X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=lib%2Futil.php;h=395fadfbd7bcf35010ccaa993bbdee9de51e832f;hb=6b9a8b7b199991f4f26f3460fda85f8f59adbbd3;hp=4a87f9a2171e16d579b541a3a0bdb723d6aa7b27;hpb=c11bc8a9ba4a1c5c751052b46983bdc773112a5e;p=quix0rs-gnu-social.git diff --git a/lib/util.php b/lib/util.php index 4a87f9a217..395fadfbd7 100644 --- a/lib/util.php +++ b/lib/util.php @@ -210,14 +210,18 @@ function common_language() /** * Salted, hashed passwords are stored in the DB. */ -function common_munge_password($password, $id) +function common_munge_password($password, $id, Profile $profile=null) { - if (is_object($id) || is_object($password)) { - $e = new Exception(); - common_log(LOG_ERR, __METHOD__ . ' object in param to common_munge_password ' . - str_replace("\n", " ", $e->getTraceAsString())); + $hashed = null; + + if (Event::handle('StartHashPassword', array(&$hashed, $password, $profile))) { + Event::handle('EndHashPassword', array(&$hashed, $password, $profile)); + } + if (empty($hashed)) { + throw new PasswordHashException(); } - return md5($password . $id); + + return $hashed; } /** @@ -235,22 +239,20 @@ function common_check_user($nickname, $password) if (Event::handle('StartCheckPassword', array($nickname, $password, &$authenticatedUser))) { if (common_is_email($nickname)) { - $user = User::staticGet('email', common_canonical_email($nickname)); + $user = User::getKV('email', common_canonical_email($nickname)); } else { - $user = User::staticGet('nickname', common_canonical_nickname($nickname)); + $user = User::getKV('nickname', Nickname::normalize($nickname)); } - if (!empty($user)) { - if (!empty($password)) { // never allow login with blank password - if (0 == strcmp(common_munge_password($password, $user->id), - $user->password)) { - //internal checking passed - $authenticatedUser = $user; - } + if ($user instanceof User && !empty($password)) { + if (0 == strcmp(common_munge_password($password, $user->id), + $user->password)) { + //internal checking passed + $authenticatedUser = $user; } } - Event::handle('EndCheckPassword', array($nickname, $password, $authenticatedUser)); } + Event::handle('EndCheckPassword', array($nickname, $password, $authenticatedUser)); return $authenticatedUser; } @@ -315,8 +317,8 @@ function common_set_user($user) return true; } else if (is_string($user)) { $nickname = $user; - $user = User::staticGet('nickname', $nickname); - } else if (!($user instanceof User)) { + $user = User::getKV('nickname', $nickname); + } else if (!$user instanceof User) { return false; } @@ -370,7 +372,7 @@ function common_rememberme($user=null) $rm = new Remember_me(); - $rm->code = common_good_rand(16); + $rm->code = common_random_hexstr(16); $rm->user_id = $user->id; // Wrap the insert in some good ol' fashioned transaction code @@ -381,6 +383,7 @@ function common_rememberme($user=null) if (!$result) { common_log_db_error($rm, 'INSERT', __FILE__); + $rm->query('ROLLBACK'); return false; } @@ -413,7 +416,7 @@ function common_remembered_user() return null; } - $rm = Remember_me::staticGet('code', $code); + $rm = Remember_me::getKV('code', $code); if (!$rm) { common_log(LOG_WARNING, 'No such remember code: ' . $code); @@ -427,9 +430,9 @@ function common_remembered_user() return null; } - $user = User::staticGet('id', $rm->user_id); + $user = User::getKV('id', $rm->user_id); - if (!$user) { + if (!$user instanceof User) { common_log(LOG_WARNING, 'No such user for rememberme: ' . $rm->user_id); common_forgetme(); return null; @@ -484,8 +487,8 @@ function common_current_user() common_ensure_session(); $id = isset($_SESSION['userid']) ? $_SESSION['userid'] : false; if ($id) { - $user = User::staticGet($id); - if ($user) { + $user = User::getKV('id', $id); + if ($user instanceof User) { $_cur = $user; return $_cur; } @@ -573,6 +576,34 @@ function common_canonical_email($email) return $email; } +function common_purify($html) +{ + require_once INSTALLDIR.'