X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=include%2Fnetwork.php;h=e9cfe86035c5836461f417073a3ae4353c84b318;hb=f3c8af485f67eda7cefb602793b94aebc17ffeb1;hp=a362f0307c37f765e20aeb574758306a14c2f944;hpb=c7e1a8e871363d4e60178e30e819c3169ed406c5;p=friendica.git diff --git a/include/network.php b/include/network.php index a362f0307c..e9cfe86035 100644 --- a/include/network.php +++ b/include/network.php @@ -4,10 +4,11 @@ * @file include/network.php */ -use \Friendica\Core\Config; - -require_once("include/xml.php"); -require_once('include/Probe.php'); +use Friendica\App; +use Friendica\Core\System; +use Friendica\Core\Config; +use Friendica\Network\Probe; +use Friendica\Util\XML; /** * @brief Curl wrapper @@ -16,18 +17,18 @@ require_once('include/Probe.php'); * Set the cookiejar argument to a string (e.g. "/tmp/friendica-cookies.txt") * to preserve cookies from one request to the next. * - * @param string $url URL to fetch - * @param boolean $binary default false - * TRUE if asked to return binary results (file download) - * @param integer $redirects The recursion counter for internal use - default 0 - * @param integer $timeout Timeout in seconds, default system config value or 60 seconds - * @param string $accept_content supply Accept: header with 'accept_content' as the value - * @param string $cookiejar Path to cookie jar file + * @param string $url URL to fetch + * @param boolean $binary default false + * TRUE if asked to return binary results (file download) + * @param integer $redirects The recursion counter for internal use - default 0 + * @param integer $timeout Timeout in seconds, default system config value or 60 seconds + * @param string $accept_content supply Accept: header with 'accept_content' as the value + * @param string $cookiejar Path to cookie jar file * * @return string The fetched content */ -function fetch_url($url,$binary = false, &$redirects = 0, $timeout = 0, $accept_content=Null, $cookiejar = 0) { - +function fetch_url($url, $binary = false, &$redirects = 0, $timeout = 0, $accept_content = null, $cookiejar = 0) +{ $ret = z_fetch_url( $url, $binary, @@ -35,7 +36,8 @@ function fetch_url($url,$binary = false, &$redirects = 0, $timeout = 0, $accept_ array('timeout'=>$timeout, 'accept_content'=>$accept_content, 'cookiejar'=>$cookiejar - )); + ) + ); return($ret['body']); } @@ -43,17 +45,17 @@ function fetch_url($url,$binary = false, &$redirects = 0, $timeout = 0, $accept_ /** * @brief fetches an URL. * - * @param string $url URL to fetch - * @param boolean $binary default false - * TRUE if asked to return binary results (file download) - * @param int $redirects The recursion counter for internal use - default 0 - * @param array $opts (optional parameters) assoziative array with: - * 'accept_content' => supply Accept: header with 'accept_content' as the value - * 'timeout' => int Timeout in seconds, default system config value or 60 seconds - * 'http_auth' => username:password - * 'novalidate' => do not validate SSL certs, default is to validate using our CA list - * 'nobody' => only return the header - * 'cookiejar' => path to cookie jar file + * @param string $url URL to fetch + * @param boolean $binary default false + * TRUE if asked to return binary results (file download) + * @param int $redirects The recursion counter for internal use - default 0 + * @param array $opts (optional parameters) assoziative array with: + * 'accept_content' => supply Accept: header with 'accept_content' as the value + * 'timeout' => int Timeout in seconds, default system config value or 60 seconds + * 'http_auth' => username:password + * 'novalidate' => do not validate SSL certs, default is to validate using our CA list + * 'nobody' => only return the header + * 'cookiejar' => path to cookie jar file * * @return array an assoziative array with: * int 'return_code' => HTTP return code or 0 if timeout or failure @@ -62,77 +64,102 @@ function fetch_url($url,$binary = false, &$redirects = 0, $timeout = 0, $accept_ * string 'header' => HTTP headers * string 'body' => fetched content */ -function z_fetch_url($url,$binary = false, &$redirects = 0, $opts=array()) { - - $ret = array('return_code' => 0, 'success' => false, 'header' => "", 'body' => ""); - +function z_fetch_url($url, $binary = false, &$redirects = 0, $opts = array()) +{ + $ret = array('return_code' => 0, 'success' => false, 'header' => '', 'info' => '', 'body' => ''); $stamp1 = microtime(true); $a = get_app(); + if (blocked_url($url)) { + logger('z_fetch_url: domain of ' . $url . ' is blocked', LOGGER_DATA); + return $ret; + } + $ch = @curl_init($url); - if(($redirects > 8) || (! $ch)) { + + if (($redirects > 8) || (!