Tupambae_Org/friendica_2021-01
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge remote-tracking branch 'upstream/develop' into develop

Browse source
This commit is contained in:
Andy H 2018-11-10 11:17:47 +07:00
parent 8821d33f73 d4a02dc314
commit 53e9203d37
116 changed files with 1927 additions and 1409 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
config/dbstructure.php
View file

@ -34,7 +34,7 @@
use Friendica\Database\DBA;
if (!defined('DB_UPDATE_VERSION')) {
define('DB_UPDATE_VERSION', 1289);
define('DB_UPDATE_VERSION', 1290);
}
return [
@ -1368,7 +1368,10 @@ return [
"pid" => ["pid"],
"parameter" => ["parameter(64)"],
"priority_created_next_try" => ["priority", "created", "next_try"],
"done_executed_next_try" => ["done", "executed", "next_try"]
"done_priority_executed_next_try" => ["done", "priority", "executed", "next_try"],
"done_executed_next_try" => ["done", "executed", "next_try"],
"done_priority_next_try" => ["done", "priority", "next_try"],
"done_next_try" => ["done", "next_try"]
]
]
];

31
include/api.php
View file

@ -43,6 +43,7 @@ use Friendica\Protocol\Diaspora;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Network;
use Friendica\Util\Proxy as ProxyUtils;
use Friendica\Util\Strings;
use Friendica\Util\XML;
require_once 'include/conversation.php';
@ -526,7 +527,7 @@ function api_get_user(App $a, $contact_id = null)
// Searching for contact URL
if (!is_null($contact_id) && (intval($contact_id) == 0)) {
$user = DBA::escape(normalise_link($contact_id));
$user = DBA::escape(Strings::normaliseLink($contact_id));
$url = $user;
$extra_query = "AND `contact`.`nurl` = '%s' ";
if (api_user() !== false) {
@ -571,7 +572,7 @@ function api_get_user(App $a, $contact_id = null)
}
if (is_null($user) && x($_GET, 'profileurl')) {
$user = DBA::escape(normalise_link($_GET['profileurl']));
$user = DBA::escape(Strings::normaliseLink($_GET['profileurl']));
$extra_query = "AND `contact`.`nurl` = '%s' ";
if (api_user() !== false) {
$extra_query .= "AND `contact`.`uid`=".intval(api_user());
@ -639,7 +640,7 @@ function api_get_user(App $a, $contact_id = null)
throw new BadRequestException("User not found.");
}
$contact = DBA::selectFirst('contact', [], ['uid' => 0, 'nurl' => normalise_link($url)]);
$contact = DBA::selectFirst('contact', [], ['uid' => 0, 'nurl' => Strings::normaliseLink($url)]);
if (DBA::isResult($contact)) {
$network_name = ContactSelector::networkToName($contact['network'], $contact['url']);
@ -2662,7 +2663,7 @@ function api_get_entitities(&$text, $bbcode)
"id" => $start+1,
"id_str" => (string)$start+1,
"indices" => [$start, $start+strlen($url)],
"media_url" => normalise_link($media_url),
"media_url" => Strings::normaliseLink($media_url),
"media_url_https" => $media_url,
"url" => $url,
"display_url" => $display_url,
@ -3665,8 +3666,8 @@ function api_friendships_destroy($type)
$url = $contact["url"];
$condition = ["`uid` = ? AND (`rel` = ? OR `rel` = ?) AND (`nurl` = ? OR `alias` = ? OR `alias` = ?)",
$uid, Contact::SHARING, Contact::FRIEND, normalise_link($url),
normalise_link($url), $url];
$uid, Contact::SHARING, Contact::FRIEND, Strings::normaliseLink($url),
Strings::normaliseLink($url), $url];
$contact = DBA::selectFirst('contact', [], $condition);
if (!DBA::isResult($contact)) {
@ -3790,9 +3791,9 @@ function api_direct_messages_box($type, $box, $verbose)
foreach ($r as $item) {
if ($box == "inbox" || $item['from-url'] != $profile_url) {
$recipient = $user_info;
$sender = api_get_user($a, normalise_link($item['contact-url']));
$sender = api_get_user($a, Strings::normaliseLink($item['contact-url']));
} elseif ($box == "sentbox" || $item['from-url'] == $profile_url) {
$recipient = api_get_user($a, normalise_link($item['contact-url']));
$recipient = api_get_user($a, Strings::normaliseLink($item['contact-url']));
$sender = $user_info;
}
@ -4499,7 +4500,7 @@ function save_media_to_database($mediatype, $media, $type, $album, $allow_cid, $
// check against max upload size within Friendica instance
$maximagesize = Config::get('system', 'maximagesize');
if ($maximagesize && ($filesize > $maximagesize)) {
$formattedBytes = formatBytes($maximagesize);
$formattedBytes = Strings::formatBytes($maximagesize);
throw new InternalServerErrorException("image size exceeds Friendica config setting (uploaded size: $formattedBytes)");
}
@ -4779,7 +4780,7 @@ function api_friendica_remoteauth()
throw new BadRequestException("Wrong parameters.");
}
$c_url = normalise_link($c_url);
$c_url = Strings::normaliseLink($c_url);
// traditional DFRN
@ -4802,7 +4803,7 @@ function api_friendica_remoteauth()
$dfrn_id = '0:' . $orig_id;
}
$sec = random_string();
$sec = Strings::getRandomHex();
$fields = ['uid' => api_user(), 'cid' => $cid, 'dfrn_id' => $dfrn_id,
'sec' => $sec, 'expire' => time() + 45];
@ -4943,7 +4944,7 @@ function api_get_nick($profile)
$r = q(
"SELECT `nick` FROM `contact` WHERE `uid` = 0 AND `nurl` = '%s'",
DBA::escape(normalise_link($profile))
DBA::escape(Strings::normaliseLink($profile))
);
if (DBA::isResult($r)) {
@ -4953,7 +4954,7 @@ function api_get_nick($profile)
if (!$nick == "") {
$r = q(
"SELECT `nick` FROM `contact` WHERE `uid` = 0 AND `nurl` = '%s'",
DBA::escape(normalise_link($profile))
DBA::escape(Strings::normaliseLink($profile))
);
if (DBA::isResult($r)) {
@ -5836,9 +5837,9 @@ function api_friendica_direct_messages_search($type, $box = "")
foreach ($r as $item) {
if ($box == "inbox" || $item['from-url'] != $profile_url) {
$recipient = $user_info;
$sender = api_get_user($a, normalise_link($item['contact-url']));
$sender = api_get_user($a, Strings::normaliseLink($item['contact-url']));
} elseif ($box == "sentbox" || $item['from-url'] == $profile_url) {
$recipient = api_get_user($a, normalise_link($item['contact-url']));
$recipient = api_get_user($a, Strings::normaliseLink($item['contact-url']));
$sender = $user_info;
}