/extlib/htmLawed/htmLawed.php'; + + $config = array('safe' => 1, // means that elements=* means elements=*-applet-embed-iframe-object-script or so + 'elements' => '*', + 'deny_attribute' => 'id,style,on*'); + + // Remove more elements than what the 'safe' filter gives (elements must be '*' before this) + // http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/htmLawed_README.htm#s3.6 + foreach (common_config('htmlfilter') as $tag=>$filter) { + if ($filter === true) { + $config['elements'] .= "-{$tag}"; + } + } + + $html = common_remove_unicode_formatting($html); + + return htmLawed($html, $config); +} + +function common_remove_unicode_formatting($text) +{ + // Strip Unicode text formatting/direction codes + // this is pretty dangerous for visualisation of text and can be used for mischief + return preg_replace('/[\\x{200b}-\\x{200f}\\x{202a}-\\x{202e}]/u', '', $text); +} + /** * Partial notice markup rendering step: build links to !group references. * @@ -580,14 +611,11 @@ function common_canonical_email($email) * @param Notice $notice in whose context we're working * @return string partially rendered HTML */ -function common_render_content($text, $notice) +function common_render_content($text, Notice $notice) { - $r = common_render_text($text); - $id = $notice->profile_id; - $r = common_linkify_mentions($r, $notice); - $r = preg_replace('/(^|[\s\.\,\:\;]+)!(' . Nickname::DISPLAY_FMT . ')/e', - "'\\1!'.common_group_link($id, '\\2')", $r); - return $r; + $text = common_render_text($text); + $text = common_linkify_mentions($text, $notice); + return $text; } /** @@ -600,7 +628,7 @@ function common_render_content($text, $notice) * @param Notice $notice in-progress or complete Notice object for context * @return string partially-rendered HTML */ -function common_linkify_mentions($text, $notice) +function common_linkify_mentions($text, Notice $notice) { $mentions = common_find_mentions($text, $notice); @@ -627,7 +655,7 @@ function common_linkify_mentions($text, $notice) return $text; } -function common_linkify_mention($mention) +function common_linkify_mention(array $mention) { $output = null; @@ -636,17 +664,13 @@ function common_linkify_mention($mention) $xs = new XMLStringer(false); $attrs = array('href' => $mention['url'], - 'class' => 'url'); + 'class' => 'h-card '.$mention['type']); if (!empty($mention['title'])) { $attrs['title'] = $mention['title']; } - $xs->elementStart('span', 'vcard'); - $xs->elementStart('a', $attrs); - $xs->element('span', 'fn nickname mention', $mention['text']); - $xs->elementEnd('a'); - $xs->elementEnd('span'); + $xs->element('a', $attrs, $mention['text']); $output = $xs->getString(); @@ -671,37 +695,40 @@ function common_linkify_mention($mention) * * @access private */ -function common_find_mentions($text, $notice) +function common_find_mentions($text, Notice $notice) { - $mentions = array(); + // The getProfile call throws NoProfileException on failure + $sender = $notice->getProfile(); - $sender = Profile::staticGet('id', $notice->profile_id); - - if (empty($sender)) { - return $mentions; - } + $mentions = array(); if (Event::handle('StartFindMentions', array($sender, $text, &$mentions))) { // Get the context of the original notice, if any - $originalAuthor = null; - $originalNotice = null; - $originalMentions = array(); + $origAuthor = null; + $origNotice = null; + $origMentions = array(); // Is it a reply? - if (!empty($notice) && !empty($notice->reply_to)) { - $originalNotice = Notice::staticGet('id', $notice->reply_to); - if (!empty($originalNotice)) { - $originalAuthor = Profile::staticGet('id', $originalNotice->profile_id); + if ($notice instanceof Notice) { + try { + $origNotice = $notice->getParent(); + $origAuthor = $origNotice->getProfile(); - $ids = $originalNotice->getReplies(); + $ids = $origNotice->getReplies(); foreach ($ids as $id) { - $repliedTo = Profile::staticGet('id', $id); - if (!empty($repliedTo)) { - $originalMentions[$repliedTo->nickname] = $repliedTo; + $repliedTo = Profile::getKV('id', $id); + if ($repliedTo instanceof Profile) { + $origMentions[$repliedTo->nickname] = $repliedTo; } } + } catch (NoProfileException $e) { + common_log(LOG_WARNING, sprintf('Notice %d author profile id %d does not exist', $origNotice->id, $origNotice->profile_id)); + } catch (ServerException $e) { + // Probably just no parent. Should get a specific NoParentException + } catch (Exception $e) { + common_log(LOG_WARNING, __METHOD__ . ' got exception ' . get_class($e) . ' : ' . $e->getMessage()); } } @@ -719,25 +746,26 @@ function common_find_mentions($text, $notice) // Start with conversation context, then go to // sender context. - if (!empty($originalAuthor) && $originalAuthor->nickname == $nickname) { - $mentioned = $originalAuthor; - } else if (!empty($originalMentions) && - array_key_exists($nickname, $originalMentions)) { - $mentioned = $originalMentions[$nickname]; + if ($origAuthor instanceof Profile && $origAuthor->nickname == $nickname) { + $mentioned = $origAuthor; + } else if (!empty($origMentions) && + array_key_exists($nickname, $origMentions)) { + $mentioned = $origMentions[$nickname]; } else { $mentioned = common_relative_profile($sender, $nickname); } - if (!empty($mentioned)) { - $user = User::staticGet('id', $mentioned->id); + if ($mentioned instanceof Profile) { + $user = User::getKV('id', $mentioned->id); - if ($user) { + if ($user instanceof User) { $url = common_local_url('userbyid', array('id' => $user->id)); } else { $url = $mentioned->profileurl; } $mention = array('mentioned' => array($mentioned), + 'type' => 'mention', 'text' => $match[0], 'position' => $match[1], 'url' => $url); @@ -753,26 +781,44 @@ function common_find_mentions($text, $notice) // @#tag => mention of all subscriptions tagged 'tag' preg_match_all('/(?:^|[\s\.\,\:\;]+)@#([\pL\pN_\-\.]{1,64})/', - $text, - $hmatches, - PREG_OFFSET_CAPTURE); - + $text, $hmatches, PREG_OFFSET_CAPTURE); foreach ($hmatches[1] as $hmatch) { - $tag = common_canonical_tag($hmatch[0]); $plist = Profile_list::getByTaggerAndTag($sender->id, $tag); - if (!empty($plist) && !$plist->private) { - $tagged = $sender->getTaggedSubscribers($tag); + if (!$plist instanceof Profile_list || $plist->private) { + continue; + } + $tagged = $sender->getTaggedSubscribers($tag); - $url = common_local_url('showprofiletag', - array('tagger' => $sender->nickname, - 'tag' => $tag)); + $url = common_local_url('showprofiletag', + array('tagger' => $sender->nickname, + 'tag' => $tag)); - $mentions[] = array('mentioned' => $tagged, - 'text' => $hmatch[0], - 'position' => $hmatch[1], - 'url' => $url); + $mentions[] = array('mentioned' => $tagged, + 'type' => 'list', + 'text' => $hmatch[0], + 'position' => $hmatch[1], + 'url' => $url); + } + + preg_match_all('/(?:^|[\s\.\,\:\;]+)!(' . Nickname::DISPLAY_FMT . ')/', + $text, $hmatches, PREG_OFFSET_CAPTURE); + foreach ($hmatches[1] as $hmatch) { + $nickname = Nickname::normalize($hmatch[0]); + $group = User_group::getForNickname($nickname, $sender); + + if (!$group instanceof User_group || !