From ebd52368bb134e57a54d853732b5b4970a8ce02b Mon Sep 17 00:00:00 2001 From: friendica Date: Sun, 16 Feb 2014 14:13:26 -0800 Subject: strip hard-wired zids from posted links as they will have the wrong identity when somebody tries to view the link --- mod/cloud.php | 4 ++-- mod/item.php | 8 +------- 2 files changed, 3 insertions(+), 9 deletions(-) (limited to 'mod') diff --git a/mod/cloud.php b/mod/cloud.php index 18b61f941..3606325bd 100644 --- a/mod/cloud.php +++ b/mod/cloud.php @@ -73,11 +73,11 @@ function cloud_init(&$a) { $_SERVER['QUERY_STRING'] = str_replace(array('?f=','&f='),array('',''),$_SERVER['QUERY_STRING']); - $_SERVER['QUERY_STRING'] = preg_replace('/[\?&]zid=(.*?)([\?&]|$)/ism','',$_SERVER['QUERY_STRING']); + $_SERVER['QUERY_STRING'] = strip_zids($_SERVER['QUERY_STRING']); $_SERVER['QUERY_STRING'] = preg_replace('/[\?&]davguest=(.*?)([\?&]|$)/ism','',$_SERVER['QUERY_STRING']); $_SERVER['REQUEST_URI'] = str_replace(array('?f=','&f='),array('',''),$_SERVER['REQUEST_URI']); - $_SERVER['REQUEST_URI'] = preg_replace('/[\?&]zid=(.*?)([\?&]|$)/ism','',$_SERVER['REQUEST_URI']); + $_SERVER['REQUEST_URI'] = strip_zids($_SERVER['REQUEST_URI']); $_SERVER['REQUEST_URI'] = preg_replace('/[\?&]davguest=(.*?)([\?&]|$)/ism','',$_SERVER['REQUEST_URI']); $rootDirectory = new RedDirectory('/',$auth); diff --git a/mod/item.php b/mod/item.php index 48f85f692..1c32a637a 100644 --- a/mod/item.php +++ b/mod/item.php @@ -423,19 +423,13 @@ function item_post(&$a) { /** * fix naked links by passing through a callback to see if this is a red site * (already known to us) which will get a zrl, otherwise link with url, add bookmark tag to both. - * First wrap any url which is part of link anchor text already in quotes so we don't double link it. - * e.g. [url=http://foobar.com]something with http://elsewhere.com in it[/url] - * becomes [url=http://foobar.com]something with "http://elsewhere.com" in it[/url] - * otherwise http://elsewhere.com becomes #^[url=http://elsewhere.com]http://elsewhere.com[/url] + * First protect any url inside certain bbcode tags so we don't double link it. */ $body = preg_replace_callback('/\[code(.*?)\[\/(code)\]/ism','red_escape_codeblock',$body); $body = preg_replace_callback('/\[url(.*?)\[\/(url)\]/ism','red_escape_codeblock',$body); $body = preg_replace_callback('/\[zrl(.*?)\[\/(zrl)\]/ism','red_escape_codeblock',$body); -// no longer needed -// $body = preg_replace_callback('/\[([uz])rl(.*?)\](.*?)(https?\:\/\/[a-zA-Z0-9\:\/\-\?\&\;\.\=\@\_\~\#\%\$\!\+\,]+)(.*?)\[\/([uz])rl\]/ism','red_escape_zrl_callback',$body); - $body = preg_replace_callback("/([^\]\='".'"'."]|^|\#\^)(https?\:\/\/[a-zA-Z0-9\:\/\-\?\&\;\.\=\@\_\~\#\%\$\!\+\,]+)/ism", 'red_zrl_callback', $body); $body = preg_replace_callback('/\[\$b64zrl(.*?)\[\/(zrl)\]/ism','red_unescape_codeblock',$body); -- cgit v1.2.3