9
include/conversation.php
View file

@ -26,6 +26,7 @@ use Friendica\Object\Thread;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Proxy as ProxyUtils;
use Friendica\Util\Temporal;
use Friendica\Util\Strings;
use Friendica\Util\XML;
use Friendica\Util\Crypto;
@ -482,7 +483,7 @@ function conversation(App $a, array $items, Pager $pager, $mode, $update, $previ
if (!$update) {
$tab = 'posts';
if (x($_GET, 'tab')) {
$tab = notags(trim($_GET['tab']));
$tab = Strings::escapeTags(trim($_GET['tab']));
}
if ($tab === 'posts') {
/*
@ -638,7 +639,7 @@ function conversation(App $a, array $items, Pager $pager, $mode, $update, $previ
$lock = false;
$likebuttons = false;
$body = prepare_body($item, true, $preview);
$body = Item::prepareBody($item, true, $preview);
list($categories, $folders) = get_cats_and_terms($item);
@ -689,7 +690,7 @@ function conversation(App $a, array $items, Pager $pager, $mode, $update, $previ
'owner_name' => $owner_name_e,
'owner_url' => $owner_url,
'owner_photo' => System::removedBaseUrl(ProxyUtils::proxifyUrl($item['owner-avatar'], false, ProxyUtils::SIZE_THUMB)),
'plink' => get_plink($item),
'plink' => Item::getPlink($item),
'edpost' => false,
'isstarred' => $isstarred,
'star' => $star,
@ -842,7 +843,7 @@ function item_photo_menu($item) {
$cid = 0;
$network = '';
$rel = 0;
$condition = ['uid' => local_user(), 'nurl' => normalise_link($item['author-link'])];
$condition = ['uid' => local_user(), 'nurl' => Strings::normaliseLink($item['author-link'])];
$contact = DBA::selectFirst('contact', ['id', 'network', 'rel'], $condition);
if (DBA::isResult($contact)) {
$cid = $contact['id'];

11
include/enotify.php
View file

@ -15,6 +15,7 @@ use Friendica\Model\Contact;
use Friendica\Model\Item;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Emailer;
use Friendica\Util\Strings;
/**
* @brief Creates a notification entry and possibly sends a mail
@ -157,7 +158,7 @@ function notification($params)
$item = Item::selectFirstForUser($params['uid'], Item::ITEM_FIELDLIST, ['id' => $parent_id]);
}
$item_post_type = item_post_type($item);
$item_post_type = Item::postType($item);
$itemlink = $item['plink'];
// "a post"
@ -457,7 +458,7 @@ function notification($params)
Logger::log("adding notification entry", Logger::DEBUG);
do {
$dups = false;
$hash = random_string();
$hash = Strings::getRandomHex();
if (DBA::exists('notify', ['hash' => $hash])) {
$dups = true;
}
@ -703,11 +704,11 @@ function check_item_notification($itemid, $uid, $defaulttype = "") {
// Check for invalid profile urls. 13 should be the shortest possible profile length:
// http://a.bc/d
// Additionally check for invalid urls that would return the normalised value "http:"
if ((strlen($profile) >= 13) && (normalise_link($profile) != "http:")) {
if ((strlen($profile) >= 13) && (Strings::normaliseLink($profile) != "http:")) {
if (!in_array($profile, $profiles2))
$profiles2[] = $profile;
$profile = normalise_link($profile);
$profile = Strings::normaliseLink($profile);
if (!in_array($profile, $profiles2))
$profiles2[] = $profile;
@ -761,7 +762,7 @@ function check_item_notification($itemid, $uid, $defaulttype = "") {
if (DBA::isResult($tags)) {
foreach ($tags AS $tag) {
$condition = ['nurl' => normalise_link($tag["url"]), 'uid' => $uid, 'notify_new_posts' => true];
$condition = ['nurl' => Strings::normaliseLink($tag["url"]), 'uid' => $uid, 'notify_new_posts' => true];
$r = DBA::exists('contact', $condition);
if ($r) {
$send_notification = true;

3
include/items.php
View file

@ -21,6 +21,7 @@ use Friendica\Protocol\OStatus;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Network;
use Friendica\Util\ParseUrl;
use Friendica\Util\Strings;
use Friendica\Util\Temporal;
require_once 'include/text.php';
@ -308,7 +309,7 @@ function subscribe_to_hub($url, array $importer, array $contact, $hubmode = 'sub
$push_url = System::baseUrl() . '/pubsub/' . $user['nickname'] . '/' . $contact['id'];
// Use a single verify token, even if multiple hubs
$verify_token = ((strlen($contact['hub-verify'])) ? $contact['hub-verify'] : random_string());
$verify_token = ((strlen($contact['hub-verify'])) ? $contact['hub-verify'] : Strings::getRandomHex());
$params= 'hub.mode=' . $hubmode . '&hub.callback=' . urlencode($push_url) . '&hub.topic=' . urlencode($contact['poll']) . '&hub.verify=async&hub.verify_token=' . $verify_token;

