X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=lib%2Futil.php;h=f2e09daa936fd66801cda26371734bb144297c15;hb=061e7891e9c690b8aaa1a14f379503dbf26019e4;hp=e65097c32b915d8a253ee72b93c6924f5f89fd1d;hpb=bd753055601acd42e67136f8adc8613f462c2916;p=quix0rs-gnu-social.git diff --git a/lib/util.php b/lib/util.php index e65097c32b..f2e09daa93 100644 --- a/lib/util.php +++ b/lib/util.php @@ -197,7 +197,7 @@ function common_language() if (common_config('site', 'langdetect')) { $httplang = isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? $_SERVER['HTTP_ACCEPT_LANGUAGE'] : null; if (!empty($httplang)) { - $language = client_prefered_language($httplang); + $language = client_preferred_language($httplang); if ($language) return $language; } @@ -266,7 +266,8 @@ function common_logged_in() function common_local_referer() { - return parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) === common_config('site', 'server'); + return isset($_SERVER['HTTP_REFERER']) + && parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) === common_config('site', 'server'); } function common_have_session() @@ -274,25 +275,25 @@ function common_have_session() return (0 != strcmp(session_id(), '')); } +/** + * Make sure session is started and handled by + * the correct handler. + */ function common_ensure_session() { - $c = null; - if (array_key_exists(session_name(), $_COOKIE)) { - $c = $_COOKIE[session_name()]; - } if (!common_have_session()) { if (common_config('sessions', 'handle')) { - Session::setSaveHandler(); + session_set_save_handler(new InternalSessionHandler(), true); } - if (array_key_exists(session_name(), $_GET)) { - $id = $_GET[session_name()]; - } else if (array_key_exists(session_name(), $_COOKIE)) { - $id = $_COOKIE[session_name()]; - } - if (isset($id)) { - session_id($id); - } - @session_start(); + if (array_key_exists(session_name(), $_GET)) { + $id = $_GET[session_name()]; + } else if (array_key_exists(session_name(), $_COOKIE)) { + $id = $_COOKIE[session_name()]; + } + if (isset($id)) { + session_id($id); + } + session_start(); if (!isset($_SESSION['started'])) { $_SESSION['started'] = time(); if (!empty($id)) { @@ -580,6 +581,15 @@ function common_canonical_email($email) return $email; } +function common_to_alphanumeric($str) +{ + $filtered = preg_replace('/[^A-Za-z0-9]\s*/', '', $str); + if (strlen($filtered) < 1) { + throw new Exception('Filtered string was zero-length.'); + } + return $filtered; +} + function common_purify($html, array $args=array()) { require_once INSTALLDIR.'/extlib/HTMLPurifier/HTMLPurifier.auto.php'; @@ -593,13 +603,17 @@ function common_purify($html, array $args=array()) * * Source: http://microformats.org/wiki/rel */ - $cfg->set('Attr.AllowedRel', ['bookmark', 'enclosure', 'nofollow', 'tag']); + $cfg->set('Attr.AllowedRel', ['bookmark', 'enclosure', 'nofollow', 'tag', 'noreferrer']); $cfg->set('HTML.ForbiddenAttributes', array('style')); // id, on* etc. are already filtered by default $cfg->set('URI.AllowedSchemes', array_fill_keys(common_url_schemes(), true)); if (isset($args['URI.Base'])) { $cfg->set('URI.Base', $args['URI.Base']); // if null this is like unsetting it I presume $cfg->set('URI.MakeAbsolute', !is_null($args['URI.Base'])); // if we have a URI base, convert relative URLs to absolute ones. } + if (common_config('cache', 'dir')) { + $cfg->set('Cache.SerializerPath', common_config('cache', 'dir')); + } + // if you don't want to use the default cache dir for htmlpurifier, set it specifically as $config['htmlpurifier']['Cache.SerializerPath'] = '/tmp'; or something. foreach (common_config('htmlpurifier') as $key=>$val) { $cfg->set($key, $val); } @@ -758,7 +772,7 @@ function common_find_mentions($text, Profile $sender, Notice $parent=null) } } - $matches = common_find_mentions_raw($text); + $matches = common_find_mentions_raw($text, '@'); foreach ($matches as $match) { try { @@ -837,9 +851,8 @@ function common_find_mentions($text, Profile $sender, Notice $parent=null) 'url' => $url); } - preg_match_all('/'.Nickname::BEFORE_MENTIONS.'!(' . Nickname::DISPLAY_FMT . ')/', - $text, $hmatches, PREG_OFFSET_CAPTURE); - foreach ($hmatches[1] as $hmatch) { + $hmatches = common_find_mentions_raw($text, '!'); + foreach ($hmatches as $hmatch) { $nickname = Nickname::normalize($hmatch[0]); $group = User_group::getForNickname($nickname, $sender); @@ -869,9 +882,10 @@ function common_find_mentions($text, Profile $sender, Notice $parent=null) * Should generally not be called directly; for use in common_find_mentions. * * @param string $text + * @param string $preMention Character(s) that signals a mention ('@', '!'