diff options
| author | friendica <info@friendica.com> | 2014-02-16 14:13:26 -0800 |
|---|---|---|
| committer | friendica <info@friendica.com> | 2014-02-16 14:13:26 -0800 |
| commit | ebd52368bb134e57a54d853732b5b4970a8ce02b (patch) | |
| tree | 3b950917be780242a2e5ae64c9b26f42e170a637 /include | |
| parent | d9e4f634665ec4da69b5af230f45f2a0e9688a1b (diff) | |
| download | volse-hubzilla-ebd52368bb134e57a54d853732b5b4970a8ce02b.tar.gz volse-hubzilla-ebd52368bb134e57a54d853732b5b4970a8ce02b.tar.bz2 volse-hubzilla-ebd52368bb134e57a54d853732b5b4970a8ce02b.zip | |
strip hard-wired zids from posted links as they will have the wrong identity when somebody tries to view the link
Diffstat (limited to 'include')
| -rwxr-xr-x | include/items.php | 11 | ||||
| -rwxr-xr-x | include/text.php | 5 |
2 files changed, 15 insertions, 1 deletions
diff --git a/include/items.php b/include/items.php index 3c10b8f5c..9bcdd7d0b 100755 --- a/include/items.php +++ b/include/items.php @@ -145,7 +145,9 @@ function can_comment_on_post($observer_xchan,$item) { * @function red_zrl_callback * preg_match function when fixing 'naked' links in mod item.php * Check if we've got a hubloc for the site and use a zrl if we do, a url if we don't. - * + * Remove any existing zid= param which may have been pasted by mistake - and will have + * the author's credentials. zid's are dynamic and can't really be passed around like + * that. */ @@ -159,6 +161,13 @@ function red_zrl_callback($matches) { if($r) $zrl = true; } + + $t = strip_zids($matches[2]); + if($t !== $matches[2]) { + $zrl = true; + $matches[2] = $t; + } + if($matches[1] === '#^') $matches[1] = ''; if($zrl) diff --git a/include/text.php b/include/text.php index 2b334068f..2f5accf6e 100755 --- a/include/text.php +++ b/include/text.php @@ -621,6 +621,11 @@ function get_tags($s) { } +function strip_zids($s) { + return preg_replace('/[\?&]zid=(.*?)(&|$)/ism','$2',$s); +} + + // quick and dirty quoted_printable encoding |