From 9b19e40a74a4a5d641015c04c1765d4bd4502bd1 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 9 Nov 2017 21:26:18 -0800 Subject: hubzilla issue #901 - unicode characters in urls tripping up url regexes - these regexes have been modified to accept unicode "letters" which may preclude emojis and control sequences and symbols in url links; but should suffice for most legal URLs containing language context "text" glyphs. --- include/activities.php | 2 +- include/bbcode.php | 6 +++--- include/markdown.php | 4 ++-- include/text.php | 14 +++++++------- 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/include/activities.php b/include/activities.php index 2671e668c..9b83f7a5c 100644 --- a/include/activities.php +++ b/include/activities.php @@ -50,7 +50,7 @@ function profile_activity($changed, $value) { if($t == 1 && strlen($value)) { // if it's a url, the HTML quotes will mess it up, so link it and don't try and zidify it because we don't know what it points to. - $value = preg_replace_callback("/([^\]\='".'"'."]|^|\#\^)(https?\:\/\/[a-zA-Z0-9\:\/\-\?\&\;\.\=\@\_\~\#\%\$\!\+\,]+)/ism", 'red_zrl_callback', $value); + $value = preg_replace_callback("/([^\]\='".'"'."]|^|\#\^)(https?\:\/\/[a-zA-Z0-9\pL\:\/\-\?\&\;\.\=\@\_\~\#\%\$\!\+\,]+)/ismu", 'red_zrl_callback', $value); // take out the bookmark indicator if(substr($value,0,2) === '#^') $value = str_replace('#^','',$value); diff --git a/include/bbcode.php b/include/bbcode.php index 9a2a6eb9b..050ab2d29 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -838,13 +838,13 @@ function bbcode($Text, $preserve_nl = false, $tryoembed = true, $cache = false) // Perform URL Search - $urlchars = '[a-zA-Z0-9\:\/\-\?\&\;\.\=\_\~\#\%\$\!\+\,\@\(\)]'; + $urlchars = '[a-zA-Z0-9\pL\:\/\-\?\&\;\.\=\_\~\#\%\$\!\+\,\@\(\)]'; if (strpos($Text,'http') !== false) { if($tryoembed) { - $Text = preg_replace_callback("/([^\]\='".'"'."\/]|^|\#\^)(https?\:\/\/$urlchars+)/ism", 'tryoembed', $Text); + $Text = preg_replace_callback("/([^\]\='".'"'."\/]|^|\#\^)(https?\:\/\/$urlchars+)/ismu", 'tryoembed', $Text); } - $Text = preg_replace("/([^\]\='".'"'."\/]|^|\#\^)(https?\:\/\/$urlchars+)/ism", '$1$2', $Text); + $Text = preg_replace("/([^\]\='".'"'."\/]|^|\#\^)(https?\:\/\/$urlchars+)/ismu", '$1$2', $Text); } if (strpos($Text,'[/share]') !== false) { diff --git a/include/markdown.php b/include/markdown.php index 865727b20..f398d279e 100644 --- a/include/markdown.php +++ b/include/markdown.php @@ -75,10 +75,10 @@ function markdown_to_bb($s, $use_zrl = false, $options = []) { // Convert everything that looks like a link to a link if($use_zrl) { $s = str_replace(['[img', '/img]'], ['[zmg', '/zmg]'], $s); - $s = preg_replace("/([^\]\=]|^)(https?\:\/\/)([a-zA-Z0-9\:\/\-\?\&\;\.\=\_\~\#\%\$\!\+\,\@\(\)]+)/ism", '$1[zrl=$2$3]$2$3[/zrl]',$s); + $s = preg_replace("/([^\]\=]|^)(https?\:\/\/)([a-zA-Z0-9\pL\:\/\-\?\&\;\.\=\_\~\#\%\$\!\+\,\@\(\)]+)/ismu", '$1[zrl=$2$3]$2$3[/zrl]',$s); } else { - $s = preg_replace("/([^\]\=]|^)(https?\:\/\/)([a-zA-Z0-9\:\/\-\?\&\;\.\=\_\~\#\%\$\!\+\,\@\(\)]+)/ism", '$1[url=$2$3]$2$3[/url]',$s); + $s = preg_replace("/([^\]\=]|^)(https?\:\/\/)([a-zA-Z0-9\pL\:\/\-\?\&\;\.\=\_\~\#\%\$\!\+\,\@\(\)]+)/ismu", '$1[url=$2$3]$2$3[/url]',$s); } // remove duplicate adjacent code tags diff --git a/include/text.php b/include/text.php index 746c35679..c74e515d2 100644 --- a/include/text.php +++ b/include/text.php @@ -819,7 +819,7 @@ function get_tags($s) { // added ; to single word tags to allow emojis and other unicode character constructs in bbcode // (this would actually be &#xnnnnn; but the ampersand will have been escaped to & by the time we see it.) - if(preg_match_all('/(?$1' : ' $1'), $s); + $s = preg_replace("/(https?\:\/\/[a-zA-Z0-9\pL\:\/\-\?\&\;\.\=\_\@\~\#\'\%\$\!\+\,\@]*)/u", (($me) ? ' $1' : ' $1'), $s); $s = preg_replace("/\<(.