...) * @return array of PCRE match arrays */ -function common_find_mentions_raw($text) +function common_find_mentions_raw($text, $preMention='@') { $tmatches = array(); preg_match_all('/^T (' . Nickname::DISPLAY_FMT . ') /', @@ -881,7 +895,7 @@ function common_find_mentions_raw($text) $atmatches = array(); // the regexp's "(?!\@)" makes sure it doesn't matches the single "@remote" in "@remote@server.com" - preg_match_all('/'.Nickname::BEFORE_MENTIONS.'@(' . Nickname::DISPLAY_FMT . ')\b(?!\@)/', + preg_match_all('/'.Nickname::BEFORE_MENTIONS.preg_quote($preMention, '/').'(' . Nickname::DISPLAY_FMT . ')\b(?!\@)/', $text, $atmatches, PREG_OFFSET_CAPTURE); @@ -1139,17 +1153,7 @@ function common_linkify($url) { } } - // Add clippy - if ($is_attachment) { - $attrs['class'] = 'attachment'; - if ($has_thumb) { - $attrs['class'] = 'attachment thumbnail'; - } - $attrs['id'] = "attachment-{$attachment_id}"; - } - // Whether to nofollow - $nf = common_config('nofollow', 'external'); if ($nf == 'never') { @@ -1158,6 +1162,16 @@ function common_linkify($url) { $attrs['rel'] = 'nofollow external'; } + // Add clippy + if ($is_attachment) { + $attrs['class'] = 'attachment'; + if ($has_thumb) { + $attrs['class'] = 'attachment thumbnail'; + } + $attrs['id'] = "attachment-{$attachment_id}"; + $attrs['rel'] .= ' noreferrer'; + } + return XMLStringer::estring('a', $attrs, $url); } @@ -1689,10 +1703,15 @@ function common_profile_url($nickname) /** * Should make up a reasonable root URL + * + * @param bool $tls true or false to force TLS scheme, null to use server configuration */ -function common_root_url($ssl=false) +function common_root_url($tls=null) { - $url = common_path('', $ssl, false); + if (is_null($tls)) { + $tls = GNUsocial::useHTTPS(); + } + $url = common_path('', $tls, false); $i = strpos($url, '?'); if ($i !== false) { $url = substr($url, 0, $i); @@ -1891,6 +1910,10 @@ function common_log_objstring(&$object) function common_valid_http_url($url, $secure=false) { + if (empty($url)) { + return false; + } + // If $secure is true, only allow https URLs to pass // (if false, we use '?' in 'https?' to say the 's' is optional) $regex = $secure ? '/^https$/' : '/^https?$/'; @@ -1985,16 +2008,23 @@ function common_accept_to_prefs($accept, $def = '*/*') } // Match by our supported file extensions -function common_supported_ext_to_mime($fileext) +function common_supported_filename_to_mime($filename) { // Accept a filename and take out the extension - if (strpos($fileext, '.') !== false) { - $fileext = substr(strrchr($fileext, '.'), 1); + if (strpos($filename, '.') === false) { + throw new ServerException(sprintf('No extension on filename: %1$s', _ve($filename))); } + $fileext = substr(strrchr($filename, '.'), 1); + return common_supported_ext_to_mime($fileext); +} + +function common_supported_ext_to_mime($fileext) +{ $supported = common_config('attachments', 'supported'); if ($supported === true) { - throw new ServerException('Supported extension but unknown mimetype relation.'); + // FIXME: Should we just accept the extension straight off when supported === true? + throw new UnknownExtensionMimeException($fileext); } foreach($supported as $type => $ext) { if ($ext === $fileext) { @@ -2009,16 +2039,15 @@ function common_supported_ext_to_mime($fileext) function common_supported_mime_to_ext($mimetype) { $supported = common_config('attachments', 'supported'); - if ($supported === true) { - throw new ServerException('Supported mimetype but unknown extension relation.'); - } - foreach($supported as $type => $ext) { - if ($mimetype === $type) { - return $ext; + if (is_array($supported)) { + foreach($supported as $type => $ext) { + if ($mimetype === $type) { + return $ext; + } } } - throw new ServerException('Unsupported MIME type'); + throw new UnknownMimeExtensionException($mimetype); } // The MIME "media" is the part before the slash (video in video/webm) @@ -2035,7 +2064,7 @@ function common_bare_mime($mimetype) if ($semicolon = mb_strpos($mimetype, ';')) { $mimetype = mb_substr($mimetype, 0, $semicolon); } - return $mimetype; + return trim($mimetype); } function common_mime_type_match($type, $avail) @@ -2586,6 +2615,9 @@ function common_log_delta($comment=null) function common_strip_html($html, $trim=true, $save_whitespace=false) { + // first replace
with \n + $html = preg_replace('/\<(\s*)?br(\s*)?\/?(\s*)?\>/i', "\n", $html); + // then, unless explicitly avoided, remove excessive whitespace if (!$save_whitespace) { $html = preg_replace('/\s+/', ' ', $html); }