645
include/text.php
View file

@ -26,144 +26,12 @@ use Friendica\Util\Proxy as ProxyUtils;
use Friendica\Core\Logger;
use Friendica\Core\Renderer;
use Friendica\Model\FileTag;
use Friendica\Util\Strings;
use Friendica\Util\XML;
use Friendica\Content\Text\HTML;
require_once "include/conversation.php";
/**
* @brief Generates a pseudo-random string of hexadecimal characters
*
* @param int $size
* @return string
*/
function random_string($size = 64)
{
$byte_size = ceil($size / 2);
$bytes = random_bytes($byte_size);
$return = substr(bin2hex($bytes), 0, $size);
return $return;
}
/**
* This is our primary input filter.
*
* The high bit hack only involved some old IE browser, forget which (IE5/Mac?)
* that had an XSS attack vector due to stripping the high-bit on an 8-bit character
* after cleansing, and angle chars with the high bit set could get through as markup.
*
* This is now disabled because it was interfering with some legitimate unicode sequences
* and hopefully there aren't a lot of those browsers left.
*
* Use this on any text input where angle chars are not valid or permitted
* They will be replaced with safer brackets. This may be filtered further
* if these are not allowed either.
*
* @param string $string Input string
* @return string Filtered string
*/
function notags($string) {
return str_replace(["<", ">"], ['[', ']'], $string);
// High-bit filter no longer used
// return str_replace(array("<",">","\xBA","\xBC","\xBE"), array('[',']','','',''), $string);
}
/**
* use this on "body" or "content" input where angle chars shouldn't be removed,
* and allow them to be safely displayed.
* @param string $string
* @return string
*/
function escape_tags($string) {
return htmlspecialchars($string, ENT_COMPAT, 'UTF-8', false);
}
/**
* generate a string that's random, but usually pronounceable.
* used to generate initial passwords
* @param int $len
* @return string
*/
function autoname($len) {
if ($len <= 0) {
return '';
}
$vowels = ['a','a','ai','au','e','e','e','ee','ea','i','ie','o','ou','u'];
if (mt_rand(0, 5) == 4) {
$vowels[] = 'y';
}
$cons = [
'b','bl','br',
'c','ch','cl','cr',
'd','dr',
'f','fl','fr',
'g','gh','gl','gr',
'h',
'j',
'k','kh','kl','kr',
'l',
'm',
'n',
'p','ph','pl','pr',
'qu',
'r','rh',
's','sc','sh','sm','sp','st',
't','th','tr',
'v',
'w','wh',
'x',
'z','zh'
];
$midcons = ['ck','ct','gn','ld','lf','lm','lt','mb','mm', 'mn','mp',
'nd','ng','nk','nt','rn','rp','rt'];
$noend = ['bl', 'br', 'cl','cr','dr','fl','fr','gl','gr',
'kh', 'kl','kr','mn','pl','pr','rh','tr','qu','wh','q'];
$start = mt_rand(0,2);
if ($start == 0) {
$table = $vowels;
} else {
$table = $cons;
}
$word = '';
for ($x = 0; $x < $len; $x ++) {
$r = mt_rand(0,count($table) - 1);
$word .= $table[$r];
if ($table == $vowels) {
$table = array_merge($cons,$midcons);
} else {
$table = $vowels;
}
}
$word = substr($word,0,$len);
foreach ($noend as $noe) {
$noelen = strlen($noe);
if ((strlen($word) > $noelen) && (substr($word, -$noelen) == $noe)) {
$word = autoname($len);
break;
}
}
return $word;
}
/**
* Turn user/group ACLs stored as angle bracketed text into arrays
*
@ -194,7 +62,7 @@ function expand_acl($s) {
*/
function sanitise_acl(&$item) {
if (intval($item)) {
$item = '<' . intval(notags(trim($item))) . '>';
$item = '<' . intval(Strings::escapeTags(trim($item))) . '>';
} else {
unset($item);
}
@ -255,78 +123,6 @@ function activity_match($haystack,$needle) {
return (($haystack === $needle) || ((basename($needle) === $haystack) && strstr($needle, NAMESPACE_ACTIVITY_SCHEMA)));
}
/**
* @brief Pull out all #hashtags and @person tags from $string.
*
* We also get @person@domain.com - which would make
* the regex quite complicated as tags can also
* end a sentence. So we'll run through our results
* and strip the period from any tags which end with one.
* Returns array of tags found, or empty array.
*
* @param string $string Post content
* @return array List of tag and person names
*/
function get_tags($string) {
$ret = [];
// Convert hashtag links to hashtags
$string = preg_replace('/#\[url\=([^\[\]]*)\](.*?)\[\/url\]/ism', '#$2', $string);
// ignore anything in a code block
$string = preg_replace('/\[code\](.*?)\[\/code\]/sm', '', $string);
// Force line feeds at bbtags
$string = str_replace(['[', ']'], ["\n[", "]\n"], $string);
// ignore anything in a bbtag
$string = preg_replace('/\[(.*?)\]/sm', '', $string);
// Match full names against @tags including the space between first and last
// We will look these up afterward to see if they are full names or not recognisable.
if (preg_match_all('/(@[^ \x0D\x0A,:?]+ [^ \x0D\x0A@,:?]+)([ \x0D\x0A@,:?]|$)/', $string, $matches)) {
foreach ($matches[1] as $match) {
