text); - $Text = preg_replace("/\[crypt\](.*?)\[\/crypt\]/ism",'
' . t('Encrypted content') . '
', $Text); - $Text = preg_replace("/\[crypt(.*?)\](.*?)\[\/crypt\]/ism",'
' . t('Encrypted content') . '
', $Text); - //$Text = preg_replace("/\[crypt=(.*?)\](.*?)\[\/crypt\]/ism",'
' . t('Encrypted content') . '
', $Text); + $Text = preg_replace("/\[crypt\](.*?)\[\/crypt\]/ism",'
' . t('Encrypted content') . '
', $Text); + $Text = preg_replace("/\[crypt(.*?)\](.*?)\[\/crypt\]/ism",'
' . t('Encrypted content') . '
', $Text); + //$Text = preg_replace("/\[crypt=(.*?)\](.*?)\[\/crypt\]/ism",'
' . t('Encrypted content') . '
', $Text); // Try to Oembed @@ -1098,6 +1141,7 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true, $simplehtml = fal $Text = preg_replace("/\[event\-finish\](.*?)\[\/event\-finish\]/ism",'',$Text); $Text = preg_replace("/\[event\-location\](.*?)\[\/event\-location\]/ism",'',$Text); $Text = preg_replace("/\[event\-adjust\](.*?)\[\/event\-adjust\]/ism",'',$Text); + $Text = preg_replace("/\[event\-id\](.*?)\[\/event\-id\]/ism",'',$Text); } @@ -1117,11 +1161,24 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true, $simplehtml = fal $Text = preg_replace('/\"\;/','"',$Text); // fix any escaped ampersands that may have been converted into links - $Text = preg_replace("/\<([^>]*?)(src|href)=(.*?)\&\;(.*?)\>/ism",'<$1$2=$3&$4>',$Text); - $Text = preg_replace("/\<([^>]*?)(src|href)=\"(?!http|ftp|mailto|gopher|cid)(.*?)\>/ism",'<$1$2="">',$Text); + $Text = preg_replace('/\<([^>]*?)(src|href)=(.*?)\&\;(.*?)\>/ism', '<$1$2=$3&$4>', $Text); + + // sanitizes src attributes (only relative redir URIs or http URLs) + $Text = preg_replace('#<([^>]*?)(src)="(?!http|redir)(.*?)"(.*?)>#ism', '<$1$2=""$4 class="invalid-src" title="' . t('Invalid source protocol') . '">', $Text); + + // sanitize href attributes (only whitelisted protocols URLs) + // default value for backward compatibility + $allowed_link_protocols = Config::get('system', 'allowed_link_protocols', array('ftp', 'mailto', 'gopher', 'cid')); - if($saved_image) + // Always allowed protocol even if config isn't set or not including it + $allowed_link_protocols[] = 'http'; + + $regex = '#<([^>]*?)(href)="(?!' . implode('|', $allowed_link_protocols) . ')(.*?)"(.*?)>#ism'; + $Text = preg_replace($regex, '<$1$2="javascript:void(0)"$4 class="invalid-href" title="' . t('Invalid link protocol') . '">', $Text); + + if($saved_image) { $Text = bb_replace_images($Text, $saved_image); + } // Clean up the HTML by loading and saving the HTML with the DOM. // Bad structured html can break a whole page.