X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=include%2Fnetwork.php;h=759e53670770752871a571c4e5350e098c024556;hb=56ee734b00aead633d5d213a6b140b75bc17ba96;hp=7a662e4cbf08585a3a1bed493c060ab0418a600a;hpb=ad20c5504deba9dbb4ea5c5deba598f2c448b344;p=friendica.git

diff --git a/include/network.php b/include/network.php
index 7a662e4cbf..759e536707 100644
--- a/include/network.php
+++ b/include/network.php
@@ -4,16 +4,18 @@
  * @file include/network.php
  */
 
+use Friendica\Core\Config;
+
 require_once("include/xml.php");
 require_once('include/Probe.php');
 
 /**
  * @brief Curl wrapper
- * 
+ *
  * If binary flag is true, return binary results.
  * Set the cookiejar argument to a string (e.g. "/tmp/friendica-cookies.txt")
  * to preserve cookies from one request to the next.
- * 
+ *
  * @param string $url URL to fetch
  * @param boolean $binary default false
  *    TRUE if asked to return binary results (file download)
@@ -21,7 +23,7 @@ require_once('include/Probe.php');
  * @param integer $timeout Timeout in seconds, default system config value or 60 seconds
  * @param string $accept_content supply Accept: header with 'accept_content' as the value
  * @param string $cookiejar Path to cookie jar file
- * 
+ *
  * @return string The fetched content
  */
 function fetch_url($url,$binary = false, &$redirects = 0, $timeout = 0, $accept_content=Null, $cookiejar = 0) {
@@ -60,22 +62,27 @@ function fetch_url($url,$binary = false, &$redirects = 0, $timeout = 0, $accept_
  *    string 'header' => HTTP headers
  *    string 'body' => fetched content
  */
-function z_fetch_url($url,$binary = false, &$redirects = 0, $opts=array()) {
-
-	$ret = array('return_code' => 0, 'success' => false, 'header' => "", 'body' => "");
-
+function z_fetch_url($url, $binary = false, &$redirects = 0, $opts = array()) {
+	$ret = array('return_code' => 0, 'success' => false, 'header' => '', 'body' => '');
 
 	$stamp1 = microtime(true);
 
 	$a = get_app();
 
+	if (blocked_url($url)) {
+		logger('z_fetch_url: domain of ' . $url . ' is blocked', LOGGER_DATA);
+		return $ret;
+	}
+
 	$ch = @curl_init($url);
-	if(($redirects > 8) || (! $ch))
-		return false;
+
+	if (($redirects > 8) || (!$ch)) {
+		return $ret;
+	}
 
 	@curl_setopt($ch, CURLOPT_HEADER, true);
 
-	if(x($opts,"cookiejar")) {
+	if (x($opts, "cookiejar")) {
 		curl_setopt($ch, CURLOPT_COOKIEJAR, $opts["cookiejar"]);
 		curl_setopt($ch, CURLOPT_COOKIEFILE, $opts["cookiejar"]);
 	}
@@ -84,47 +91,61 @@ function z_fetch_url($url,$binary = false, &$redirects = 0, $opts=array()) {
 //	@curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
 //	@curl_setopt($ch, CURLOPT_MAXREDIRS, 5);
 
-	if (x($opts,'accept_content')){
-		curl_setopt($ch,CURLOPT_HTTPHEADER, array (
-			"Accept: " . $opts['accept_content']
+	if (x($opts, 'accept_content')) {
+		curl_setopt($ch, CURLOPT_HTTPHEADER, array(
+			'Accept: ' . $opts['accept_content']
 		));
 	}
 
-	@curl_setopt($ch, CURLOPT_RETURNTRANSFER,true);
+	@curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
 	@curl_setopt($ch, CURLOPT_USERAGENT, $a->get_useragent());
 
+	$range = intval(Config::get('system', 'curl_range_bytes', 0));
 
