X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=lib%2Futil.php;h=f2e09daa936fd66801cda26371734bb144297c15;hb=061e7891e9c690b8aaa1a14f379503dbf26019e4;hp=5aeda6d7509b92a58070a494d702173e6d87bb17;hpb=b9a11f8c216499bf0cb6a93ea04e688c96bb3923;p=quix0rs-gnu-social.git

diff --git a/lib/util.php b/lib/util.php
index 5aeda6d750..f2e09daa93 100644
--- a/lib/util.php
+++ b/lib/util.php
@@ -197,7 +197,7 @@ function common_language()
     if (common_config('site', 'langdetect')) {
         $httplang = isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? $_SERVER['HTTP_ACCEPT_LANGUAGE'] : null;
         if (!empty($httplang)) {
-            $language = client_prefered_language($httplang);
+            $language = client_preferred_language($httplang);
             if ($language)
               return $language;
         }
@@ -266,7 +266,8 @@ function common_logged_in()
 
 function common_local_referer()
 {
-    return parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) === common_config('site', 'server');
+    return isset($_SERVER['HTTP_REFERER'])
+            && parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) === common_config('site', 'server');
 }
 
 function common_have_session()
@@ -274,25 +275,25 @@ function common_have_session()
     return (0 != strcmp(session_id(), ''));
 }
 
+/**
+ * Make sure session is started and handled by
+ * the correct handler.
+ */
 function common_ensure_session()
 {
-    $c = null;
-    if (array_key_exists(session_name(), $_COOKIE)) {
-        $c = $_COOKIE[session_name()];
-    }
     if (!common_have_session()) {
         if (common_config('sessions', 'handle')) {
-            Session::setSaveHandler();
+            session_set_save_handler(new InternalSessionHandler(), true);
         }
-	if (array_key_exists(session_name(), $_GET)) {
-	    $id = $_GET[session_name()];
-	} else if (array_key_exists(session_name(), $_COOKIE)) {
-	    $id = $_COOKIE[session_name()];
-	}
-	if (isset($id)) {
-	    session_id($id);
-	}
-        @session_start();
+        if (array_key_exists(session_name(), $_GET)) {
+            $id = $_GET[session_name()];
+        } else if (array_key_exists(session_name(), $_COOKIE)) {
+            $id = $_COOKIE[session_name()];
+        }
+        if (isset($id)) {
+            session_id($id);
+        }
+        session_start();
         if (!isset($_SESSION['started'])) {
             $_SESSION['started'] = time();
             if (!empty($id)) {
@@ -580,6 +581,15 @@ function common_canonical_email($email)
     return $email;
 }
 
+function common_to_alphanumeric($str)
+{
+    $filtered = preg_replace('/[^A-Za-z0-9]\s*/', '', $str);
+    if (strlen($filtered) < 1) {
+        throw new Exception('Filtered string was zero-length.');
+    }
+    return $filtered;
+}
+
 function common_purify($html, array $args=array())
 {
     require_once INSTALLDIR.'/extlib/HTMLPurifier/HTMLPurifier.auto.php';
@@ -593,13 +603,17 @@ function common_purify($html, array $args=array())
      *
      * Source: http://microformats.org/wiki/rel
      */
-    $cfg->set('Attr.AllowedRel', ['bookmark', 'enclosure', 'nofollow', 'tag']);
+    $cfg->set('Attr.AllowedRel', ['bookmark', 'enclosure', 'nofollow', 'tag', 'noreferrer']);
     $cfg->set('HTML.ForbiddenAttributes', array('style'));  // id, on* etc. are already filtered by default
     $cfg->set('URI.AllowedSchemes', array_fill_keys(common_url_schemes(), true));
     if (isset($args['URI.Base'])) {
         $cfg->set('URI.Base', $args['URI.Base']);   // if null this is like unsetting it I presume
         $cfg->set('URI.MakeAbsolute', !is_null($args['URI.Base']));   // if we have a URI base, convert relative URLs to absolute ones.
     }
+    if (common_config('cache', 'dir')) {
+        $cfg->set('Cache.SerializerPath', common_config('cache', 'dir'));
+    }
+    // if you don't want to use the default cache dir for htmlpurifier, set it specifically as $config['htmlpurifier']['Cache.SerializerPath'] = '/tmp'; or something.
     foreach (common_config('htmlpurifier') as $key=>$val) {
         $cfg->set($key, $val);
     }
@@ -692,7 +706,7 @@ function common_linkify_mention(array $mention)
         $xs = new XMLStringer(false);
 