$ch)) { return $ret; } @curl_setopt($ch, CURLOPT_HEADER, true); - if(x($opts,"cookiejar")) { + if (x($opts, "cookiejar")) { curl_setopt($ch, CURLOPT_COOKIEJAR, $opts["cookiejar"]); curl_setopt($ch, CURLOPT_COOKIEFILE, $opts["cookiejar"]); } -// These settings aren't needed. We're following the location already. -// @curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); -// @curl_setopt($ch, CURLOPT_MAXREDIRS, 5); + // These settings aren't needed. We're following the location already. + // @curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); + // @curl_setopt($ch, CURLOPT_MAXREDIRS, 5); - if (x($opts,'accept_content')){ - curl_setopt($ch,CURLOPT_HTTPHEADER, array ( - "Accept: " . $opts['accept_content'] - )); + if (x($opts, 'accept_content')) { + curl_setopt( + $ch, + CURLOPT_HTTPHEADER, + array('Accept: ' . $opts['accept_content']) + ); } - @curl_setopt($ch, CURLOPT_RETURNTRANSFER,true); + @curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); @curl_setopt($ch, CURLOPT_USERAGENT, $a->get_useragent()); $range = intval(Config::get('system', 'curl_range_bytes', 0)); + if ($range > 0) { - @curl_setopt($ch, CURLOPT_RANGE, '0-'.$range); + @curl_setopt($ch, CURLOPT_RANGE, '0-' . $range); } - if(x($opts,'headers')){ + // Without this setting it seems as if some webservers send compressed content + // This seems to confuse curl so that it shows this uncompressed. + /// @todo We could possibly set this value to "gzip" or something similar + curl_setopt($ch, CURLOPT_ENCODING, ''); + + if (x($opts, 'headers')) { @curl_setopt($ch, CURLOPT_HTTPHEADER, $opts['headers']); } - if(x($opts,'nobody')){ + + if (x($opts, 'nobody')) { @curl_setopt($ch, CURLOPT_NOBODY, $opts['nobody']); } - if(x($opts,'timeout')){ + + if (x($opts, 'timeout')) { @curl_setopt($ch, CURLOPT_TIMEOUT, $opts['timeout']); } else { - $curl_time = intval(get_config('system','curl_timeout')); + $curl_time = intval(Config::get('system', 'curl_timeout')); @curl_setopt($ch, CURLOPT_TIMEOUT, (($curl_time !== false) ? $curl_time : 60)); } // by default we will allow self-signed certs // but you can override this - $check_cert = get_config('system','verifyssl'); + $check_cert = Config::get('system', 'verifyssl'); @curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, (($check_cert) ? true : false)); + if ($check_cert) { @curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); } - $prx = get_config('system','proxy'); - if(strlen($prx)) { + $proxy = Config::get('system', 'proxy'); + + if (strlen($proxy)) { @curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1); - @curl_setopt($ch, CURLOPT_PROXY, $prx); - $prxusr = @get_config('system','proxyuser'); - if(strlen($prxusr)) - @curl_setopt($ch, CURLOPT_PROXYUSERPWD, $prxusr); + @curl_setopt($ch, CURLOPT_PROXY, $proxy); + $proxyuser = @Config::get('system', 'proxyuser'); + + if (strlen($proxyuser)) { + @curl_setopt($ch, CURLOPT_PROXYUSERPWD, $proxyuser); + } + } + + if (Config::get('system', 'ipv4_resolve', false)) { + curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4); + } + + if ($binary) { + @curl_setopt($ch, CURLOPT_BINARYTRANSFER, 1); } - if($binary) - @curl_setopt($ch, CURLOPT_BINARYTRANSFER,1); $a->set_curl_code(0); @@ -140,146 +167,176 @@ function z_fetch_url($url,$binary = false, &$redirects = 0, $opts=array()) { // if it throws any errors. $s = @curl_exec($ch); + $curl_info = @curl_getinfo($ch); + + // Special treatment for HTTP Code 416 + // See https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/416 + if (($curl_info['http_code'] == 416) && ($range > 0)) { + @curl_setopt($ch, CURLOPT_RANGE, ''); + $s = @curl_exec($ch); + $curl_info = @curl_getinfo($ch); + } + if (curl_errno($ch) !== CURLE_OK) { - logger('fetch_url error fetching '.$url.': '.curl_error($ch), LOGGER_NORMAL); + logger('fetch_url error fetching ' . $url . ': ' . curl_error($ch), LOGGER_NORMAL); } $ret['errno'] = curl_errno($ch); $base = $s; - $curl_info = @curl_getinfo($ch); + $ret['info'] = $curl_info; $http_code = $curl_info['http_code']; - logger('fetch_url '.$url.': '.$http_code." ".$s, LOGGER_DATA); + + logger('fetch_url ' . $url . ': ' . $http_code . " " . $s, LOGGER_DATA); $header = ''; // Pull out multiple headers, e.g. proxy and continuation headers // allow for HTTP/2.x without fixing code - while(preg_match('/^HTTP\/[1-2].+? [1-5][0-9][0-9]/',$base)) { - $chunk = substr($base,0,strpos($base,"\r\n\r\n")+4); + while (preg_match('/^HTTP\/[1-2].+? [1-5][0-9][0-9]/', $base)) { + $chunk = substr($base, 0, strpos($base, "\r\n\r\n") + 4); $header .