+	if ($range > 0) {
+		@curl_setopt($ch, CURLOPT_RANGE, '0-' . $range);
+	}
 
-	if(x($opts,'headers')){
+	if (x($opts, 'headers')) {
 		@curl_setopt($ch, CURLOPT_HTTPHEADER, $opts['headers']);
 	}
-	if(x($opts,'nobody')){
+
+	if (x($opts, 'nobody')) {
 		@curl_setopt($ch, CURLOPT_NOBODY, $opts['nobody']);
 	}
-	if(x($opts,'timeout')){
+
+	if (x($opts, 'timeout')) {
 		@curl_setopt($ch, CURLOPT_TIMEOUT, $opts['timeout']);
 	} else {
-		$curl_time = intval(get_config('system','curl_timeout'));
+		$curl_time = intval(get_config('system', 'curl_timeout'));
 		@curl_setopt($ch, CURLOPT_TIMEOUT, (($curl_time !== false) ? $curl_time : 60));
 	}
 
 	// by default we will allow self-signed certs
 	// but you can override this
 
-	$check_cert = get_config('system','verifyssl');
+	$check_cert = get_config('system', 'verifyssl');
 	@curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, (($check_cert) ? true : false));
-	@curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, (($check_cert) ? 2 : false));
 
-	$prx = get_config('system','proxy');
-	if(strlen($prx)) {
+	if ($check_cert) {
+		@curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
+	}
+
+	$proxy = get_config('system', 'proxy');
+
+	if (strlen($proxy)) {
 		@curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1);
-		@curl_setopt($ch, CURLOPT_PROXY, $prx);
-		$prxusr = @get_config('system','proxyuser');
-		if(strlen($prxusr))
-			@curl_setopt($ch, CURLOPT_PROXYUSERPWD, $prxusr);
+		@curl_setopt($ch, CURLOPT_PROXY, $proxy);
+		$proxyuser = @get_config('system', 'proxyuser');
+
+		if (strlen($proxyuser)) {
+			@curl_setopt($ch, CURLOPT_PROXYUSERPWD, $proxyuser);
+		}
+	}
+
+	if ($binary) {
+		@curl_setopt($ch, CURLOPT_BINARYTRANSFER, 1);
 	}
-	if($binary)
-		@curl_setopt($ch, CURLOPT_BINARYTRANSFER,1);
 
 	$a->set_curl_code(0);
 
@@ -132,142 +153,162 @@ function z_fetch_url($url,$binary = false, &$redirects = 0, $opts=array()) {
 	// if it throws any errors.
 
 	$s = @curl_exec($ch);
+
 	if (curl_errno($ch) !== CURLE_OK) {
-		logger('fetch_url error fetching '.$url.': '.curl_error($ch), LOGGER_NORMAL);
+		logger('fetch_url error fetching ' . $url . ': ' . curl_error($ch), LOGGER_NORMAL);
 	}
 
+	$ret['errno'] = curl_errno($ch);
+
 	$base = $s;
 	$curl_info = @curl_getinfo($ch);
 
 	$http_code = $curl_info['http_code'];
-	logger('fetch_url '.$url.': '.$http_code." ".$s, LOGGER_DATA);
+	logger('fetch_url ' . $url . ': ' . $http_code . " " . $s, LOGGER_DATA);
 	$header = '';
 
 	// Pull out multiple headers, e.g. proxy and continuation headers
 	// allow for HTTP/2.x without fixing code
 
-	while(preg_match('/^HTTP\/[1-2].+? [1-5][0-9][0-9]/',$base)) {
-		$chunk = substr($base,0,strpos($base,"\r\n\r\n")+4);
+	while (preg_match('/^HTTP\/[1-2].+? [1-5][0-9][0-9]/', $base)) {
+		$chunk = substr($base, 0, strpos($base, "\r\n\r\n") + 4);
 		$header .= $chunk;
-		$base = substr($base,strlen($chunk));
+		$base = substr($base, strlen($chunk));
 	}
 
 	$a->set_curl_code($http_code);
 	$a->set_curl_content_type($curl_info['content_type']);
 	$a->set_curl_headers($header);
 
-	if($http_code == 301 || $http_code == 302 || $http_code == 303 || $http_code == 307) {
-		$new_location_info = @parse_url($curl_info["redirect_url"]);
-		$old_location_info = @parse_url($curl_info["url"]);
+	if ($http_code == 301 || $http_code == 302 || $http_code == 303 || $http_code == 307) {
+		$new_location_info = @parse_url($curl_info['redirect_url']);
+		$old_location_info = @parse_url($curl_info['url']);
 