         $attrs = array('href' => $mention['url'],
-                       'class' => 'h-card '.$mention['type']);
+                       'class' => 'h-card u-url p-nickname '.$mention['type']);
 
         if (!empty($mention['title'])) {
             $attrs['title'] = $mention['title'];
@@ -758,7 +772,7 @@ function common_find_mentions($text, Profile $sender, Notice $parent=null)
             }
         }
 
-        $matches = common_find_mentions_raw($text);
+        $matches = common_find_mentions_raw($text, '@');
 
         foreach ($matches as $match) {
             try {
@@ -837,9 +851,8 @@ function common_find_mentions($text, Profile $sender, Notice $parent=null)
                                 'url' => $url);
         }
 
-        preg_match_all('/'.Nickname::BEFORE_MENTIONS.'!(' . Nickname::DISPLAY_FMT . ')/',
-                       $text, $hmatches, PREG_OFFSET_CAPTURE);
-        foreach ($hmatches[1] as $hmatch) {
+        $hmatches = common_find_mentions_raw($text, '!');
+        foreach ($hmatches as $hmatch) {
             $nickname = Nickname::normalize($hmatch[0]);
             $group = User_group::getForNickname($nickname, $sender);
 
@@ -869,9 +882,10 @@ function common_find_mentions($text, Profile $sender, Notice $parent=null)
  * Should generally not be called directly; for use in common_find_mentions.
  *
  * @param string $text
+ * @param string $preMention Character(s) that signals a mention ('@', '!'...)
  * @return array of PCRE match arrays
  */
-function common_find_mentions_raw($text)
+function common_find_mentions_raw($text, $preMention='@')
 {
     $tmatches = array();
     preg_match_all('/^T (' . Nickname::DISPLAY_FMT . ') /',
@@ -881,7 +895,7 @@ function common_find_mentions_raw($text)
 
     $atmatches = array();
     // the regexp's "(?!\@)" makes sure it doesn't matches the single "@remote" in "@remote@server.com"
-    preg_match_all('/'.Nickname::BEFORE_MENTIONS.'@(' . Nickname::DISPLAY_FMT . ')\b(?!\@)/',
+    preg_match_all('/'.Nickname::BEFORE_MENTIONS.preg_quote($preMention, '/').'(' . Nickname::DISPLAY_FMT . ')\b(?!\@)/',
                    $text,
                    $atmatches,
                    PREG_OFFSET_CAPTURE);
@@ -1013,10 +1027,10 @@ function common_replace_urls_callback($text, $callback, $arg = null) {
         ')'.
         '(?:'.
             '(?:\:\d+)?'. //:port
-            '(?:/[\pN\pL$\,\!\(\)\.\:\-\_\+\/\=\&\;\%\~\*\$\+\'@]*)?'. // /path
-            '(?:\?[\pN\pL\$\,\!\(\)\.\:\-\_\+\/\=\&\;\%\~\*\$\+\'@\/]*)?'. // ?query string
-            '(?:\#[\pN\pL$\,\!\(\)\.\:\-\_\+\/\=\&\;\%\~\*\$\+\'\@/\?\#]*)?'. // #fragment
-        ')(?<![\?\.\,\#\,])'.
+            '(?:/['  . URL_REGEX_VALID_PATH_CHARS    . ']*)?'.  // path
+            '(?:\?[' . URL_REGEX_VALID_QSTRING_CHARS . ']*)?'.  // ?query string
+            '(?:\#[' . URL_REGEX_VALID_FRAGMENT_CHARS . ']*)?'. // #fragment
+        ')(?<!['. URL_REGEX_EXCLUDED_END_CHARS .'])'.
     ')'.
     '#ixu';
     //preg_match_all($regex,$text,$matches);
@@ -1139,17 +1153,7 @@ function common_linkify($url) {
         }
     }
 
-    // Add clippy
-    if ($is_attachment) {
-        $attrs['class'] = 'attachment';
-        if ($has_thumb) {
-            $attrs['class'] = 'attachment thumbnail';
-        }
-        $attrs['id'] = "attachment-{$attachment_id}";
-    }
-
     // Whether to nofollow
-
     $nf = common_config('nofollow', 'external');
 
     if ($nf == 'never') {
@@ -1158,6 +1162,16 @@ function common_linkify($url) {
         $attrs['rel'] = 'nofollow external';
     }
 