$sender->isMember($group)) { + continue; } + + $profile = $group->getProfile(); + + $mentions[] = array('mentioned' => array($profile), + 'type' => 'group', + 'text' => $hmatch[0], + 'position' => $hmatch[1], + 'url' => $group->permalink(), + 'title' => $group->getFancyName()); } Event::handle('EndFindMentions', array($sender, $text, &$mentions)); @@ -808,13 +854,15 @@ function common_find_mentions_raw($text) function common_render_text($text) { - $r = htmlspecialchars($text); + $text = common_remove_unicode_formatting($text); + $text = nl2br(htmlspecialchars($text)); - $r = preg_replace('/[\x{0}-\x{8}\x{b}-\x{c}\x{e}-\x{19}]/', '', $r); - $r = common_replace_urls_callback($r, 'common_linkify'); - $r = preg_replace('/(^|\"\;|\'|\(|\[|\{|\s+)#([\pL\pN_\-\.]{1,64})/ue', "'\\1#'.common_tag_link('\\2')", $r); + $text = preg_replace('/[\x{0}-\x{8}\x{b}-\x{c}\x{e}-\x{19}]/', '', $text); + $text = common_replace_urls_callback($text, 'common_linkify'); + $text = preg_replace_callback('/(^|\"\;|\'|\(|\[|\{|\s+)#([\pL\pN_\-\.]{1,64})/u', + function ($m) { return "{$m[1]}#".common_tag_link($m[2]); }, $text); // XXX: machine tags - return $r; + return $text; } /** @@ -845,15 +893,19 @@ function common_replace_urls_callback($text, $callback, $arg = null) { ')'. ')'. ')'. + '|(?:(?:magnet):)'. // URLs without domain name '|(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)'. //IPv4 '|(?:'. //IPv6 '\[?(?:(?:(?:[0-9A-Fa-f]{1,4}:){7}(?:(?:[0-9A-Fa-f]{1,4})|:))|(?:(?:[0-9A-Fa-f]{1,4}:){6}(?::|(?:(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})(?:\.(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})|(?::[0-9A-Fa-f]{1,4})))|(?:(?:[0-9A-Fa-f]{1,4}:){5}(?:(?::(?:(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})(?:\.(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|(?:(?::[0-9A-Fa-f]{1,4}){1,2})))|(?:(?:[0-9A-Fa-f]{1,4}:){4}(?::[0-9A-Fa-f]{1,4}){0,1}(?:(?::(?:(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})(?:\.(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|(?:(?::[0-9A-Fa-f]{1,4}){1,2})))|(?:(?:[0-9A-Fa-f]{1,4}:){3}(?::[0-9A-Fa-f]{1,4}){0,2}(?:(?::(?:(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})(?:\.(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|(?:(?::[0-9A-Fa-f]{1,4}){1,2})))|(?:(?:[0-9A-Fa-f]{1,4}:){2}(?::[0-9A-Fa-f]{1,4}){0,3}(?:(?::(?:(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})(?:\.(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|(?:(?::[0-9A-Fa-f]{1,4}){1,2})))|(?:(?:[0-9A-Fa-f]{1,4}:)(?::[0-9A-Fa-f]{1,4}){0,4}(?:(?::(?:(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})(?:\.(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|(?:(?::[0-9A-Fa-f]{1,4}){1,2})))|(?::(?::[0-9A-Fa-f]{1,4}){0,5}(?:(?::(?:(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})(?:\.(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|(?:(?::[0-9A-Fa-f]{1,4}){1,2})))|(?:(?:(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})(?:\.(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})))\]?(?getEnclosure()) { + if ($f instanceof File) { + try { + $enclosure = $f->getEnclosure(); $is_attachment = true; $attachment_id = $f->id; - $thumb = File_thumbnail::staticGet('file_id', $f->id); - if (!empty($thumb)) { - $has_thumb = true; - } + $thumb = File_thumbnail::getKV('file_id', $f->id); + $has_thumb = ($thumb instanceof File_thumbnail); + } catch (ServerException $e) { + // There was not enough metadata available } } @@ -1046,7 +1086,7 @@ function common_shorten_links($text, $always = false, User $user=null) $maxLength = User_urlshortener_prefs::maxNoticeLength($user); - if ($always || mb_strlen($text) > $maxLength) { + if ($always || ($maxLength != -1 && mb_strlen($text) > $maxLength)) { return common_replace_urls_callback($text, array('File_redirection', 'forceShort'), $user); } else { return common_replace_urls_callback($text, array('File_redirection', 'makeShort'), $user); @@ -1106,6 +1146,27 @@ function common_xml_safe_str($str) return