if (strstr($match, ']')) {
// we might be inside a bbcode color tag - leave it alone
continue;
}
if (substr($match, -1, 1) === '.') {
$ret[] = substr($match, 0, -1);
} else {
$ret[] = $match;
}
}
}
// Otherwise pull out single word tags. These can be @nickname, @first_last
// and #hash tags.
if (preg_match_all('/([!#@][^\^ \x0D\x0A,;:?]+)([ \x0D\x0A,;:?]|$)/', $string, $matches)) {
foreach ($matches[1] as $match) {
if (strstr($match, ']')) {
// we might be inside a bbcode color tag - leave it alone
continue;
}
if (substr($match, -1, 1) === '.') {
$match = substr($match,0,-1);
}
// ignore strictly numeric tags like #1
if ((strpos($match, '#') === 0) && ctype_digit(substr($match, 1))) {
continue;
}
// try not to catch url fragments
if (strpos($string, $match) && preg_match('/[a-zA-z0-9\/]/', substr($string, strpos($string, $match) - 1, 1))) {
continue;
}
$ret[] = $match;
}
}
return $ret;
}
/**
* quick and dirty quoted_printable encoding
*
@ -337,45 +133,6 @@ function qp($s) {
return str_replace("%", "=", rawurlencode($s));
}
/**
* @brief Check for a valid email string
*
* @param string $email_address
* @return boolean
*/
function valid_email($email_address)
{
return preg_match('/^[_a-zA-Z0-9\-\+]+(\.[_a-zA-Z0-9\-\+]+)*@[a-zA-Z0-9-]+(\.[a-zA-Z0-9-]+)+$/', $email_address);
}
/**
* Normalize url
*
* @param string $url
* @return string
*/
function normalise_link($url) {
$ret = str_replace(['https:', '//www.'], ['http:', '//'], $url);
return rtrim($ret,'/');
}
/**
* Compare two URLs to see if they are the same, but ignore
* slight but hopefully insignificant differences such as if one
* is https and the other isn't, or if one is www.something and
* the other isn't - and also ignore case differences.
*
* @param string $a first url
* @param string $b second url
* @return boolean True if the URLs match, otherwise False
*
*/
function link_compare($a, $b) {
return (strcasecmp(normalise_link($a), normalise_link($b)) === 0);
}
/**
* @brief Find any non-embedded images in private items and add redir links to them
*
@ -400,236 +157,6 @@ function redir_private_images($a, &$item)
}
}
/**
* Sets the "rendered-html" field of the provided item
*
* Body is preserved to avoid side-effects as we modify it just-in-time for spoilers and private image links
*
* @param array $item
* @param bool $update
*
* @todo Remove reference, simply return "rendered-html" and "rendered-hash"
*/
function put_item_in_cache(&$item, $update = false)
{
$body = $item["body"];
$rendered_hash = defaults($item, 'rendered-hash', '');
$rendered_html = defaults($item, 'rendered-html', '');
if ($rendered_hash == ''
|| $rendered_html == ""
|| $rendered_hash != hash("md5", $item["body"])
|| Config::get("system", "ignore_cache")
) {
$a = get_app();
redir_private_images($a, $item);
$item["rendered-html"] = prepare_text($item["body"]);
$item["rendered-hash"] = hash("md5", $item["body"]);
$hook_data = ['item' => $item, 'rendered-html' => $item['rendered-html'], 'rendered-hash' => $item['rendered-hash']];
Addon::callHooks('put_item_in_cache', $hook_data);
$item['rendered-html'] = $hook_data['rendered-html'];
$item['rendered-hash'] = $hook_data['rendered-hash'];
unset($hook_data);
// Force an update if the generated values differ from the existing ones
if ($rendered_hash != $item["rendered-hash"]) {
$update = true;
}
// Only compare the HTML when we forcefully ignore the cache
if (Config::get("system", "ignore_cache") && ($rendered_html != $item["rendered-html"])) {
$update = true;
}
if ($update && !empty($item["id"])) {
Item::update(['rendered-html' => $item["rendered-html"], 'rendered-hash' => $item["rendered-hash"]],
['id' => $item["id"]]);
}
}
$item["body"] = $body;
}
/**
* @brief Given an item array, convert the body element from bbcode to html and add smilie icons.
* If attach is true, also add icons for item attachments.
*
* @param array $item
* @param boolean $attach
* @param boolean $is_preview
* @return string item body html
* @hook prepare_body_init item array before any work
* @hook prepare_body_content_filter ('item'=>item array, 'filter_reasons'=>string array) before first bbcode to html
* @hook prepare_body ('item'=>item array, 'html'=>body string, 'is_preview'=>boolean, 'filter_reasons'=>string array) after first bbcode to html
* @hook prepare_body_final ('item'=>item array, 'html'=>body string) after attach icons and blockquote special case handling (spoiler, author)
*/
function prepare_body(array &$item, $attach = false, $is_preview = false)
{
$a = get_app();
Addon::callHooks('prepare_body_init', $item);
// In order to provide theme developers more possibilities, event items
// are treated differently.