= $chunk; - $base = substr($base,strlen($chunk)); + $base = substr($base, strlen($chunk)); } $a->set_curl_code($http_code); $a->set_curl_content_type($curl_info['content_type']); $a->set_curl_headers($header); - if($http_code == 301 || $http_code == 302 || $http_code == 303 || $http_code == 307) { - $new_location_info = @parse_url($curl_info["redirect_url"]); - $old_location_info = @parse_url($curl_info["url"]); + if ($http_code == 301 || $http_code == 302 || $http_code == 303 || $http_code == 307) { + $new_location_info = @parse_url($curl_info['redirect_url']); + $old_location_info = @parse_url($curl_info['url']); - $newurl = $curl_info["redirect_url"]; + $newurl = $curl_info['redirect_url']; - if (($new_location_info["path"] == "") AND ($new_location_info["host"] != "")) - $newurl = $new_location_info["scheme"]."://".$new_location_info["host"].$old_location_info["path"]; + if (($new_location_info['path'] == '') && ( $new_location_info['host'] != '')) { + $newurl = $new_location_info['scheme'] . '://' . $new_location_info['host'] . $old_location_info['path']; + } $matches = array(); + if (preg_match('/(Location:|URI:)(.*?)\n/i', $header, $matches)) { $newurl = trim(array_pop($matches)); } - if(strpos($newurl,'/') === 0) + if (strpos($newurl, '/') === 0) { $newurl = $old_location_info["scheme"]."://".$old_location_info["host"].$newurl; + } + if (filter_var($newurl, FILTER_VALIDATE_URL)) { $redirects++; @curl_close($ch); - return z_fetch_url($newurl,$binary, $redirects, $opts); + return z_fetch_url($newurl, $binary, $redirects, $opts); } } - $a->set_curl_code($http_code); $a->set_curl_content_type($curl_info['content_type']); - $body = substr($s,strlen($header)); - - + $body = substr($s, strlen($header)); $rc = intval($http_code); $ret['return_code'] = $rc; $ret['success'] = (($rc >= 200 && $rc <= 299) ? true : false); $ret['redirect_url'] = $url; - if(! $ret['success']) { + + if (!$ret['success']) { $ret['error'] = curl_error($ch); $ret['debug'] = $curl_info; - logger('z_fetch_url: error: ' . $url . ': ' . $ret['error'], LOGGER_DEBUG); - logger('z_fetch_url: debug: ' . print_r($curl_info,true), LOGGER_DATA); + logger('z_fetch_url: error: '.$url.': '.$ret['return_code'].' - '.$ret['error'], LOGGER_DEBUG); + logger('z_fetch_url: debug: '.print_r($curl_info, true), LOGGER_DATA); } - $ret['body'] = substr($s,strlen($header)); + + $ret['body'] = substr($s, strlen($header)); $ret['header'] = $header; - if(x($opts,'debug')) { + + if (x($opts, 'debug')) { $ret['debug'] = $curl_info; } + @curl_close($ch); - $a->save_timestamp($stamp1, "network"); + $a->save_timestamp($stamp1, 'network'); return($ret); - } -// post request to $url. $params is an array of post variables. - /** - * @brief Post request to $url + * @brief Send POST request to $url * - * @param string $url URL to post - * @param mixed $params - * @param string $headers HTTP headers + * @param string $url URL to post + * @param mixed $params array of POST variables + * @param string $headers HTTP headers * @param integer $redirects Recursion counter for internal use - default = 0 - * @param integer $timeout The timeout in seconds, default system config value or 60 seconds + * @param integer $timeout The timeout in seconds, default system config value or 60 seconds * * @return string The content */ -function post_url($url,$params, $headers = null, &$redirects = 0, $timeout = 0) { +function post_url($url, $params, $headers = null, &$redirects = 0, $timeout = 0) +{ $stamp1 = microtime(true); + if (blocked_url($url)) { + logger('post_url: domain of ' . $url . ' is blocked', LOGGER_DATA); + return false; + } + $a = get_app(); $ch = curl_init($url); - if(($redirects > 8) || (! $ch)) + + if (($redirects > 8) || (!$ch)) { return false; + } - logger("post_url: start ".$url, LOGGER_DATA); + logger('post_url: start ' . $url, LOGGER_DATA); curl_setopt($ch, CURLOPT_HEADER, true); - curl_setopt($ch, CURLOPT_RETURNTRANSFER,true); - curl_setopt($ch, CURLOPT_POST,1); - curl_setopt($ch, CURLOPT_POSTFIELDS,$params); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); + curl_setopt($ch, CURLOPT_POST, 1); + curl_setopt($ch, CURLOPT_POSTFIELDS, $params); curl_setopt($ch, CURLOPT_USERAGENT, $a->get_useragent()); - if(intval($timeout)) { - curl_setopt($ch, CURLOPT_TIMEOUT, $timeout); + if (Config::get('system', 'ipv4_resolve', false)) { + curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4); } - else { - $curl_time = intval(get_config('system','curl_timeout')); + + if (intval($timeout)) { + curl_setopt($ch, CURLOPT_TIMEOUT, $timeout); + } else { + $curl_time = intval(Config::get('system', 'curl_timeout')); curl_setopt($ch, CURLOPT_TIMEOUT, (($curl_time !