*?)(src|href)=(.*?)\&\;(.*?)\>/ism",'<$1$2=$3&$4>',$s); return($s); @@ -3099,10 +3099,10 @@ function cleanup_bbcode($body) { $body = preg_replace_callback('/\[zrl(.*?)\[\/(zrl)\]/ism','\red_escape_codeblock',$body); - $body = preg_replace_callback("/([^\]\='".'"'."\/]|^|\#\^)(https?\:\/\/[a-zA-Z0-9\:\/\-\?\&\;\.\=\@\_\~\#\%\$\!\\ -+\,\(\)]+)/ism", '\nakedoembed', $body); - $body = preg_replace_callback("/([^\]\='".'"'."\/]|^|\#\^)(https?\:\/\/[a-zA-Z0-9\:\/\-\?\&\;\.\=\@\_\~\#\%\$\!\\ -+\,\(\)]+)/ism", '\red_zrl_callback', $body); + $body = preg_replace_callback("/([^\]\='".'"'."\/]|^|\#\^)(https?\:\/\/[a-zA-Z0-9\pL\:\/\-\?\&\;\.\=\@\_\~\#\%\$\!\\ ++\,\(\)]+)/ismu", '\nakedoembed', $body); + $body = preg_replace_callback("/([^\]\='".'"'."\/]|^|\#\^)(https?\:\/\/[a-zA-Z0-9\pL\:\/\-\?\&\;\.\=\@\_\~\#\%\$\!\\ ++\,\(\)]+)/ismu", '\red_zrl_callback', $body); $body = preg_replace_callback('/\[\$b64zrl(.*?)\[\/(zrl)\]/ism','\red_unescape_codeblock',$body); $body = preg_replace_callback('/\[\$b64url(.*?)\[\/(url)\]/ism','\red_unescape_codeblock',$body); -- cgit v1.2.3 From 988028577b19d2cf2825eec65e398d447d8d4056 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Fri, 10 Nov 2017 13:50:52 -0800 Subject: set os_syspath in DAV file put operation so that photos will scale correctly. --- Zotlabs/Storage/File.php | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/Zotlabs/Storage/File.php b/Zotlabs/Storage/File.php index 332bf6896..947a9fde3 100644 --- a/Zotlabs/Storage/File.php +++ b/Zotlabs/Storage/File.php @@ -127,12 +127,15 @@ class File extends DAV\Node implements DAV\IFile { $is_photo = false; $album = ''; + $os_path = ''; - $r = q("SELECT flags, folder, os_storage, filename, is_photo FROM attach WHERE hash = '%s' AND uid = %d LIMIT 1", + $r = q("SELECT flags, folder, os_storage, os_path, filename, is_photo FROM attach WHERE hash = '%s' AND uid = %d LIMIT 1", dbesc($this->data['hash']), intval($c[0]['channel_id']) ); if ($r) { + $os_path = $r[0]['os_path']; + if (intval($r[0]['os_storage'])) { $d = q("select folder, content from attach where hash = '%s' and uid = %d limit 1", dbesc($this->data['hash']), @@ -150,7 +153,7 @@ class File extends DAV\Node implements DAV\IFile { } } $fname = dbunescbin($d[0]['content']); - if(strpos($fname,'store') === false) + if(strpos($fname,'store/') === false) $f = 'store/' . $this->auth->owner_nick . '/' . $fname ; else $f = $fname; @@ -196,7 +199,7 @@ class File extends DAV\Node implements DAV\IFile { if($is_photo) { require_once('include/photos.php'); - $args = array( 'resource_id' => $this->data['hash'], 'album' => $album, 'os_path' => $f, 'filename' => $r[0]['filename'], 'getimagesize' => $gis, 'directory' => $direct ); + $args = array( 'resource_id' => $this->data['hash'], 'album' => $album, 'os_syspath' => $f, 'os_path' => $os_path, 'filename' => $r[0]['filename'], 'getimagesize' => $gis, 'directory' => $direct ); $p = photo_upload($c[0],\App::get_observer(),$args); } -- cgit v1.2.3 From 34b38f06e00d929c3004ca7ee961405de0a209e1 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sat, 11 Nov 2017 12:23:20 -0800 Subject: also disable uploading in comments if the channel permissionlimits for view_storage aren't PERMS_PUBLIC. --- include/conversation.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/conversation.php b/include/conversation.php index 2ce4dacef..0b9df5acd 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -581,6 +581,9 @@ function conversation($items, $mode, $update, $page_mode = 'traditional', $prepa || $owner_channel['channel_deny_cid'] || $owner_channel['channel_deny_gid']) { $uploading = false; } + if(\Zotlabs\Access\PermissionLimits::Get($profile_owner,'view_storage') !== PERMS_PUBLIC) { + $uploading = false; + } } else { $uploading = false; -- cgit v1.2.3