if ($item['object-type'] === ACTIVITY_OBJ_EVENT && isset($item['event-id'])) {
$ev = Event::getItemHTML($item);
return $ev;
}
$tags = \Friendica\Model\Term::populateTagsFromItem($item);
$item['tags'] = $tags['tags'];
$item['hashtags'] = $tags['hashtags'];
$item['mentions'] = $tags['mentions'];
// Compile eventual content filter reasons
$filter_reasons = [];
if (!$is_preview && public_contact() != $item['author-id']) {
if (!empty($item['content-warning']) && (!local_user() || !PConfig::get(local_user(), 'system', 'disable_cw', false))) {
$filter_reasons[] = L10n::t('Content warning: %s', $item['content-warning']);
}
$hook_data = [
'item' => $item,
'filter_reasons' => $filter_reasons
];
Addon::callHooks('prepare_body_content_filter', $hook_data);
$filter_reasons = $hook_data['filter_reasons'];
unset($hook_data);
}
// Update the cached values if there is no "zrl=..." on the links.
$update = (!local_user() && !remote_user() && ($item["uid"] == 0));
// Or update it if the current viewer is the intented viewer.
if (($item["uid"] == local_user()) && ($item["uid"] != 0)) {
$update = true;
}
put_item_in_cache($item, $update);
$s = $item["rendered-html"];
$hook_data = [
'item' => $item,
'html' => $s,
'preview' => $is_preview,
'filter_reasons' => $filter_reasons
];
Addon::callHooks('prepare_body', $hook_data);
$s = $hook_data['html'];
unset($hook_data);
if (!$attach) {
// Replace the blockquotes with quotes that are used in mails.
$mailquote = '<blockquote type="cite" class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">';
$s = str_replace(['<blockquote>', '<blockquote class="spoiler">', '<blockquote class="author">'], [$mailquote, $mailquote, $mailquote], $s);
return $s;
}
$as = '';
$vhead = false;
$matches = [];
preg_match_all('|\[attach\]href=\"(.*?)\" length=\"(.*?)\" type=\"(.*?)\"(?: title=\"(.*?)\")?|', $item['attach'], $matches, PREG_SET_ORDER);
foreach ($matches as $mtch) {
$mime = $mtch[3];
$the_url = Contact::magicLinkById($item['author-id'], $mtch[1]);
if (strpos($mime, 'video') !== false) {
if (!$vhead) {
$vhead = true;
$a->page['htmlhead'] .= Renderer::replaceMacros(Renderer::getMarkupTemplate('videos_head.tpl'), [
'$baseurl' => System::baseUrl(),
]);
}
$url_parts = explode('/', $the_url);
$id = end($url_parts);
$as .= Renderer::replaceMacros(Renderer::getMarkupTemplate('video_top.tpl'), [
'$video' => [
'id' => $id,
'title' => L10n::t('View Video'),
'src' => $the_url,
'mime' => $mime,
],
]);
}
$filetype = strtolower(substr($mime, 0, strpos($mime, '/')));
if ($filetype) {
$filesubtype = strtolower(substr($mime, strpos($mime, '/') + 1));
$filesubtype = str_replace('.', '-', $filesubtype);
} else {
$filetype = 'unkn';
$filesubtype = 'unkn';
}
$title = escape_tags(trim(!empty($mtch[4]) ? $mtch[4] : $mtch[1]));
$title .= ' ' . $mtch[2] . ' ' . L10n::t('bytes');
$icon = '<div class="attachtype icon s22 type-' . $filetype . ' subtype-' . $filesubtype . '"></div>';
$as .= '<a href="' . strip_tags($the_url) . '" title="' . $title . '" class="attachlink" target="_blank" >' . $icon . '</a>';
}
if ($as != '') {
$s .= '<div class="body-attach">'.$as.'<div class="clear"></div></div>';
}
// Map.
if (strpos($s, '<div class="map">') !== false && x($item, 'coord')) {
$x = Map::byCoordinates(trim($item['coord']));
if ($x) {
$s = preg_replace('/\<div class\=\"map\"\>/', '$0' . $x, $s);
}
}
// Look for spoiler.
$spoilersearch = '<blockquote class="spoiler">';
// Remove line breaks before the spoiler.
while ((strpos($s, "\n" . $spoilersearch) !== false)) {
$s = str_replace("\n" . $spoilersearch, $spoilersearch, $s);
}
while ((strpos($s, "<br />" . $spoilersearch) !== false)) {
$s = str_replace("<br />" . $spoilersearch, $spoilersearch, $s);
}
while ((strpos($s, $spoilersearch) !== false)) {
$pos = strpos($s, $spoilersearch);
$rnd = random_string(8);
$spoilerreplace = '<br /> <span id="spoiler-wrap-' . $rnd . '" class="spoiler-wrap fakelink" onclick="openClose(\'spoiler-' . $rnd . '\');">' . L10n::t('Click to open/close') . '</span>'.
'<blockquote class="spoiler" id="spoiler-' . $rnd . '" style="display: none;">';
$s = substr($s, 0, $pos) . $spoilerreplace . substr($s, $pos + strlen($spoilersearch));
}
// Look for quote with author.
$authorsearch = '<blockquote class="author">';
while ((strpos($s, $authorsearch) !== false)) {
$pos = strpos($s, $authorsearch);
$rnd = random_string(8);
$authorreplace = '<br /> <span id="author-wrap-' . $rnd . '" class="author-wrap fakelink" onclick="openClose(\'author-' . $rnd . '\');">' . L10n::t('Click to open/close') . '</span>'.
'<blockquote class="author" id="author-' . $rnd . '" style="display: block;">';
$s = substr($s, 0, $pos) . $authorreplace . substr($s, $pos + strlen($authorsearch));