preg_replace('/[\p{Cc}\p{Cs}]/u', '*', $str); } +function common_slugify($str) +{ + // php5-intl is highly recommended... + if (!function_exists('transliterator_transliterate')) { + $str = preg_replace('/[^\pL\pN]/u', '', $str); + $str = mb_convert_case($str, MB_CASE_LOWER, 'UTF-8'); + $str = substr($str, 0, 64); + return $str; + } + $str = transliterator_transliterate( + 'Any-Latin;' . // any charset to latin compatible + 'NFD;' . // decompose + '[:Nonspacing Mark:] Remove;' . // remove nonspacing marks (accents etc.) + 'NFC;' . // composite again + '[:Punctuation:] Remove;' . // remove punctuation (.,¿? etc.) + 'Lower();' . // turn into lowercase + 'Latin-ASCII;', // get ASCII equivalents (ð to d for example) + $str); + return preg_replace('/[^\pL\pN]/', '', $str); +} + function common_tag_link($tag) { $canonical = common_canonical_tag($tag); @@ -1129,11 +1190,9 @@ function common_tag_link($tag) function common_canonical_tag($tag) { - // only alphanum - $tag = preg_replace('/[^\pL\pN]/u', '', $tag); - $tag = mb_convert_case($tag, MB_CASE_LOWER, "UTF-8"); - $tag = substr($tag, 0, 64); - return $tag; + $tag = common_slugify($tag); + $tag = substr($tag, 0, 64); + return $tag; } function common_valid_profile_tag($str) @@ -1141,35 +1200,6 @@ function common_valid_profile_tag($str) return preg_match('/^[A-Za-z0-9_\-\.]{1,64}$/', $str); } -/** - * - * @param $sender_id - * @param $nickname - * @return - * @access private - */ -function common_group_link($sender_id, $nickname) -{ - $sender = Profile::staticGet($sender_id); - $group = User_group::getForNickname($nickname, $sender); - if ($sender && $group && $sender->isMember($group)) { - $attrs = array('href' => $group->permalink(), - 'class' => 'url'); - if (!empty($group->fullname)) { - $attrs['title'] = $group->getFancyName(); - } - $xs = new XMLStringer(); - $xs->elementStart('span', 'vcard'); - $xs->elementStart('a', $attrs); - $xs->element('span', 'fn nickname group', $nickname); - $xs->elementEnd('a'); - $xs->elementEnd('span'); - return $xs->getString(); - } else { - return $nickname; - } -} - /** * Resolve an ambiguous profile nickname reference, checking in following order: * - profiles that $sender subscribes to @@ -1217,10 +1247,10 @@ function common_relative_profile($sender, $nickname, $dt=null) return $recipient; } // If this is a local user, try to find a local user with that nickname. - $sender = User::staticGet($sender->id); - if ($sender) { - $recipient_user = User::staticGet('nickname', $nickname); - if ($recipient_user) { + $sender = User::getKV('id', $sender->id); + if ($sender instanceof User) { + $recipient_user = User::getKV('nickname', $nickname); + if ($recipient_user instanceof User) { return $recipient_user->getProfile(); } } @@ -1236,7 +1266,9 @@ function common_local_url($action, $args=null, $params=null, $fragment=null, $ad $r = Router::get(); $path = $r->build($action, $args, $params, $fragment); - $ssl = common_is_sensitive($action); + $ssl = common_config('site', 'ssl') === 'always' + || GNUsocial::isHTTPS() + || common_is_sensitive($action); if (common_config('site','fancy')) { $url = common_path($path, $ssl, $addSession); @@ -1259,10 +1291,10 @@ function common_is_sensitive($action) 'register', 'passwordsettings', 'api', - 'ApiOauthRequestToken', - 'ApiOauthAccessToken', - 'ApiOauthAuthorize', - 'ApiOauthPin', + 'ApiOAuthRequestToken', + 'ApiOAuthAccessToken', + 'ApiOAuthAuthorize', + 'ApiOAuthPin', 'showapplication' ); $ssl = null; @@ -1279,6 +1311,7 @@ function common_path($relative, $ssl=false, $addSession=true) $pathpart = (common_config('site', 'path')) ? common_config('site', 'path')."