== false) ? $curl_time : 60)); } - if(defined('LIGHTTPD')) { - if(!is_array($headers)) { + if (defined('LIGHTTPD')) { + if (!is_array($headers)) { $headers = array('Expect:'); } else { - if(!in_array('Expect:', $headers)) { + if (!in_array('Expect:', $headers)) { array_push($headers, 'Expect:'); } } } - if($headers) + + if ($headers) { curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); + } - $check_cert = get_config('system','verifyssl'); + $check_cert = Config::get('system', 'verifyssl'); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, (($check_cert) ? true : false)); + if ($check_cert) { @curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); } - $prx = get_config('system','proxy'); - if(strlen($prx)) { + + $proxy = Config::get('system', 'proxy'); + + if (strlen($proxy)) { curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1); - curl_setopt($ch, CURLOPT_PROXY, $prx); - $prxusr = get_config('system','proxyuser'); - if(strlen($prxusr)) - curl_setopt($ch, CURLOPT_PROXYUSERPWD, $prxusr); + curl_setopt($ch, CURLOPT_PROXY, $proxy); + $proxyuser = Config::get('system', 'proxyuser'); + if (strlen($proxyuser)) { + curl_setopt($ch, CURLOPT_PROXYUSERPWD, $proxyuser); + } } $a->set_curl_code(0); @@ -293,60 +350,72 @@ function post_url($url,$params, $headers = null, &$redirects = 0, $timeout = 0) $curl_info = curl_getinfo($ch); $http_code = $curl_info['http_code']; - logger("post_url: result ".$http_code." - ".$url, LOGGER_DATA); + logger('post_url: result ' . $http_code . ' - ' . $url, LOGGER_DATA); $header = ''; // Pull out multiple headers, e.g. proxy and continuation headers // allow for HTTP/2.x without fixing code - while(preg_match('/^HTTP\/[1-2].+? [1-5][0-9][0-9]/',$base)) { - $chunk = substr($base,0,strpos($base,"\r\n\r\n")+4); + while (preg_match('/^HTTP\/[1-2].+? [1-5][0-9][0-9]/', $base)) { + $chunk = substr($base, 0, strpos($base, "\r\n\r\n") + 4); $header .= $chunk; - $base = substr($base,strlen($chunk)); + $base = substr($base, strlen($chunk)); } - if($http_code == 301 || $http_code == 302 || $http_code == 303 || $http_code == 307) { + if ($http_code == 301 || $http_code == 302 || $http_code == 303 || $http_code == 307) { $matches = array(); preg_match('/(Location:|URI:)(.*?)\n/', $header, $matches); $newurl = trim(array_pop($matches)); - if(strpos($newurl,'/') === 0) + + if (strpos($newurl, '/') === 0) { $newurl = $old_location_info["scheme"] . "://" . $old_location_info["host"] . $newurl; + } + if (filter_var($newurl, FILTER_VALIDATE_URL)) { $redirects++; - logger("post_url: redirect ".$url." to ".$newurl); - return post_url($newurl,$params, $headers, $redirects, $timeout); - //return fetch_url($newurl,false,$redirects,$timeout); + logger('post_url: redirect ' . $url . ' to ' . $newurl); + return post_url($newurl, $params, $headers, $redirects, $timeout); } } + $a->set_curl_code($http_code); - $body = substr($s,strlen($header)); + + $body = substr($s, strlen($header)); $a->set_curl_headers($header); curl_close($ch); - $a->save_timestamp($stamp1, "network"); + $a->save_timestamp($stamp1, 'network'); - logger("post_url: end ".$url, LOGGER_DATA); + logger('post_url: end ' . $url, LOGGER_DATA); - return($body); + return $body; } // Generic XML return // Outputs a basic dfrn XML status structure to STDOUT, with a variable // of $st and an optional text of $message and terminates the current process. -function xml_status($st, $message = '') { +function xml_status($st, $message = '') +{ + $result = array('status' => $st); - $xml_message = ((strlen($message)) ? "\t" . xmlify($message) . "\r\n" : ''); + if ($message != '') { + $result['message'] = $message; + } - if($st) + if ($st) { logger('xml_status returning non_zero: ' . $st . " message=" . $message); + } + + header("Content-type: text/xml"); + + $xmldata = array("result" => $result); + + echo XML::from_array($xmldata, $xml); - header( "Content-type: text/xml" ); - echo ''."\r\n"; - echo "\r\n\t$st\r\n$xml_message\r\n"; killme(); } @@ -362,19 +431,21 @@ function xml_status($st, $message = '') { /** * @brief Send HTTP status header and exit. * - * @param integer $val HTTP status result value - * @param array $description optional message - * 'title' => header title - * 'description' => optional message + * @param integer $val HTTP status result value + * @param array $description optional message + * 'title' => header title + * 'description' => optional message */ -function http_status_exit($val, $description = array()) { +function http_status_exit($val, $description = array()) +{ $err = ''; - if($val >= 400) { + if ($val >= 400) { $err = 'Error'; - if (!isset($description["title"])) + if (!isset($description["title"])) { $description["title"] = $err." ".