}
// Replace friendica image url size with theme preference.
if (x($a->theme_info, 'item_image_size')){
$ps = $a->theme_info['item_image_size'];
$s = preg_replace('|(<img[^>]+src="[^"]+/photo/[0-9a-f]+)-[0-9]|', "$1-" . $ps, $s);
}
$s = HTML::applyContentFilter($s, $filter_reasons);
$hook_data = ['item' => $item, 'html' => $s];
Addon::callHooks('prepare_body_final', $hook_data);
return $hook_data['html'];
}
/**
* @brief Given a text string, convert from bbcode to html and add smilie icons.
*
@ -723,42 +250,6 @@ function get_cats_and_terms($item)
return [$categories, $folders];
}
/**
* get private link for item
* @param array $item
* @return boolean|array False if item has not plink, otherwise array('href'=>plink url, 'title'=>translated title)
*/
function get_plink($item) {
$a = get_app();
if ($a->user['nickname'] != "") {
$ret = [
//'href' => "display/" . $a->user['nickname'] . "/" . $item['id'],
'href' => "display/" . $item['guid'],
'orig' => "display/" . $item['guid'],
'title' => L10n::t('View on separate page'),
'orig_title' => L10n::t('view on separate page'),
];
if (x($item, 'plink')) {
$ret["href"] = $a->removeBaseURL($item['plink']);
$ret["title"] = L10n::t('link to source');
}
} elseif (x($item, 'plink') && ($item['private'] != 1)) {
$ret = [
'href' => $item['plink'],
'orig' => $item['plink'],
'title' => L10n::t('link to source'),
];
} else {
$ret = [];
}
return $ret;
}
/**
* return number of bytes in size (K, M, G)
* @param string $size_str
@ -773,53 +264,6 @@ function return_bytes($size_str) {
}
}
/**
* @param string $s
* @param boolean $strip_padding
* @return string
*/
function base64url_encode($s, $strip_padding = false) {
$s = strtr(base64_encode($s), '+/', '-_');
if ($strip_padding) {
$s = str_replace('=','',$s);
}
return $s;
}
/**
* @param string $s
* @return string
*/
function base64url_decode($s) {
if (is_array($s)) {
Logger::log('base64url_decode: illegal input: ' . print_r(debug_backtrace(), true));
return $s;
}
/*
* // Placeholder for new rev of salmon which strips base64 padding.
* // PHP base64_decode handles the un-padded input without requiring this step
* // Uncomment if you find you need it.
*
* $l = strlen($s);
* if (!strpos($s,'=')) {
* $m = $l % 4;
* if ($m == 2)
* $s .= '==';
* if ($m == 3)
* $s .= '=';
* }
*
*/
return base64_decode(strtr($s,'-_','+/'));
}
function bb_translate_video($s) {
$matches = null;
@ -836,31 +280,6 @@ function bb_translate_video($s) {
return $s;
}
/**
* get translated item type
*
* @param array $itme
* @return string
*/
function item_post_type($item) {
if (!empty($item['event-id'])) {
return L10n::t('event');
} elseif (!empty($item['resource-id'])) {
return L10n::t('photo');
} elseif (!empty($item['verb']) && $item['verb'] !== ACTIVITY_POST) {
return L10n::t('activity');
} elseif ($item['id'] != $item['parent']) {
return L10n::t('comment');
}
return L10n::t('post');
}
function normalise_openid($s) {
return trim(str_replace(['http://', 'https://'], ['', ''], $s), '/');
}
function undo_post_tagging($s) {
$matches = null;
$cnt = preg_match_all('/([!#@])\[url=(.*?)\](.*?)\[\/url\]/ism', $s, $matches, PREG_SET_ORDER);
@ -876,10 +295,6 @@ function undo_post_tagging($s) {
return $s;
}
function protect_sprintf($s) {
return str_replace('%', '%%', $s);
}
/// @TODO Rewrite this
function is_a_date_arg($s) {
$i = intval($s);
@ -898,59 +313,3 @@ function is_a_date_arg($s) {
return false;
}
/**
* remove intentation from a text
*/
function deindent($text, $chr = "[\t ]", $count = NULL) {
$lines = explode("\n", $text);
if (is_null($count)) {
$m = [];
$k = 0;
while ($k < count($lines) && strlen($lines[$k]) == 0) {
$k++;
}
preg_match("|^" . $chr . "*|", $lines[$k], $m);
$count = strlen($m[0]);
}
for ($k = 0; $k < count($lines); $k++) {
$lines[$k] = preg_replace("|^" . $chr . "{" . $count . "}|", "", $lines[$k]);
}
return implode("\n", $lines);
}
function formatBytes($bytes, $precision = 2) {
$units = ['B', 'KB', 'MB', 'GB', 'TB'];
$bytes = max($bytes, 0);
$pow = floor(($bytes ? log($bytes) : 0) / log(1024));
$pow = min($pow, count($units) - 1);
$bytes /= pow(1024, $pow);
return round($bytes, $precision) . ' ' . $units[$pow];
}
/**
* @brief translate and format the networkname of a contact
*
* @param string $network
* Networkname of the contact (e.g. dfrn, rss and so on)
* @param sting $url
* The contact url
* @return string
*/
function format_network_name($network, $url = 0) {
if ($network != "") {
if ($url != "") {
$network_name = '<a href="'.$url.'">'.ContactSelector::networkToName($network, $url)."</a>";
} else {
$network_name = ContactSelector::networkToName($network);
}
return $network_name;
}
}