-		$newurl = $curl_info["redirect_url"];
+		$newurl = $curl_info['redirect_url'];
 
-		if (($new_location_info["path"] == "") AND ($new_location_info["host"] != ""))
-			$newurl = $new_location_info["scheme"]."://".$new_location_info["host"].$old_location_info["path"];
+		if (($new_location_info['path'] == '') AND ( $new_location_info['host'] != '')) {
+			$newurl = $new_location_info['scheme'] . '://' . $new_location_info['host'] . $old_location_info['path'];
+		}
 
 		$matches = array();
+
 		if (preg_match('/(Location:|URI:)(.*?)\n/i', $header, $matches)) {
 			$newurl = trim(array_pop($matches));
 		}
-		if(strpos($newurl,'/') === 0)
-			$newurl = $old_location_info["scheme"]."://".$old_location_info["host"].$newurl;
+
+		if (strpos($newurl, '/') === 0) {
+			$newurl = $old_location_info['scheme'] . '://' . $old_location_info['host'] . $newurl;
+		}
+
 		if (filter_var($newurl, FILTER_VALIDATE_URL)) {
 			$redirects++;
 			@curl_close($ch);
-			return z_fetch_url($newurl,$binary, $redirects, $opts);
+			return z_fetch_url($newurl, $binary, $redirects, $opts);
 		}
 	}
 
-
 	$a->set_curl_code($http_code);
 	$a->set_curl_content_type($curl_info['content_type']);
 
-	$body = substr($s,strlen($header));
-
-
+	$body = substr($s, strlen($header));
 
 	$rc = intval($http_code);
 	$ret['return_code'] = $rc;
 	$ret['success'] = (($rc >= 200 && $rc <= 299) ? true : false);
 	$ret['redirect_url'] = $url;
-	if(! $ret['success']) {
+
+	if (!$ret['success']) {
 		$ret['error'] = curl_error($ch);
 		$ret['debug'] = $curl_info;
 		logger('z_fetch_url: error: ' . $url . ': ' . $ret['error'], LOGGER_DEBUG);
-		logger('z_fetch_url: debug: ' . print_r($curl_info,true), LOGGER_DATA);
+		logger('z_fetch_url: debug: ' . print_r($curl_info, true), LOGGER_DATA);
 	}
-	$ret['body'] = substr($s,strlen($header));
+
+	$ret['body'] = substr($s, strlen($header));
 	$ret['header'] = $header;
-	if(x($opts,'debug')) {
+
+	if (x($opts, 'debug')) {
 		$ret['debug'] = $curl_info;
 	}
+
 	@curl_close($ch);
 
-	$a->save_timestamp($stamp1, "network");
+	$a->save_timestamp($stamp1, 'network');
 
 	return($ret);
-
 }
 
-// post request to $url. $params is an array of post variables.
-
 /**
- * @brief Post request to $url
- * 
+ * @brief Send POST request to $url
+ *
  * @param string $url URL to post
- * @param mixed $params
+ * @param mixed $params array of POST variables
  * @param string $headers HTTP headers
  * @param integer $redirects Recursion counter for internal use - default = 0
  * @param integer $timeout The timeout in seconds, default system config value or 60 seconds
- * 
+ *
  * @return string The content
  */
-function post_url($url,$params, $headers = null, &$redirects = 0, $timeout = 0) {
+function post_url($url, $params, $headers = null, &$redirects = 0, $timeout = 0) {
 	$stamp1 = microtime(true);
 
+	if (blocked_url($url)) {
+		logger('post_url: domain of ' . $url . ' is blocked', LOGGER_DATA);
+		return false;
+	}
+
 	$a = get_app();
 	$ch = curl_init($url);
-	if(($redirects > 8) || (! $ch))
+
+	if (($redirects > 8) || (!$ch)) {
 		return false;
+	}
 
-	logger("post_url: start ".$url, LOGGER_DATA);
+	logger('post_url: start ' . $url, LOGGER_DATA);
 
 	curl_setopt($ch, CURLOPT_HEADER, true);
-	curl_setopt($ch, CURLOPT_RETURNTRANSFER,true);
-	curl_setopt($ch, CURLOPT_POST,1);
-	curl_setopt($ch, CURLOPT_POSTFIELDS,$params);
+	curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+	curl_setopt($ch, CURLOPT_POST, 1);
+	curl_setopt($ch, CURLOPT_POSTFIELDS, $params);
 	curl_setopt($ch, CURLOPT_USERAGENT, $a->get_useragent());
 