$val; + } } - if($val >= 200 && $val < 300) + if ($val >= 200 && $val < 300) $err = 'OK'; logger('http_status_exit ' . $val); @@ -382,12 +453,15 @@ function http_status_exit($val, $description = array()) { if (isset($description["title"])) { $tpl = get_markup_template('http_status.tpl'); - echo replace_macros($tpl, array('$title' => $description["title"], - '$description' => $description["description"])); + echo replace_macros( + $tpl, + array( + '$title' => $description["title"], + '$description' => $description["description"]) + ); } killme(); - } /** @@ -399,21 +473,23 @@ function http_status_exit($val, $description = array()) { * @param string $url The URL to be validated * @return boolean True if it's a valid URL, fals if something wrong with it */ -function validate_url(&$url) { - if(get_config('system','disable_url_validation')) +function validate_url(&$url) +{ + if (Config::get('system', 'disable_url_validation')) { return true; + } // no naked subdomains (allow localhost for tests) - if(strpos($url,'.') === false && strpos($url,'/localhost/') === false) + if (strpos($url, '.') === false && strpos($url, '/localhost/') === false) return false; - if(substr($url,0,4) != 'http') + if (substr($url, 0, 4) != 'http') $url = 'http://' . $url; /// @TODO Really supress function outcomes? Why not find them + debug them? $h = @parse_url($url); - if((is_array($h)) && (dns_get_record($h['host'], DNS_A + DNS_CNAME + DNS_PTR) || filter_var($h['host'], FILTER_VALIDATE_IP) )) { + if ((is_array($h)) && (dns_get_record($h['host'], DNS_A + DNS_CNAME + DNS_PTR) || filter_var($h['host'], FILTER_VALIDATE_IP) )) { return true; } @@ -426,16 +502,19 @@ function validate_url(&$url) { * @param string $addr The email address * @return boolean True if it's a valid email address, false if it's not */ -function validate_email($addr) { - - if(get_config('system','disable_email_validation')) +function validate_email($addr) +{ + if (Config::get('system', 'disable_email_validation')) { return true; + } - if(! strpos($addr,'@')) + if (! strpos($addr, '@')) { return false; - $h = substr($addr,strpos($addr,'@') + 1); + } + + $h = substr($addr, strpos($addr, '@') + 1); - if(($h) && (dns_get_record($h, DNS_A + DNS_CNAME + DNS_PTR + DNS_MX) || filter_var($h, FILTER_VALIDATE_IP) )) { + if (($h) && (dns_get_record($h, DNS_A + DNS_CNAME + DNS_PTR + DNS_MX) || filter_var($h, FILTER_VALIDATE_IP) )) { return true; } return false; @@ -450,15 +529,15 @@ function validate_email($addr) { * @param string $url URL which get tested * @return boolean True if url is allowed otherwise return false */ -function allowed_url($url) { - +function allowed_url($url) +{ $h = @parse_url($url); if (! $h) { return false; } - $str_allowed = get_config('system', 'allowed_sites'); + $str_allowed = Config::get('system', 'allowed_sites'); if (! $str_allowed) { return true; } @@ -468,7 +547,6 @@ function allowed_url($url) { $host = strtolower($h['host']); // always allow our own site - if ($host == strtolower($_SERVER['SERVER_NAME'])) { return true; } @@ -489,34 +567,35 @@ function allowed_url($url) { } /** - * Checks if the provided url domain isn't on the domain blacklist. - * Return true if the check passed (not on the blacklist), false if not - * or malformed URL + * Checks if the provided url domain is on the domain blocklist. + * Returns true if it is or malformed URL, false if not. * * @param string $url The url to check the domain from + * * @return boolean */ -function check_domain_blocklist($url) { +function blocked_url($url) +{ $h = @parse_url($url); if (! $h) { - return false; + return true; } - $domain_blocklist = get_config('system', 'blocklist', array()); + $domain_blocklist = Config::get('system', 'blocklist', array()); if (! $domain_blocklist) { - return true; + return false; } $host = strtolower($h['host']); foreach ($domain_blocklist as $domain_block) { if (strtolower($domain_block['domain']) == $host) { - return false; + return true; } } - return true; + return false; } /** @@ -524,30 +603,31 @@ function check_domain_blocklist($url) { * * Compare against our list (wildcards allowed). * - * @param type $email + * @param string $email email address * @return boolean False if not allowed, true if allowed * or if allowed list is not configured */ -function allowed_email($email) { - - - $domain = strtolower(substr($email,strpos($email,'@') + 1)); - if(! $domain) +function allowed_email($email) +{ + $domain = strtolower(substr($email, strpos($email, '@') + 1)); + if (! $domain) { return false; + } - $str_allowed = get_config('system','allowed_email'); - if(! $str_allowed) + $str_allowed = Config::get('system', 'allowed_email'); + if (! $str_allowed) { return true; + } $found = false; $fnmatch = function_exists('fnmatch'); - $allowed = explode(',',$str_allowed); + $allowed = explode(',', $str_allowed); - if(count($allowed)) { - foreach($allowed as $a) { + if (count($allowed)) { + foreach ($allowed as $a) { $pat = strtolower(trim($a)); - if(($fnmatch && fnmatch($pat,$domain)) || ($pat == $domain)) { + if (($fnmatch && fnmatch($pat, $domain)) || ($pat == $domain)) { $found = true; break; } @@ -556,8 +636,8 @@ function allowed_email($email) { return $found; } -function avatar_img($email) { - +function avatar_img($email) +{ $avatar['size'] = 175; $avatar['email'] = $email; $avatar['url'] = ''; @@ -566,7 +646,7 @@ function avatar_img($email) { call_hooks('avatar_lookup', $avatar); if (! $avatar['success']) { - $avatar['url'] = App::get_baseurl() . '/images/person-175.jpg'; + $avatar['url'] = System::baseUrl() . '/images/person-175.jpg'; } logger('Avatar: ' . $avatar['email'] . ' ' . $avatar['url'], LOGGER_DEBUG); @@ -574,20 +654,16 @@ function avatar_img($email) { } -function parse_xml_string($s,$strict = true) { +function parse_xml_string($s, $strict = true) +{ + // the "strict" parameter is deactivated + /// @todo Move this function to the xml class - if($strict) { - if(! strstr($s,'code." at ".$err->line.":".$err->column." : ".$err->message, LOGGER_DATA); } @@ -596,10 +672,10 @@ function parse_xml_string($s,$strict = true) { return $x; } -function scale_external_images($srctext, $include_link = true, $scale_replace = false) { - +function scale_external_images($srctext, $include_link = true, $scale_replace = false) +{ // Suppress "view full size" - if (intval(get_config('system','no_view_full_size'))) { + if (intval(Config::get('system', 'no_view_full_size'))) { $include_link = false; } @@ -609,14 +685,14 @@ function scale_external_images($srctext, $include_link = true, $scale_replace = $s = htmlspecialchars_decode($srctext); $matches = null; - $c = preg_match_all('/\[img.*?\](.*?)\[\/img\]/ism',$s,$matches,PREG_SET_ORDER); + $c = preg_match_all('/\[img.*?\](.*?)\[\/img\]/ism', $s, $matches, PREG_SET_ORDER); if ($c) { - require_once('include/Photo.php'); + require_once 'include/Photo.php'; foreach ($matches as $mtch) { logger('scale_external_image: ' . $mtch[1]); - $hostname = str_replace('www.','',substr(App::get_baseurl(),strpos(App::get_baseurl(),'://')+3)); - if (stristr($mtch[1],$hostname)) { + $hostname = str_replace('www.', '', substr(System::baseUrl(), strpos(System::baseUrl(), '://') + 3)); + if (stristr($mtch[1], $hostname)) { continue; } @@ -636,7 +712,7 @@ function scale_external_images($srctext, $include_link = true, $scale_replace = } // guess mimetype from headers or filename - $type = guess_image_type($mtch[1],true); + $type = guess_image_type($mtch[1], true); if ($i) { $ph = new Photo($i, $type); @@ -645,15 +721,18 @@ function scale_external_images($srctext, $include_link = true, $scale_replace = $orig_height = $ph->getHeight(); if ($orig_width > 640 || $orig_height > 640) { - $ph->scaleImage(640); $new_width = $ph->getWidth(); $new_height = $ph->getHeight(); logger('scale_external_images: ' . $orig_width . '->' . $new_width . 'w ' . $orig_height . '->' . $new_height . 'h' . ' match: ' . $mtch[0], LOGGER_DEBUG); - $s = str_replace($mtch[0],'[img=' . $new_width . 'x' . $new_height. ']' . $scaled . '[/img]' + $s = str_replace( + $mtch[0], + '[img=' . $new_width . 'x' . $new_height. ']' . $scaled . '[/img]' . "\n" . (($include_link) ? '[url=' . $mtch[1] . ']' . t('view full size') . '[/url]' . "\n" - : ''),$s); + : ''), + $s + ); logger('scale_external_images: new string: ' . $s, LOGGER_DEBUG); } } @@ -662,51 +741,39 @@ function scale_external_images($srctext, $include_link = true, $scale_replace = } // replace the special char encoding - $s = htmlspecialchars($s,ENT_NOQUOTES,'UTF-8'); + $s = htmlspecialchars($s, ENT_NOQUOTES, 'UTF-8'); return $s; } -function fix_contact_ssl_policy(&$contact,$new_policy) { - +function fix_contact_ssl_policy(&$contact, $new_policy) +{ $ssl_changed = false; - if ((intval($new_policy) == SSL_POLICY_SELFSIGN || $new_policy === 'self') && strstr($contact['url'],'https:')) { + if ((intval($new_policy) == SSL_POLICY_SELFSIGN || $new_policy === 'self') && strstr($contact['url'], 'https:')) { $ssl_changed = true; - $contact['url'] = str_replace('https:','http:',$contact['url']); - $contact['request'] = str_replace('https:','http:',$contact['request']); - $contact['notify'] = str_replace('https:','http:',$contact['notify']); - $contact['poll'] = str_replace('https:','http:',$contact['poll']); - $contact['confirm'] = str_replace('https:','http:',$contact['confirm']); - $contact['poco'] = str_replace('https:','http:',$contact['poco']); + $contact['url'] = str_replace('https:', 'http:', $contact['url']); + $contact['request'] = str_replace('https:', 