3
mod/acl.php
View file

@ -12,6 +12,7 @@ use Friendica\Database\DBA;
use Friendica\Model\Contact;
use Friendica\Model\Item;
use Friendica\Util\Proxy as ProxyUtils;
use Friendica\Util\Strings;
require_once 'include/dba.php';
@ -188,7 +189,7 @@ function acl_content(App $a)
);
} elseif ($type == 'x') {
// autocomplete for global contact search (e.g. navbar search)
$search = notags(trim($_REQUEST['search']));
$search = Strings::escapeTags(trim($_REQUEST['search']));
$mode = $_REQUEST['smode'];
$r = ACL::contactAutocomplete($search, $mode);

71
mod/admin.php
View file

@ -30,6 +30,7 @@ use Friendica\Module\Tos;
use Friendica\Util\Arrays;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Network;
use Friendica\Util\Strings;
use Friendica\Util\Temporal;
require_once 'include/enotify.php';
@ -416,8 +417,8 @@ function admin_page_blocklist_post(App $a)
// Add new item to blocklist
$blocklist = Config::get('system', 'blocklist');
$blocklist[] = [
'domain' => notags(trim($_POST['newentry_domain'])),
'reason' => notags(trim($_POST['newentry_reason']))
'domain' => Strings::escapeTags(trim($_POST['newentry_domain'])),
'reason' => Strings::escapeTags(trim($_POST['newentry_reason']))
];
Config::set('system', 'blocklist', $blocklist);
info(L10n::t('Server added to blocklist.') . EOL);
@ -426,8 +427,8 @@ function admin_page_blocklist_post(App $a)
$blocklist = [];
foreach ($_POST['domain'] as $id => $domain) {
// Trimming whitespaces as well as any lingering slashes
$domain = notags(trim($domain, "\x00..\x1F/"));
$reason = notags(trim($_POST['reason'][$id]));
$domain = Strings::escapeTags(trim($domain, "\x00..\x1F/"));
$reason = Strings::escapeTags(trim($_POST['reason'][$id]));
if (!x($_POST['delete'][$id])) {
$blocklist[] = [
'domain' => $domain,
@ -565,7 +566,7 @@ function admin_page_deleteitem_post(App $a)
BaseModule::checkFormSecurityTokenRedirectOnError('/admin/deleteitem/', 'admin_deleteitem');
if (x($_POST['page_deleteitem_submit'])) {
$guid = trim(notags($_POST['deleteitemguid']));
$guid = trim(Strings::escapeTags($_POST['deleteitemguid']));
// The GUID should not include a "/", so if there is one, we got an URL
// and the last part of it is most likely the GUID.
if (strpos($guid, '/')) {
@ -996,8 +997,8 @@ function admin_page_site_post(App $a)
$old_url = $a->getBaseURL(true);
// Generate host names for relocation the addresses in the format user@address.tld
$new_host = str_replace("http://", "@", normalise_link($new_url));
$old_host = str_replace("http://", "@", normalise_link($old_url));
$new_host = str_replace("http://", "@", Strings::normaliseLink($new_url));
$old_host = str_replace("http://", "@", Strings::normaliseLink($old_url));
function update_table(App $a, $table_name, $fields, $old_url, $new_url)
{
@ -1048,16 +1049,16 @@ function admin_page_site_post(App $a)
}
// end relocate
$sitename = ((x($_POST,'sitename')) ? notags(trim($_POST['sitename'])) : '');
$hostname = ((x($_POST,'hostname')) ? notags(trim($_POST['hostname'])) : '');
$sender_email = ((x($_POST,'sender_email')) ? notags(trim($_POST['sender_email'])) : '');
$sitename = ((x($_POST,'sitename')) ? Strings::escapeTags(trim($_POST['sitename'])) : '');
$hostname = ((x($_POST,'hostname')) ? Strings::escapeTags(trim($_POST['hostname'])) : '');
$sender_email = ((x($_POST,'sender_email')) ? Strings::escapeTags(trim($_POST['sender_email'])) : '');
$banner = ((x($_POST,'banner')) ? trim($_POST['banner']) : false);
$shortcut_icon = ((x($_POST,'shortcut_icon')) ? notags(trim($_POST['shortcut_icon'])) : '');
$touch_icon = ((x($_POST,'touch_icon')) ? notags(trim($_POST['touch_icon'])) : '');
$shortcut_icon = ((x($_POST,'shortcut_icon')) ? Strings::escapeTags(trim($_POST['shortcut_icon'])) : '');
$touch_icon = ((x($_POST,'touch_icon')) ? Strings::escapeTags(trim($_POST['touch_icon'])) : '');
$info = ((x($_POST,'info')) ? trim($_POST['info']) : false);
$language = ((x($_POST,'language')) ? notags(trim($_POST['language'])) : '');
$theme = ((x($_POST,'theme')) ? notags(trim($_POST['theme'])) : '');
$theme_mobile = ((x($_POST,'theme_mobile')) ? notags(trim($_POST['theme_mobile'])) : '');
$language = ((x($_POST,'language')) ? Strings::escapeTags(trim($_POST['language'])) : '');
$theme = ((x($_POST,'theme')) ? Strings::escapeTags(trim($_POST['theme'])) : '');
$theme_mobile = ((x($_POST,'theme_mobile')) ? Strings::escapeTags(trim($_POST['theme_mobile'])) : '');
$maximagesize = ((x($_POST,'maximagesize')) ? intval(trim($_POST['maximagesize'])) : 0);
$maximagelength = ((x($_POST,'maximagelength')) ? intval(trim($_POST['maximagelength'])) : MAX_IMAGE_LENGTH);
$jpegimagequality = ((x($_POST,'jpegimagequality')) ? intval(trim($_POST['jpegimagequality'])) : JPEG_QUALITY);
@ -1069,14 +1070,14 @@ function admin_page_site_post(App $a)
$register_text = ((x($_POST,'register_text')) ? strip_tags(trim($_POST['register_text'])) : '');
$allowed_sites = ((x($_POST,'allowed_sites')) ? notags(trim($_POST['allowed_sites'])) : '');
$allowed_email = ((x($_POST,'allowed_email')) ? notags(trim($_POST['allowed_email'])) : '');
$forbidden_nicknames = ((x($_POST,'forbidden_nicknames')) ? strtolower(notags(trim($_POST['forbidden_nicknames']))) : '');
$allowed_sites = ((x($_POST,'allowed_sites')) ? Strings::escapeTags(trim($_POST['allowed_sites'])) : '');