-	if(intval($timeout)) {
+	if (intval($timeout)) {
 		curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);
-	}
-	else {
-		$curl_time = intval(get_config('system','curl_timeout'));
+	} else {
+		$curl_time = intval(get_config('system', 'curl_timeout'));
 		curl_setopt($ch, CURLOPT_TIMEOUT, (($curl_time !== false) ? $curl_time : 60));
 	}
 
-	if(defined('LIGHTTPD')) {
-		if(!is_array($headers)) {
+	if (defined('LIGHTTPD')) {
+		if (!is_array($headers)) {
 			$headers = array('Expect:');
 		} else {
-			if(!in_array('Expect:', $headers)) {
+			if (!in_array('Expect:', $headers)) {
 				array_push($headers, 'Expect:');
 			}
 		}
 	}
-	if($headers)
+
+	if ($headers) {
 		curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
+	}
 
-	$check_cert = get_config('system','verifyssl');
+	$check_cert = get_config('system', 'verifyssl');
 	curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, (($check_cert) ? true : false));
-	curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, (($check_cert) ? 2 : false));
-	$prx = get_config('system','proxy');
-	if(strlen($prx)) {
+
+	if ($check_cert) {
+		@curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
+	}
+
+	$proxy = get_config('system', 'proxy');
+
+	if (strlen($proxy)) {
 		curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1);
-		curl_setopt($ch, CURLOPT_PROXY, $prx);
-		$prxusr = get_config('system','proxyuser');
-		if(strlen($prxusr))
-			curl_setopt($ch, CURLOPT_PROXYUSERPWD, $prxusr);
+		curl_setopt($ch, CURLOPT_PROXY, $proxy);
+		$proxyuser = get_config('system', 'proxyuser');
+		if (strlen($proxyuser)) {
+			curl_setopt($ch, CURLOPT_PROXYUSERPWD, $proxyuser);
+		}
 	}
 
 	$a->set_curl_code(0);
@@ -281,44 +322,48 @@ function post_url($url,$params, $headers = null, &$redirects = 0, $timeout = 0)
 	$curl_info = curl_getinfo($ch);
 	$http_code = $curl_info['http_code'];
 
-	logger("post_url: result ".$http_code." - ".$url, LOGGER_DATA);
+	logger('post_url: result ' . $http_code . ' - ' . $url, LOGGER_DATA);
 
 	$header = '';
 
 	// Pull out multiple headers, e.g. proxy and continuation headers
 	// allow for HTTP/2.x without fixing code
 
-	while(preg_match('/^HTTP\/[1-2].+? [1-5][0-9][0-9]/',$base)) {
-		$chunk = substr($base,0,strpos($base,"\r\n\r\n")+4);
+	while (preg_match('/^HTTP\/[1-2].+? [1-5][0-9][0-9]/', $base)) {
+		$chunk = substr($base, 0, strpos($base, "\r\n\r\n") + 4);
 		$header .= $chunk;
-		$base = substr($base,strlen($chunk));
+		$base = substr($base, strlen($chunk));
 	}
 
-	if($http_code == 301 || $http_code == 302 || $http_code == 303 || $http_code == 307) {
+	if ($http_code == 301 || $http_code == 302 || $http_code == 303 || $http_code == 307) {
 		$matches = array();
 		preg_match('/(Location:|URI:)(.*?)\n/', $header, $matches);
 		$newurl = trim(array_pop($matches));
-		if(strpos($newurl,'/') === 0)
-			$newurl = $old_location_info["scheme"] . "://" . $old_location_info["host"] . $newurl;
+
+		if (strpos($newurl, '/') === 0) {
+			$newurl = $old_location_info['scheme'] . '://' . $old_location_info['host'] . $newurl;
+		}
+
 		if (filter_var($newurl, FILTER_VALIDATE_URL)) {
 			$redirects++;
-			logger("post_url: redirect ".$url." to ".$newurl);
-			return post_url($newurl,$params, $headers, $redirects, $timeout);
-			//return fetch_url($newurl,false,$redirects,$timeout);
+			logger('post_url: redirect ' . $url . ' to ' . $newurl);
+			return post_url($newurl, $params, $headers, $redirects, $timeout);
 		}
 	}
+
 	$a->set_curl_code($http_code);
-	$body = substr($s,strlen($header));
+
+	$body = substr($s, strlen($header));
 
