From 090d9210062e1ab5a666210551eed30a61fd609c Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Fri, 12 Jul 2019 12:43:12 +0200 Subject: webfinger: better handling of URLs that contain a @ --- include/network.php | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'include') diff --git a/include/network.php b/include/network.php index c754625cd..f6992291d 100644 --- a/include/network.php +++ b/include/network.php @@ -1183,12 +1183,12 @@ function discover_by_webbie($webbie, $protocol = '') { */ function webfinger_rfc7033($webbie, $zot = false) { - if(strpos($webbie,'@')) { + if(filter_var($webbie, FILTER_VALIDATE_EMAIL)) { $lhs = substr($webbie,0,strpos($webbie,'@')); $rhs = substr($webbie,strpos($webbie,'@')+1); $resource = urlencode('acct:' . $webbie); } - else { + elseif(filter_var($webbie, FILTER_VALIDATE_URL)) { $m = parse_url($webbie); if($m) { if($m['scheme'] !== 'https') @@ -1197,9 +1197,10 @@ function webfinger_rfc7033($webbie, $zot = false) { $rhs = $m['host'] . (($m['port']) ? ':' . $m['port'] : ''); $resource = urlencode($webbie); } - else - return false; } + else + return false; + logger('fetching url from resource: ' . $rhs . ':' . $webbie); $counter = 0; @@ -1217,7 +1218,7 @@ function webfinger_rfc7033($webbie, $zot = false) { function old_webfinger($webbie) { $host = ''; - if(strstr($webbie,'@')) + if(filter_var($webbie, FILTER_VALIDATE_EMAIL)) $host = substr($webbie,strpos($webbie,'@') + 1); if(strlen($host)) { -- cgit v1.2.3 From db6e4d1c32f4260873b3fd1f9367390798c09ce6 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Sat, 13 Jul 2019 19:59:52 +0200 Subject: admin should be allowed to delete any item --- include/items.php | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) (limited to 'include') diff --git a/include/items.php b/include/items.php index 4fc659926..84bfc263b 100755 --- a/include/items.php +++ b/include/items.php @@ -3722,13 +3722,12 @@ function drop_item($id,$interactive = true,$stage = DROPITEM_NORMAL) { if(! $interactive) $ok_to_delete = true; - // owner deletion - if(local_channel() && local_channel() == $item['uid']) + // admin deletion + if(is_site_admin()) $ok_to_delete = true; - // sys owned item, requires site admin to delete - $sys = get_sys_channel(); - if(is_site_admin() && $sys['channel_id'] == $item['uid']) + // owner deletion + if(local_channel() && local_channel() == $item['uid']) $ok_to_delete = true; // author deletion -- cgit v1.2.3 From 3b73e5223e4a0f9dfae3a456ff5b3b6dec03ab76 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Mon, 15 Jul 2019 15:05:54 +0200 Subject: stringify_array_elms() could return weird results if the initial array key was not zero. this could trigger obscure bugs e.g. adding an empty string value to the recipients array in the notifier which could then select some broken hubloc/xchan entries. --- include/text.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/text.php b/include/text.php index a2dfda952..8ce6b5d7c 100644 --- a/include/text.php +++ b/include/text.php @@ -2456,8 +2456,8 @@ function magic_link($s) { * @param boolean $escape (optional) default false */ function stringify_array_elms(&$arr, $escape = false) { - for($x = 0; $x < count($arr); $x ++) - $arr[$x] = "'" . (($escape) ? dbesc($arr[$x]) : $arr[$x]) . "'"; + foreach($arr as $k => $v) + $arr[$k] = "'" . (($escape) ? dbesc($v) : $v) . "'"; } -- cgit v1.2.3 From 821af482f070bfc671d2f5b6480a370dc86f212e Mon Sep 17 00:00:00 2001 From: Max Kostikov Date: Tue, 16 Jul 2019 18:11:47 +0200 Subject: Exclude trailing punctuations from URL --- include/activities.php | 2 +- include/bbcode.php | 2 +- include/text.php | 4 ++-- include/zid.php | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) (limited to 'include') diff --git a/include/activities.php b/include/activities.php index 68c995338..f329e374c 100644 --- a/include/activities.php +++ b/include/activities.php @@ -51,7 +51,7 @@ function profile_activity($changed, $value) { if($t == 1 && strlen($value)) { // if it's a url, the HTML quotes will mess it up, so link it and don't try and zidify it because we don't know what it points to. - $value = preg_replace_callback("/([^\]\='".'"'."]|^|\#\^)(https?\:\/\/[a-zA-Z0-9\pL\:\/\-\?\&\;\.\=\@\_\~\#\%\$\!\+\,]+)/ismu", 'red_zrl_callback', $value); + $value = preg_replace_callback("/([^\]\='".'"'."]|^|\#\^)(https?\:\/\/[a-zA-Z0-9\pL\:\/\-\?\&\;\.\=\@\_\~\#\%\$\!\+\,]+)([\,\.\:\;]\s|$)/ismu", 'red_zrl_callback', $value); // take out the bookmark indicator if(substr($value,0,2) === '#^') $value = str_replace('#^','',$value); diff --git a/include/bbcode.php b/include/bbcode.php index 485a1f5b2..df91356de 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -70,7 +70,7 @@ function bb_tag_preg_replace($pattern, $replace, $name, $s) { function tryoembed($match) { - $url = ((count($match) == 2) ? $match[1] : $match[2]); + $url = ((count($match) == 3) ? $match[1] : $match[2]); $o = oembed_fetch_url($url); diff --git a/include/text.php b/include/text.php index 8ce6b5d7c..17fd1bfe4 100644 --- a/include/text.php +++ b/include/text.php @@ -3403,10 +3403,10 @@ function cleanup_bbcode($body) { $body = preg_replace_callback('/\[zrl(.*?)\[\/(zrl)\]/ism','\red_escape_codeblock',$body); $body = preg_replace_callback("/([^\]\='".'"'."\/\{]|^|\#\^)(https?\:\/\/[a-zA-Z0-9\pL\:\/\-\?\&\;\.\=\@\_\~\#\%\$\!\\ -+\,\(\)]+)/ismu", '\nakedoembed', $body); ++\,\(\)]+)([\,\.\:\;]\s|$)/ismu", '\nakedoembed', $body); $body = preg_replace_callback("/([^\]\='".'"'."\/\{]|^|\#\^)(https?\:\/\/[a-zA-Z0-9\pL\:\/\-\?\&\;\.\=\@\_\~\#\%\$\!\\ -+\,\(\)]+)/ismu", '\red_zrl_callback', $body); ++\,\(\)]+)([\,\.\:\;]\s|$)/ismu", '\red_zrl_callback', $body); $body = preg_replace_callback('/\[\$b64zrl(.*?)\[\/(zrl)\]/ism','\red_unescape_codeblock',$body); diff --git a/include/zid.php b/include/zid.php index 27ef0cefa..fc8a31094 100644 --- a/include/zid.php +++ b/include/zid.php @@ -216,9 +216,9 @@ function red_zrl_callback($matches) { if($matches[1] === '#^') $matches[1] = ''; if($zrl) - return $matches[1] . '#^[zrl=' . $matches[2] . ']' . $matches[2] . '[/zrl]'; + return $matches[1] . '#^[zrl=' . $matches[2] . ']' . $matches[2] . '[/zrl]' . $matches[3]; - return $matches[1] . '#^[url=' . $matches[2] . ']' . $matches[2] . '[/url]'; + return $matches[1] . '#^[url=' . $matches[2] . ']' . $matches[2] . '[/url]' . $matches[3]; } /** -- cgit v1.2.3 From c4de5b45dfead76bc564d306ac2c3f0c407dbe6f Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Thu, 18 Jul 2019 13:19:10 +0200 Subject: do not format hashtags with missing url --- include/text.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/text.php b/include/text.php index 17fd1bfe4..5a0e6ad3d 100644 --- a/include/text.php +++ b/include/text.php @@ -1572,7 +1572,9 @@ function format_hashtags(&$item) { $term = htmlspecialchars($t['term'], ENT_COMPAT, 'UTF-8', false) ; if(! trim($term)) continue; - if($t['url'] && strpos($item['body'], $t['url'])) + if(empty($t['url'])) + continue; + if(strpos($item['body'], $t['url'])) continue; if($s) $s .