'http:', $contact['request']); + $contact['notify'] = str_replace('https:', 'http:', $contact['notify']); + $contact['poll'] = str_replace('https:', 'http:', $contact['poll']); + $contact['confirm'] = str_replace('https:', 'http:', $contact['confirm']); + $contact['poco'] = str_replace('https:', 'http:', $contact['poco']); } - if ((intval($new_policy) == SSL_POLICY_FULL || $new_policy === 'full') && strstr($contact['url'],'http:')) { + if ((intval($new_policy) == SSL_POLICY_FULL || $new_policy === 'full') && strstr($contact['url'], 'http:')) { $ssl_changed = true; - $contact['url'] = str_replace('http:','https:',$contact['url']); - $contact['request'] = str_replace('http:','https:',$contact['request']); - $contact['notify'] = str_replace('http:','https:',$contact['notify']); - $contact['poll'] = str_replace('http:','https:',$contact['poll']); - $contact['confirm'] = str_replace('http:','https:',$contact['confirm']); - $contact['poco'] = str_replace('http:','https:',$contact['poco']); + $contact['url'] = str_replace('http:', 'https:', $contact['url']); + $contact['request'] = str_replace('http:', 'https:', $contact['request']); + $contact['notify'] = str_replace('http:', 'https:', $contact['notify']); + $contact['poll'] = str_replace('http:', 'https:', $contact['poll']); + $contact['confirm'] = str_replace('http:', 'https:', $contact['confirm']); + $contact['poco'] = str_replace('http:', 'https:', $contact['poco']); } if ($ssl_changed) { - q("UPDATE `contact` SET - `url` = '%s', - `request` = '%s', - `notify` = '%s', - `poll` = '%s', - `confirm` = '%s', - `poco` = '%s' - WHERE `id` = %d LIMIT 1", - dbesc($contact['url']), - dbesc($contact['request']), - dbesc($contact['notify']), - dbesc($contact['poll']), - dbesc($contact['confirm']), - dbesc($contact['poco']), - intval($contact['id']) - ); + $fields = array('url' => $contact['url'], 'request' => $contact['request'], + 'notify' => $contact['notify'], 'poll' => $contact['poll'], + 'confirm' => $contact['confirm'], 'poco' => $contact['poco']); + dba::update('contact', $fields, array('id' => $contact['id'])); } } @@ -724,13 +791,17 @@ function strip_tracking_query_params($url) parse_str($query, $querydata); if (is_array($querydata)) { - foreach ($querydata AS $param => $value) { - if (in_array($param, array("utm_source", "utm_medium", "utm_term", "utm_content", "utm_campaign", - "wt_mc", "pk_campaign", "pk_kwd", "mc_cid", "mc_eid", - "fb_action_ids", "fb_action_types", "fb_ref", - "awesm", "wtrid", - "woo_campaign", "woo_source", "woo_medium", "woo_content", "woo_term"))) { - + foreach ($querydata as $param => $value) { + if (in_array( + $param, + array( + "utm_source", "utm_medium", "utm_term", "utm_content", "utm_campaign", + "wt_mc", "pk_campaign", "pk_kwd", "mc_cid", "mc_eid", + "fb_action_ids", "fb_action_types", "fb_ref", + "awesm", "wtrid", + "woo_campaign", "woo_source", "woo_medium", "woo_content", "woo_term") + ) + ) { $pair = $param . "=" . urlencode($value); $url = str_replace($pair, "", $url); @@ -765,18 +836,20 @@ function strip_tracking_query_params($url) * * @see ParseUrl::getSiteinfo * - * @param string $url A user-submitted URL - * @param int $depth The current redirection recursion level (internal) - * @param bool $fetchbody Wether to fetch the body or not after the HEAD requests + * @param string $url A user-submitted URL + * @param int $depth The current redirection recursion level (internal) + * @param bool $fetchbody Wether to fetch the body or not after the HEAD requests * @return string A canonical URL */ -function original_url($url, $depth = 1, $fetchbody = false) { +function original_url($url, $depth = 1, $fetchbody = false) +{ $a = get_app(); $url = strip_tracking_query_params($url); - if ($depth > 10) + if ($depth > 10) { return($url); + } $url = trim($url, "'"); @@ -801,25 +874,30 @@ function original_url($url, $depth = 1, $fetchbody = false) { if ($http_code == 0) return($url); - if ((($curl_info['http_code'] == "301") OR ($curl_info['http_code'] == "302")) - AND (($curl_info['redirect_url'] != "") OR ($curl_info['location'] != ""))) { - if ($curl_info['redirect_url'] != "") + if ((($curl_info['http_code'] == "301") || ($curl_info['http_code'] == "302")) + && (($curl_info['redirect_url'] != "") || ($curl_info['location'] != "")) + ) { + if ($curl_info['redirect_url'] != "") { return(original_url($curl_info['redirect_url'], ++$depth, $fetchbody)); - else + } else { return(original_url($curl_info['location'], ++$depth, $fetchbody)); + } } // Check for redirects in the meta elements of the body if there are no redirects in the header. - if (!$fetchbody) + if (!