 	$a->set_curl_headers($header);
 
 	curl_close($ch);
 
-	$a->save_timestamp($stamp1, "network");
+	$a->save_timestamp($stamp1, 'network');
 
-	logger("post_url: end ".$url, LOGGER_DATA);
+	logger('post_url: end ' . $url, LOGGER_DATA);
 
-	return($body);
+	return $body;
 }
 
 // Generic XML return
@@ -380,10 +425,10 @@ function http_status_exit($val, $description = array()) {
 
 /**
  * @brief Check URL to se if ts's real
- * 
+ *
  * Take a URL from the wild, prepend http:// if necessary
  * and check DNS to see if it's real (or check if is a valid IP address)
- * 
+ *
  * @param string $url The URL to be validated
  * @return boolean True if it's a valid URL, fals if something wrong with it
  */
@@ -410,7 +455,7 @@ function validate_url(&$url) {
 
 /**
  * @brief Checks that email is an actual resolvable internet address
- * 
+ *
  * @param string $addr The email address
  * @return boolean True if it's a valid email address, false if it's not
  */
@@ -431,10 +476,10 @@ function validate_email($addr) {
 
 /**
  * @brief Check if URL is allowed
- * 
+ *
  * Check $url against our list of allowed sites,
  * wildcards allowed. If allowed_sites is unset return true;
- * 
+ *
  * @param string $url URL which get tested
  * @return boolean True if url is allowed otherwise return false
  */
@@ -442,13 +487,14 @@ function allowed_url($url) {
 
 	$h = @parse_url($url);
 
-	if(! $h) {
+	if (! $h) {
 		return false;
 	}
 
-	$str_allowed = get_config('system','allowed_sites');
-	if(! $str_allowed)
+	$str_allowed = Config::get('system', 'allowed_sites');
+	if (! $str_allowed) {
 		return true;
+	}
 
 	$found = false;
 
@@ -456,16 +502,17 @@ function allowed_url($url) {
 
 	// always allow our own site
 
-	if($host == strtolower($_SERVER['SERVER_NAME']))
+	if ($host == strtolower($_SERVER['SERVER_NAME'])) {
 		return true;
+	}
 
 	$fnmatch = function_exists('fnmatch');
-	$allowed = explode(',',$str_allowed);
+	$allowed = explode(',', $str_allowed);
 
-	if(count($allowed)) {
-		foreach($allowed as $a) {
+	if (count($allowed)) {
+		foreach ($allowed as $a) {
 			$pat = strtolower(trim($a));
-			if(($fnmatch && fnmatch($pat,$host)) || ($pat == $host)) {
+			if (($fnmatch && fnmatch($pat, $host)) || ($pat == $host)) {
 				$found = true;
 				break;
 			}
@@ -474,11 +521,41 @@ function allowed_url($url) {
 	return $found;
 }
 
+/**
+ * Checks if the provided url domain is on the domain blocklist.
+ * Returns true if it is or malformed URL, false if not.
+ *
+ * @param string $url The url to check the domain from
+ * @return boolean
+ */
+function blocked_url($url) {
+	$h = @parse_url($url);
+
+	if (! $h) {
+		return true;
+	}
+
+	$domain_blocklist = Config::get('system', 'blocklist', array());
+	if (! $domain_blocklist) {
+		return false;
+	}
+
+	$host = strtolower($h['host']);
+
+	foreach ($domain_blocklist as $domain_block) {
+		if (strtolower($domain_block['domain']) == $host) {
+			return true;
+		}
+	}
+
+	return false;
+}
+
 /**
  * @brief Check if email address is allowed to register here.
- * 
+ *
  * Compare against our list (wildcards allowed).
- * 
+ *
  * @param type $email
  * @return boolean False if not allowed, true if allowed
  *    or if allowed list is not configured
@@ -541,10 +618,11 @@ function parse_xml_string($s,$strict = true) {
 	libxml_use_internal_errors(true);
 