/" : ''; if (($ssl && (common_config('site', 'ssl') === 'sometimes')) + || GNUsocial::isHTTPS() || common_config('site', 'ssl') === 'always') { $proto = 'https'; if (is_string(common_config('site', 'sslserver')) && @@ -1307,26 +1340,26 @@ function common_path($relative, $ssl=false, $addSession=true) function common_inject_session($url, $serverpart = null) { - if (common_have_session()) { + if (!common_have_session()) { + return $url; + } - if (empty($serverpart)) { - $serverpart = parse_url($url, PHP_URL_HOST); - } + if (empty($serverpart)) { + $serverpart = parse_url($url, PHP_URL_HOST); + } - $currentServer = (array_key_exists('HTTP_HOST', $_SERVER)) ? $_SERVER['HTTP_HOST'] : null; + $currentServer = (array_key_exists('HTTP_HOST', $_SERVER)) ? $_SERVER['HTTP_HOST'] : null; - // Are we pointing to another server (like an SSL server?) + // Are we pointing to another server (like an SSL server?) - if (!empty($currentServer) && - 0 != strcasecmp($currentServer, $serverpart)) { - // Pass the session ID as a GET parameter - $sesspart = session_name() . '=' . session_id(); - $i = strpos($url, '?'); - if ($i === false) { // no GET params, just append - $url .= '?' . $sesspart; - } else { - $url = substr($url, 0, $i + 1).$sesspart.'&'.substr($url, $i + 1); - } + if (!empty($currentServer) && 0 != strcasecmp($currentServer, $serverpart)) { + // Pass the session ID as a GET parameter + $sesspart = session_name() . '=' . session_id(); + $i = strpos($url, '?'); + if ($i === false) { // no GET params, just append + $url .= '?' . $sesspart; + } else { + $url = substr($url, 0, $i + 1).$sesspart.'&'.substr($url, $i + 1); } } @@ -1395,7 +1428,8 @@ function common_exact_date($dt) $dateStr = date('d F Y H:i:s', strtotime($dt)); $d = new DateTime($dateStr, $_utc); $d->setTimezone($_siteTz); - return $d->format(DATE_RFC850); + // TRANS: Human-readable full date-time specification (formatting on http://php.net/date) + return $d->format(_('l, d-M-Y H:i:s T')); } function common_date_w3dtf($dt) @@ -1506,21 +1540,6 @@ function common_enqueue_notice($notice) return true; } -/** - * Legacy function to broadcast profile updates to OMB remote subscribers. - * - * XXX: This probably needs killing, but there are several bits of code - * that broadcast profile changes that need to be dealt with. AFAIK - * this function is only used for OMB. -z - * - * Since this may be slow with a lot of subscribers or bad remote sites, - * this is run through the background queues if possible. - */ -function common_broadcast_profile(Profile $profile) -{ - Event::handle('BroadcastProfile', array($profile)); -} - function common_profile_url($nickname) { return common_local_url('showstream', array('nickname' => $nickname), @@ -1542,16 +1561,18 @@ function common_root_url($ssl=false) /** * returns $bytes bytes of random data as a hexadecimal string - * "good" here is a goal and not a guarantee */ -function common_good_rand($bytes) +function common_random_hexstr($bytes) { - // XXX: use random.org...? - if (@file_exists('/dev/urandom')) { - return common_urandom($bytes); - } else { // FIXME: this is probably not good enough - return common_mtrand($bytes); + $str = @file_exists('/dev/urandom') + ? common_urandom($bytes) + : common_mtrand($bytes); + + $hexstr = ''; + for ($i = 0; $i < $bytes; $i++) { + $hexstr .= sprintf("%02x", ord($str[$i])); } + return $hexstr; } function common_urandom($bytes) @@ -1560,20 +1581,16 @@ function common_urandom($bytes) // should not block $src = fread($h, $bytes); fclose($h); - $enc = ''; - for ($i = 0; $i < $bytes; $i++) { - $enc .= sprintf("%02x", (ord($src[$i]))); - } - return $enc; + return $src; } function common_mtrand($bytes) { - $enc = ''; + $str = ''; for ($i = 0; $i < $bytes; $i++) { - $enc .= sprintf("%02x", mt_rand(0, 255)); + $str .