$fetchbody) { return(original_url($url, ++$depth, true)); + } // if the file is too large then exit - if ($curl_info["download_content_length"] > 1000000) + if ($curl_info["download_content_length"] > 1000000) { return($url); + } // if it isn't a HTML file then exit - if (($curl_info["content_type"] != "") AND !strstr(strtolower($curl_info["content_type"]),"html")) + if (($curl_info["content_type"] != "") && !strstr(strtolower($curl_info["content_type"]), "html")) { return($url); + } $stamp1 = microtime(true); @@ -836,8 +914,9 @@ function original_url($url, $depth = 1, $fetchbody = false) { $a->save_timestamp($stamp1, "network"); - if (trim($body) == "") + if (trim($body) == "") { return($url); + } // Check for redirect in meta elements $doc = new DOMDocument(); @@ -848,31 +927,36 @@ function original_url($url, $depth = 1, $fetchbody = false) { $list = $xpath->query("//meta[@content]"); foreach ($list as $node) { $attr = array(); - if ($node->attributes->length) - foreach ($node->attributes as $attribute) + if ($node->attributes->length) { + foreach ($node->attributes as $attribute) { $attr[$attribute->name] = $attribute->value; + } + } if (@$attr["http-equiv"] == 'refresh') { $path = $attr["content"]; $pathinfo = explode(";", $path); $content = ""; - foreach ($pathinfo AS $value) - if (substr(strtolower($value), 0, 4) == "url=") + foreach ($pathinfo as $value) { + if (substr(strtolower($value), 0, 4) == "url=") { return(original_url(substr($value, 4), ++$depth)); + } + } } } return($url); } -function short_link($url) { - require_once('library/slinky.php'); +function short_link($url) +{ + require_once 'library/slinky.php'; $slinky = new Slinky($url); - $yourls_url = get_config('yourls','url1'); + $yourls_url = Config::get('yourls', 'url1'); if ($yourls_url) { - $yourls_username = get_config('yourls','username1'); - $yourls_password = get_config('yourls', 'password1'); - $yourls_ssl = get_config('yourls', 'ssl1'); + $yourls_username = Config::get('yourls', 'username1'); + $yourls_password = Config::get('yourls', 'password1'); + $yourls_ssl = Config::get('yourls', 'ssl1'); $yourls = new Slinky_YourLS(); $yourls->set('username', $yourls_username); $yourls->set('password', $yourls_password); @@ -897,7 +981,8 @@ function short_link($url) { * * @param array $x The input content */ -function json_return_and_die($x) { +function json_return_and_die($x) +{ header("content-type: application/json"); echo json_encode($x); killme(); @@ -910,10 +995,11 @@ function json_return_and_die($x) { * @param string $url2 * @return string The matching part */ -function matching_url($url1, $url2) { - - if (($url1 == "") OR ($url2 == "")) +function matching_url($url1, $url2) +{ + if (($url1 == "") || ($url2 == "")) { return ""; + } $url1 = normalise_link($url1); $url2 = normalise_link($url2); @@ -921,22 +1007,27 @@ function matching_url($url1, $url2) { $parts1 = parse_url($url1); $parts2 = parse_url($url2); - if (!isset($parts1["host"]) OR !isset($parts2["host"])) + if (!isset($parts1["host"]) || !isset($parts2["host"])) { return ""; + } - if ($parts1["scheme"] != $parts2["scheme"]) + if ($parts1["scheme"] != $parts2["scheme"]) { return ""; + } - if ($parts1["host"] != $parts2["host"]) + if ($parts1["host"] != $parts2["host"]) { return ""; + } - if ($parts1["port"] != $parts2["port"]) + if ($parts1["port"] != $parts2["port"]) { return ""; + } $match = $parts1["scheme"]."://".$parts1["host"]; - if ($parts1["port"]) + if ($parts1["port"]) { $match .= ":".$parts1["port"]; + } $pathparts1 = explode("/", $parts1["path"]); $pathparts2 = explode("/", $parts2["path"]); @@ -947,12 +1038,43 @@ function matching_url($url1, $url2) { $path1 = $pathparts1[$i]; $path2 = $pathparts2[$i]; - if ($path1 == $path2) + if ($path1 == $path2) { $path .= $path1."/"; - - } while (($path1 == $path2) AND ($i++ <= count($pathparts1))); + } + } while (($path1 == $path2) && ($i++ <= count($pathparts1))); $match .= $path; return normalise_link($match); } + +/** + * @brief Glue url parts together + * + * @param array $parsed URL parts + * + * @return string The glued URL + */ +function unParseUrl($parsed) +{ + $get = function ($key) use ($parsed) { + return isset($parsed[$key]) ? $parsed[$key] : null; + }; + + $pass = $get('pass'); + $user = $get('user'); + $userinfo = $pass !== null ? "$user:$pass" : $user; + $port = $get('port'); + $scheme = $get('scheme'); + $query = $get('query'); + $fragment = $get('fragment'); + $authority = ($userinfo !== null ? $userinfo."@" : '') . + $get('host') . + ($port ? ":$port" : ''); + + return (strlen($scheme) ? $scheme.":" : '') . + (strlen($authority) ? "//".$authority : '') . + $get('path') . + (strlen($query) ? "?".$query : '') . + (strlen($fragment) ? "#".$fragment : ''); +}