 	$x = @simplexml_load_string($s2);
-	if(! $x) {
+	if (! $x) {
 		logger('libxml: parse: error: ' . $s2, LOGGER_DATA);
-		foreach(libxml_get_errors() as $err)
+		foreach (libxml_get_errors() as $err) {
 			logger('libxml: parse: ' . $err->code." at ".$err->line.":".$err->column." : ".$err->message, LOGGER_DATA);
+		}
 		libxml_clear_errors();
 	}
 	return $x;
@@ -553,8 +631,9 @@ function parse_xml_string($s,$strict = true) {
 function scale_external_images($srctext, $include_link = true, $scale_replace = false) {
 
 	// Suppress "view full size"
-	if (intval(get_config('system','no_view_full_size')))
+	if (intval(get_config('system','no_view_full_size'))) {
 		$include_link = false;
+	}
 
 	$a = get_app();
 
@@ -563,38 +642,41 @@ function scale_external_images($srctext, $include_link = true, $scale_replace =
 
 	$matches = null;
 	$c = preg_match_all('/\[img.*?\](.*?)\[\/img\]/ism',$s,$matches,PREG_SET_ORDER);
-	if($c) {
+	if ($c) {
 		require_once('include/Photo.php');
-		foreach($matches as $mtch) {
+		foreach ($matches as $mtch) {
 			logger('scale_external_image: ' . $mtch[1]);
 
 			$hostname = str_replace('www.','',substr(App::get_baseurl(),strpos(App::get_baseurl(),'://')+3));
-			if(stristr($mtch[1],$hostname))
+			if (stristr($mtch[1],$hostname)) {
 				continue;
+			}
 
 			// $scale_replace, if passed, is an array of two elements. The
 			// first is the name of the full-size image. The second is the
 			// name of a remote, scaled-down version of the full size image.
 			// This allows Friendica to display the smaller remote image if
 			// one exists, while still linking to the full-size image
-			if($scale_replace)
+			if ($scale_replace) {
 				$scaled = str_replace($scale_replace[0], $scale_replace[1], $mtch[1]);
-			else
+			} else {
 				$scaled = $mtch[1];
-			$i = @fetch_url($scaled);
-			if(! $i)
+			}
+			$i = fetch_url($scaled);
+			if (! $i) {
 				return $srctext;
+			}
 
 			// guess mimetype from headers or filename
 			$type = guess_image_type($mtch[1],true);
 
-			if($i) {
+			if ($i) {
 				$ph = new Photo($i, $type);
-				if($ph->is_valid()) {
+				if ($ph->is_valid()) {
 					$orig_width = $ph->getWidth();
 					$orig_height = $ph->getHeight();
 
-					if($orig_width > 640 || $orig_height > 640) {
+					if ($orig_width > 640 || $orig_height > 640) {
 
 						$ph->scaleImage(640);
 						$new_width = $ph->getWidth();
@@ -620,7 +702,7 @@ function scale_external_images($srctext, $include_link = true, $scale_replace =
 function fix_contact_ssl_policy(&$contact,$new_policy) {
 
 	$ssl_changed = false;
-	if((intval($new_policy) == SSL_POLICY_SELFSIGN || $new_policy === 'self') && strstr($contact['url'],'https:')) {
+	if ((intval($new_policy) == SSL_POLICY_SELFSIGN || $new_policy === 'self') && strstr($contact['url'],'https:')) {
 		$ssl_changed = true;
 		$contact['url']     = 	str_replace('https:','http:',$contact['url']);
 		$contact['request'] = 	str_replace('https:','http:',$contact['request']);
@@ -630,7 +712,7 @@ function fix_contact_ssl_policy(&$contact,$new_policy) {
 		$contact['poco']    = 	str_replace('https:','http:',$contact['poco']);
 	}
 