+    // Add clippy
+    if ($is_attachment) {
+        $attrs['class'] = 'attachment';
+        if ($has_thumb) {
+            $attrs['class'] = 'attachment thumbnail';
+        }
+        $attrs['id'] = "attachment-{$attachment_id}";
+        $attrs['rel'] .= ' noreferrer';
+    }
+
     return XMLStringer::estring('a', $attrs, $url);
 }
 
@@ -1689,10 +1703,15 @@ function common_profile_url($nickname)
 
 /**
  * Should make up a reasonable root URL
+ *
+ * @param   bool    $tls    true or false to force TLS scheme, null to use server configuration
  */
-function common_root_url($ssl=false)
+function common_root_url($tls=null)
 {
-    $url = common_path('', $ssl, false);
+    if (is_null($tls)) {
+        $tls = GNUsocial::useHTTPS();
+    }
+    $url = common_path('', $tls, false);
     $i = strpos($url, '?');
     if ($i !== false) {
         $url = substr($url, 0, $i);
@@ -1891,6 +1910,10 @@ function common_log_objstring(&$object)
 
 function common_valid_http_url($url, $secure=false)
 {
+    if (empty($url)) {
+        return false;
+    }
+
     // If $secure is true, only allow https URLs to pass
     // (if false, we use '?' in 'https?' to say the 's' is optional)
     $regex = $secure ? '/^https$/' : '/^https?$/';
@@ -1985,16 +2008,23 @@ function common_accept_to_prefs($accept, $def = '*/*')
 }
 
 // Match by our supported file extensions
-function common_supported_ext_to_mime($fileext)
+function common_supported_filename_to_mime($filename)
 {
     // Accept a filename and take out the extension
-    if (strpos($fileext, '.') !== false) {
-        $fileext = substr(strrchr($fileext, '.'), 1);
+    if (strpos($filename, '.') === false) {
+        throw new ServerException(sprintf('No extension on filename: %1$s', _ve($filename)));
     }
 
+    $fileext = substr(strrchr($filename, '.'), 1);
+    return common_supported_ext_to_mime($fileext);
+}
+
+function common_supported_ext_to_mime($fileext)
+{
     $supported = common_config('attachments', 'supported');
     if ($supported === true) {
-        throw new ServerException('Supported extension but unknown mimetype relation.');
+        // FIXME: Should we just accept the extension straight off when supported === true?
+        throw new UnknownExtensionMimeException($fileext);
     }
     foreach($supported as $type => $ext) {
         if ($ext === $fileext) {
@@ -2009,16 +2039,15 @@ function common_supported_ext_to_mime($fileext)
 function common_supported_mime_to_ext($mimetype)
 {
     $supported = common_config('attachments', 'supported');
-    if ($supported === true) {
-        throw new ServerException('Supported mimetype but unknown extension relation.');
-    }
-    foreach($supported as $type => $ext) {
-        if ($mimetype === $type) {
-            return $ext;
+    if (is_array($supported)) {
+        foreach($supported as $type => $ext) {
+            if ($mimetype === $type) {
+                return $ext;
+            }
         }
     }
 
-    throw new ServerException('Unsupported MIME type');
+    throw new UnknownMimeExtensionException($mimetype);
 }
 
 // The MIME "media" is the part before the slash (video in video/webm)
@@ -2035,7 +2064,7 @@ function common_bare_mime($mimetype)
     if ($semicolon = mb_strpos($mimetype, ';')) {
         $mimetype = mb_substr($mimetype, 0, $semicolon);
     }
-    return $mimetype;
+    return trim($mimetype);
 }
 
 function common_mime_type_match($type, $avail)
@@ -2586,6 +2615,9 @@ function common_log_delta($comment=null)
 
 function common_strip_html($html, $trim=true, $save_whitespace=false)
 {
+    // first replace <br /> with \n
+    $html = preg_replace('/\<(\s*)?br(\s*)?\/?(\s*)?\>/i', "\n", $html); 
+    // then, unless explicitly avoided, remove excessive whitespace
     if (!$save_whitespace) {
         $html = preg_replace('/\s+/', ' ', $html);
     }