Merge branch 'develop' into issue/missing-private-image-src

diff --git a/include/bbcode.php b/include/bbcode.php
index ebafc353a4dcb153b759ab3820f6cdf79f17a0c0..6a1630d1fcc8d84bf1e2310ed6a35bfa24aac770 100644 (file)
--- a/include/bbcode.php
+++ b/include/bbcode.php
@@ -1161,8 +1161,10 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true, $simplehtml = fal
        $Text = preg_replace('/\&quot\;/','"',$Text);
 
        // fix any escaped ampersands that may have been converted into links
-       $Text = preg_replace("/\<([^>]*?)(src|href)=(.*?)\&amp\;(.*?)\>/ism",'<$1$2=$3&$4>',$Text);
-       $Text = preg_replace("/\<([^>]*?)(src|href)=\"(?!http|ftp|mailto|gopher|cid)(.*?)\>/ism",'<$1$2="">',$Text);
+       $Text = preg_replace('/\<([^>]*?)(src|href)=(.*?)\&amp\;(.*?)\>/ism', '<$1$2=$3&$4>', $Text);
+
+       // removes potentially harmful javascript in src/href
+       $Text = preg_replace('/\<([^>]*?)(src|href)="javascript(.*?)\>/ism', '', $Text);
 
        if($saved_image)
                $Text = bb_replace_images($Text, $saved_image);

diff --git a/include/text.php b/include/text.php
index b57016456a8c366485035527f635a81906059d6b..89ab7254b6c9ad10869512a85adf9b8b6b5491bf 100644 (file)
--- a/include/text.php
+++ b/include/text.php
@@ -771,7 +771,7 @@ function activity_match($haystack,$needle) {
 
 /**
  * @brief Pull out all #hashtags and @person tags from $string.
- * 
+ *
  * We also get @person@domain.com - which would make
  * the regex quite complicated as tags can also
  * end a sentence. So we'll run through our results
@@ -1170,33 +1170,29 @@ function link_compare($a,$b) {
        return false;
 }}
 
-
-if(! function_exists('redir_private_images')) {
 /**
- * Find any non-embedded images in private items and add redir links to them
+ * @brief Find any non-embedded images in private items and add redir links to them
  *
  * @param App $a
- * @param array $item
+ * @param array &$item The field array of an item row
  */
-function redir_private_images($a, &$item) {
-
+function redir_private_images($a, &$item)
+{
        $matches = false;
        $cnt = preg_match_all('|\[img\](http[^\[]*?/photo/[a-fA-F0-9]+?(-[0-9]\.[\w]+?)?)\[\/img\]|', $item['body'], $matches, PREG_SET_ORDER);
-       if($cnt) {
-               //logger("redir_private_images: matches = " . print_r($matches, true));
-               foreach($matches as $mtch) {
-                       if(strpos($mtch[1], '/redir') !== false)
+       if ($cnt) {
+               foreach ($matches as $mtch) {
+                       if(strpos($mtch[1], '/redir') !== false) {
                                continue;
+                       }
 
-                       if((local_user() == $item['uid']) && ($item['private'] != 0) && ($item['contact-id'] != $a->contact['id']) && ($item['network'] == NETWORK_DFRN)) {
-                               //logger("redir_private_images: redir");
-                               $img_url = 'redir?f=1&quiet=1&url=' . $mtch[1] . '&conurl=' . $item['author-link'];
-                               $item['body'] = str_replace($mtch[0], "[img]".$img_url."[/img]", $item['body']);
+                       if ((local_user() == $item['uid']) && ($item['private'] != 0) && ($item['contact-id'] != $a->contact['id']) && ($item['network'] == NETWORK_DFRN)) {
+                               $img_url = $a->get_baseurl() . '/redir?f=1&quiet=1&url=' . urlencode($mtch[1]) . '&conurl=' . urlencode($item['author-link']);
+                               $item['body'] = str_replace($mtch[0], '[img]' . $img_url . '[/img]', $item['body']);
                        }
                }
        }
-
-}}
+}
 
 function put_item_in_cache(&$item, $update = false) {