= ' '; -- cgit v1.2.3 From dc56d8560d0786a50f5131d114e0fb17b5b85d9c Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Mon, 22 Jul 2019 20:38:10 +0200 Subject: pleroma uses slightly different URLs in body - also look for the string --- include/text.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/text.php b/include/text.php index 5a0e6ad3d..1cde6bb01 100644 --- a/include/text.php +++ b/include/text.php @@ -1574,7 +1574,7 @@ function format_hashtags(&$item) { continue; if(empty($t['url'])) continue; - if(strpos($item['body'], $t['url'])) + if(strpos($item['body'], $t['url']) || strpos($item['body'], '#' . $t['term'])) continue; if($s) $s .= ' '; -- cgit v1.2.3 From 5695350e98a8a2c802ff419c5b29b0f01f0180df Mon Sep 17 00:00:00 2001 From: Max Kostikov Date: Thu, 25 Jul 2019 12:25:27 +0200 Subject: Revert "Merge branch 'dev' into 'dev'" This reverts merge request !1694 --- include/activities.php | 2 +- include/bbcode.php | 2 +- include/text.php | 4 ++-- include/zid.php | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) (limited to 'include') diff --git a/include/activities.php b/include/activities.php index f329e374c..68c995338 100644 --- a/include/activities.php +++ b/include/activities.php @@ -51,7 +51,7 @@ function profile_activity($changed, $value) { if($t == 1 && strlen($value)) { // if it's a url, the HTML quotes will mess it up, so link it and don't try and zidify it because we don't know what it points to. - $value = preg_replace_callback("/([^\]\='".'"'."]|^|\#\^)(https?\:\/\/[a-zA-Z0-9\pL\:\/\-\?\&\;\.\=\@\_\~\#\%\$\!\+\,]+)([\,\.\:\;]\s|$)/ismu", 'red_zrl_callback', $value); + $value = preg_replace_callback("/([^\]\='".'"'."]|^|\#\^)(https?\:\/\/[a-zA-Z0-9\pL\:\/\-\?\&\;\.\=\@\_\~\#\%\$\!\+\,]+)/ismu", 'red_zrl_callback', $value); // take out the bookmark indicator if(substr($value,0,2) === '#^') $value = str_replace('#^','',$value); diff --git a/include/bbcode.php b/include/bbcode.php index df91356de..485a1f5b2 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -70,7 +70,7 @@ function bb_tag_preg_replace($pattern, $replace, $name, $s) { function tryoembed($match) { - $url = ((count($match) == 3) ? $match[1] : $match[2]); + $url = ((count($match) == 2) ? $match[1] : $match[2]); $o = oembed_fetch_url($url); diff --git a/include/text.php b/include/text.php index 1cde6bb01..8adcc1269 100644 --- a/include/text.php +++ b/include/text.php @@ -3405,10 +3405,10 @@ function cleanup_bbcode($body) { $body = preg_replace_callback('/\[zrl(.*?)\[\/(zrl)\]/ism','\red_escape_codeblock',$body); $body = preg_replace_callback("/([^\]\='".'"'."\/\{]|^|\#\^)(https?\:\/\/[a-zA-Z0-9\pL\:\/\-\?\&\;\.\=\@\_\~\#\%\$\!\\ -+\,\(\)]+)([\,\.\:\;]\s|$)/ismu", '\nakedoembed', $body); ++\,\(\)]+)/ismu", '\nakedoembed', $body); $body = preg_replace_callback("/([^\]\='".'"'."\/\{]|^|\#\^)(https?\:\/\/[a-zA-Z0-9\pL\:\/\-\?\&\;\.\=\@\_\~\#\%\$\!\\ -+\,\(\)]+)([\,\.\:\;]\s|$)/ismu", '\red_zrl_callback', $body); ++\,\(\)]+)/ismu", '\red_zrl_callback', $body); $body = preg_replace_callback('/\[\$b64zrl(.*?)\[\/(zrl)\]/ism','\red_unescape_codeblock',$body); diff --git a/include/zid.php b/include/zid.php index fc8a31094..27ef0cefa 100644 --- a/include/zid.php +++ b/include/zid.php @@ -216,9 +216,9 @@ function red_zrl_callback($matches) { if($matches[1] === '#^') $matches[1] = ''; if($zrl) - return $matches[1] . '#^[zrl=' . $matches[2] . ']' . $matches[2] . '[/zrl]' . $matches[3]; + return $matches[1] . '#^[zrl=' . $matches[2] . ']' . $matches[2] . '[/zrl]'; - return $matches[1] . '#^[url=' . $matches[2] . ']' . $matches[2] . '[/url]' . $matches[3]; + return $matches[1] . '#^[url=' . $matches[2] . ']' . $matches[2] . '[/url]'; } /** -- cgit v1.2.3