-	if((intval($new_policy) == SSL_POLICY_FULL || $new_policy === 'full') && strstr($contact['url'],'http:')) {
+	if ((intval($new_policy) == SSL_POLICY_FULL || $new_policy === 'full') && strstr($contact['url'],'http:')) {
 		$ssl_changed = true;
 		$contact['url']     = 	str_replace('http:','https:',$contact['url']);
 		$contact['request'] = 	str_replace('http:','https:',$contact['request']);
@@ -640,15 +722,15 @@ function fix_contact_ssl_policy(&$contact,$new_policy) {
 		$contact['poco']    = 	str_replace('http:','https:',$contact['poco']);
 	}
 
-	if($ssl_changed) {
-		q("update contact set
-			url = '%s',
-			request = '%s',
-			notify = '%s',
-			poll = '%s',
-			confirm = '%s',
-			poco = '%s'
-			where id = %d limit 1",
+	if ($ssl_changed) {
+		q("UPDATE `contact` SET
+			`url` = '%s',
+			`request` = '%s',
+			`notify` = '%s',
+			`poll` = '%s',
+			`confirm` = '%s',
+			`poco` = '%s'
+			WHERE `id` = %d LIMIT 1",
 			dbesc($contact['url']),
 			dbesc($contact['request']),
 			dbesc($contact['notify']),
@@ -660,42 +742,71 @@ function fix_contact_ssl_policy(&$contact,$new_policy) {
 	}
 }
 
-function original_url($url, $depth=1, $fetchbody = false) {
-
-	$a = get_app();
-
-	// Remove Analytics Data from Google and other tracking platforms
+/**
+ * @brief Remove Google Analytics and other tracking platforms params from URL
+ *
+ * @param string $url Any user-submitted URL that may contain tracking params
+ * @return string The same URL stripped of tracking parameters
+ */
+function strip_tracking_query_params($url)
+{
 	$urldata = parse_url($url);
 	if (is_string($urldata["query"])) {
 		$query = $urldata["query"];
 		parse_str($query, $querydata);
 
-		if (is_array($querydata))
-			foreach ($querydata AS $param=>$value)
+		if (is_array($querydata)) {
+			foreach ($querydata AS $param => $value) {
 				if (in_array($param, array("utm_source", "utm_medium", "utm_term", "utm_content", "utm_campaign",
 							"wt_mc", "pk_campaign", "pk_kwd", "mc_cid", "mc_eid",
 							"fb_action_ids", "fb_action_types", "fb_ref",
 							"awesm", "wtrid",
 							"woo_campaign", "woo_source", "woo_medium", "woo_content", "woo_term"))) {
 
-					$pair = $param."=".urlencode($value);
+					$pair = $param . "=" . urlencode($value);
 					$url = str_replace($pair, "", $url);
 
 					// Second try: if the url isn't encoded completely
-					$pair = $param."=".str_replace(" ", "+", $value);
+					$pair = $param . "=" . str_replace(" ", "+", $value);
 					$url = str_replace($pair, "", $url);
 
 					// Third try: Maybey the url isn't encoded at all
-					$pair = $param."=".$value;
+					$pair = $param . "=" . $value;
 					$url = str_replace($pair, "", $url);
 
 					$url = str_replace(array("?&", "&&"), array("?", ""), $url);
 				}
+			}
+		}
 
-		if (substr($url, -1, 1) == "?")
+		if (substr($url, -1, 1) == "?") {
 			$url = substr($url, 0, -1);
+		}
 	}
 
+	return $url;
+}
+
+/**
+ * @brief Returns the original URL of the provided URL
+ *
+ * This function strips tracking query params and follows redirections, either
+ * through HTTP code or meta refresh tags. Stops after 10 redirections.
+ *
+ * @todo Remove the $fetchbody parameter that generates an extraneous HEAD request
+ *
+ * @see ParseUrl::getSiteinfo
+ *
+ * @param string $url A user-submitted URL
+ * @param int $depth The current redirection recursion level (internal)
+ * @param bool $fetchbody Wether to fetch the body or not after the HEAD requests
+ * @return string A canonical URL
+ */
+function original_url($url, $depth = 1, $fetchbody = false) {
+	$a = get_app();
+
+	$url = strip_tracking_query_params($url);
+
 	if ($depth > 10)
 		return($url);
 
@@ -811,7 +922,7 @@ function short_link($url) {
 
 /**
  * @brief Encodes content to json
- * 
+ *
  * This function encodes an array to json format
  * and adds an application/json HTTP header to the output.
  * After finishing the process is getting killed.