= chr(mt_rand(0, 255)); } - return $enc; + return $str; } /** @@ -1688,8 +1705,10 @@ function common_debug($msg, $filename=null) function common_log_db_error(&$object, $verb, $filename=null) { + global $_PEAR; + $objstr = common_log_objstring($object); - $last_error = &PEAR::getStaticProperty('DB_DataObject','lastError'); + $last_error = &$_PEAR->getStaticProperty('DB_DataObject','lastError'); if (is_object($last_error)) { $msg = $last_error->message; } else { @@ -1719,9 +1738,13 @@ function common_log_objstring(&$object) return $objstring; } -function common_valid_http_url($url) +function common_valid_http_url($url, $secure=false) { - return Validate::uri($url, array('allowed_schemes' => array('http', 'https'))); + // If $secure is true, only allow https URLs to pass + // (if false, we use '?' in 'https?' to say the 's' is optional) + $regex = $secure ? '/^https$/' : '/^https?$/'; + return filter_var($url, FILTER_VALIDATE_URL) + && preg_match($regex, parse_url($url, PHP_URL_SCHEME)); } function common_valid_tag($tag) @@ -1810,6 +1833,53 @@ function common_accept_to_prefs($accept, $def = '*/*') return $prefs; } +// Match by our supported file extensions +function common_supported_ext_to_mime($fileext) +{ + // Accept a filename and take out the extension + if (strpos($fileext, '.') !== false) { + $fileext = substr(strrchr($fileext, '.'), 1); + } + + $supported = common_config('attachments', 'supported'); + foreach($supported as $type => $ext) { + if ($ext === $fileext) { + return $type; + } + } + + throw new ServerException('Unsupported file extension'); +} + +// Match by our supported mime types +function common_supported_mime_to_ext($mimetype) +{ + $supported = common_config('attachments', 'supported'); + foreach($supported as $type => $ext) { + if ($mimetype === $type) { + return $ext; + } + } + + throw new ServerException('Unsupported MIME type'); +} + +// The MIME "media" is the part before the slash (video in video/webm) +function common_get_mime_media($type) +{ + $tmp = explode('/', $type); + return strtolower($tmp[0]); +} + +function common_bare_mime($mimetype) +{ + $mimetype = mb_strtolower($mimetype); + if ($semicolon = mb_strpos($mimetype, ';')) { + $mimetype = mb_substr($mimetype, 0, $semicolon); + } + return $mimetype; +} + function common_mime_type_match($type, $avail) { if(array_key_exists($type, $avail)) { @@ -1866,9 +1936,14 @@ function common_negotiate_type($cprefs, $sprefs) return $besttype; } -function common_config($main, $sub) +function common_config($main, $sub=null) { global $config; + if (is_null($sub)) { + // Return the config category array + return array_key_exists($main, $config) ? $config[$main] : array(); + } + // Return the config value return (array_key_exists($main, $config) && array_key_exists($sub, $config[$main])) ? $config[$main][$sub] : false; } @@ -1941,13 +2016,6 @@ function common_user_uri(&$user) null, null, false); } -function common_notice_uri(&$notice) -{ - return common_local_url('shownotice', - array('notice' => $notice->id), - null, null, false); -} - // 36 alphanums - lookalikes (0, O, 1, I) = 32 chars = 5 bits function common_confirmation_code($bits) @@ -1958,7 +2026,7 @@ function common_confirmation_code($bits) $code = ''; for ($i = 0; $i < $chars; $i++) { // XXX: convert to string and back - $num = hexdec(common_good_rand(1)); + $num = hexdec(common_random_hexstr(1)); // XXX: randomness is too precious to throw away almost // 40% of the bits we get! $code .= $codechars[$num%32]; @@ -1967,9 +2035,12 @@ function common_confirmation_code($bits) } // convert markup to HTML - function common_markup_to_html($c, $args=null) { + if ($c === null) { + return ''; + } + if (is_null($args)) { $args = array(); } @@ -1980,11 +2051,12 @@ function common_markup_to_html($c, $args=null) $c = preg_replace('/%%arg.'.$name.'%%/', $value, $c); } - $c = preg_replace('/%%user.(\w+)%%/e', "common_user_property('\\1')", $c); - $c = preg_replace('/%%action.(\w+)%%/e', "common_local_url('\\1')", $c); - $c = preg_replace('/%%doc.(\w+)%%/e', "common_local_url('doc', array('title'=>'\\1'))", $c); - $c = preg_replace('/%%(\w+).(\w+)%%/e', 'common_config(\'\\1\', \'\\2\')', $c); - return Markdown($c); + $c = preg_replace_callback('/%%user.(\w+)%%/', function ($m) { return common_user_property($m[1]); }, $c); + $c = preg_replace_callback('/%%action.(\w+)%%/', function ($m) { return common_local_url($m[1]); }, $c); + $c = preg_replace_callback('/%%doc.(\w+)%%/', function ($m) { return common_local_url('doc', array('title'=>$m[1])); }, $c); + $c = preg_replace_callback('/%%(\w+).(\w+)%%/', function ($m) { return common_config($m[1], $m[2]); }, $c); + + return \Michelf\Markdown::defaultTransform($c); } function common_user_property($property) @@ -2004,7 +2076,11 @@ function common_user_property($property) return $profile->$property; break; case 'avatar': - return $profile->getAvatar(AVATAR_STREAM_SIZE); + try { + return $profile->getAvatar(AVATAR_STREAM_SIZE); + } catch (Exception $e) { + return null; + } break; case 'bestname': return $profile->getBestName(); @@ -2020,9 +2096,9 @@ function common_profile_uri($profile) if (!empty($profile)) { if (Event::handle('StartCommonProfileURI', array($profile, &$uri))) { - $user = User::staticGet($profile->id); - if (!empty($user)) { - $uri = $user->uri; + $user = User::getKV('id', $profile->id); + if ($user instanceof User) { + $uri = $user->getUri(); } Event::handle('EndCommonProfileURI', array($profile, &$uri)); } @@ -2086,7 +2162,7 @@ function common_session_token() { common_ensure_session(); if (!array_key_exists('token', $_SESSION)) { - $_SESSION['token'] = common_good_rand(64); + $_SESSION['token'] = common_random_hexstr(64); } return $_SESSION['token']; } @@ -2150,7 +2226,7 @@ function common_shorten_url($long_url, User $user=null, $force = false) // $force forces shortening even if it's not strictly needed // I doubt URL shortening is ever 'strictly' needed. - ESP - if (mb_strlen($long_url) < $maxUrlLength && !$force) { + if (($maxUrlLength == -1 || mb_strlen($long_url) < $maxUrlLength) && !$force) { return $long_url; } @@ -2159,17 +2235,16 @@ function common_shorten_url($long_url, User $user=null, $force = false) if (Event::handle('StartShortenUrl', array($long_url, $shortenerName, &$shortenedUrl))) { if ($shortenerName == 'internal') { - $f = File::processNew($long_url); - if (empty($f)) { - return $long_url; - } else { - $shortenedUrl = common_local_url('redirecturl', - array('id' => $f->id)); + try { + $f = File::processNew($long_url); + $shortenedUrl = common_local_url('redirecturl', array('id' => $f->id)); if ((mb_strlen($shortenedUrl) < mb_strlen($long_url)) || $force) { return $shortenedUrl; } else { return $long_url; } + } catch (ServerException $e) { + return $long_url; } } else { return $long_url; @@ -2274,8 +2349,11 @@ function common_url_to_nickname($url) function common_nicknamize($str) { - $str = preg_replace('/\W/', '', $str); - return strtolower($str); + try { + return Nickname::normalize($str); + } catch (NicknameException $e) { + return null; + } } function common_perf_counter($key, $val=null) @@ -2347,3 +2425,12 @@ function common_log_delta($comment=null) common_debug(sprintf("%s: %d %d", $comment, $mtotal, round($ttotal * 1000000))); } + +function common_strip_html($html, $trim=true, $save_whitespace=false) +{ + if (!$save_whitespace) { + $html = preg_replace('/\s+/', ' ', $html); + } + $text = html_entity_decode(strip_tags($html), ENT_QUOTES, 'UTF-8'); + return $trim ? trim($text) : $text; +}