$allowed_email = ((x($_POST,'allowed_email')) ? Strings::escapeTags(trim($_POST['allowed_email'])) : '');
$forbidden_nicknames = ((x($_POST,'forbidden_nicknames')) ? strtolower(Strings::escapeTags(trim($_POST['forbidden_nicknames']))) : '');
$no_oembed_rich_content = x($_POST,'no_oembed_rich_content');
$allowed_oembed = ((x($_POST,'allowed_oembed')) ? notags(trim($_POST['allowed_oembed'])) : '');
$allowed_oembed = ((x($_POST,'allowed_oembed')) ? Strings::escapeTags(trim($_POST['allowed_oembed'])) : '');
$block_public = ((x($_POST,'block_public')) ? True : False);
$force_publish = ((x($_POST,'publish_all')) ? True : False);
$global_directory = ((x($_POST,'directory')) ? notags(trim($_POST['directory'])) : '');
$global_directory = ((x($_POST,'directory')) ? Strings::escapeTags(trim($_POST['directory'])) : '');
$newuser_private = ((x($_POST,'newuser_private')) ? True : False);
$enotify_no_content = ((x($_POST,'enotify_no_content')) ? True : False);
$private_addons = ((x($_POST,'private_addons')) ? True : False);
@ -1091,8 +1092,8 @@ function admin_page_site_post(App $a)
$max_author_posts_community_page = ((x($_POST,'max_author_posts_community_page')) ? intval(trim($_POST['max_author_posts_community_page'])) : 0);
$verifyssl = ((x($_POST,'verifyssl')) ? True : False);
$proxyuser = ((x($_POST,'proxyuser')) ? notags(trim($_POST['proxyuser'])) : '');
$proxy = ((x($_POST,'proxy')) ? notags(trim($_POST['proxy'])) : '');
$proxyuser = ((x($_POST,'proxyuser')) ? Strings::escapeTags(trim($_POST['proxyuser'])) : '');
$proxy = ((x($_POST,'proxy')) ? Strings::escapeTags(trim($_POST['proxy'])) : '');
$timeout = ((x($_POST,'timeout')) ? intval(trim($_POST['timeout'])) : 60);
$maxloadavg = ((x($_POST,'maxloadavg')) ? intval(trim($_POST['maxloadavg'])) : 50);
$maxloadavg_frontend = ((x($_POST,'maxloadavg_frontend')) ? intval(trim($_POST['maxloadavg_frontend'])) : 50);
@ -1116,16 +1117,16 @@ function admin_page_site_post(App $a)
$dbclean_expire_days = ((x($_POST,'dbclean_expire_days')) ? intval($_POST['dbclean_expire_days']) : 0);
$dbclean_unclaimed = ((x($_POST,'dbclean_unclaimed')) ? intval($_POST['dbclean_unclaimed']) : 0);
$suppress_tags = ((x($_POST,'suppress_tags')) ? True : False);
$itemcache = ((x($_POST,'itemcache')) ? notags(trim($_POST['itemcache'])) : '');
$itemcache = ((x($_POST,'itemcache')) ? Strings::escapeTags(trim($_POST['itemcache'])) : '');
$itemcache_duration = ((x($_POST,'itemcache_duration')) ? intval($_POST['itemcache_duration']) : 0);
$max_comments = ((x($_POST,'max_comments')) ? intval($_POST['max_comments']) : 0);
$temppath = ((x($_POST,'temppath')) ? notags(trim($_POST['temppath'])) : '');
$basepath = ((x($_POST,'basepath')) ? notags(trim($_POST['basepath'])) : '');
$singleuser = ((x($_POST,'singleuser')) ? notags(trim($_POST['singleuser'])) : '');
$temppath = ((x($_POST,'temppath')) ? Strings::escapeTags(trim($_POST['temppath'])) : '');
$basepath = ((x($_POST,'basepath')) ? Strings::escapeTags(trim($_POST['basepath'])) : '');
$singleuser = ((x($_POST,'singleuser')) ? Strings::escapeTags(trim($_POST['singleuser'])) : '');
$proxy_disabled = ((x($_POST,'proxy_disabled')) ? True : False);
$only_tag_search = ((x($_POST,'only_tag_search')) ? True : False);
$rino = ((x($_POST,'rino')) ? intval($_POST['rino']) : 0);
$check_new_version_url = ((x($_POST, 'check_new_version_url')) ? notags(trim($_POST['check_new_version_url'])) : 'none');
$check_new_version_url = ((x($_POST, 'check_new_version_url')) ? Strings::escapeTags(trim($_POST['check_new_version_url'])) : 'none');
$worker_queues = ((x($_POST,'worker_queues')) ? intval($_POST['worker_queues']) : 10);
$worker_dont_fork = ((x($_POST,'worker_dont_fork')) ? True : False);
@ -1133,10 +1134,10 @@ function admin_page_site_post(App $a)
$worker_frontend = ((x($_POST,'worker_frontend')) ? True : False);
$relay_directly = ((x($_POST,'relay_directly')) ? True : False);
$relay_server = ((x($_POST,'relay_server')) ? notags(trim($_POST['relay_server'])) : '');
$relay_server = ((x($_POST,'relay_server')) ? Strings::escapeTags(trim($_POST['relay_server'])) : '');
$relay_subscribe = ((x($_POST,'relay_subscribe')) ? True : False);
$relay_scope = ((x($_POST,'relay_scope')) ? notags(trim($_POST['relay_scope'])) : '');
$relay_server_tags = ((x($_POST,'relay_server_tags')) ? notags(trim($_POST['relay_server_tags'])) : '');
$relay_scope = ((x($_POST,'relay_scope')) ? Strings::escapeTags(trim($_POST['relay_scope'])) : '');
$relay_server_tags = ((x($_POST,'relay_server_tags')) ? Strings::escapeTags(trim($_POST['relay_server_tags'])) : '');
$relay_user_tags = ((x($_POST,'relay_user_tags')) ? True : False);
// Has the directory url changed? If yes, then resubmit the existing profiles there
@ -1695,10 +1696,10 @@ function admin_page_users_post(App $a)
}
$user = $result['user'];
$preamble = deindent(L10n::t('
$preamble = Strings::deindent(L10n::t('
Dear %1$s,
the administrator of %2$s has set up an account for you.'));
$body = deindent(L10n::t('
$body = Strings::deindent(L10n::t('
The login details are as follows:
Site Location: %1$s
@ -2370,7 +2371,7 @@ function admin_page_logs_post(App $a)
if (x($_POST, "page_logs")) {
BaseModule::checkFormSecurityTokenRedirectOnError('/admin/logs', 'admin_logs');
$logfile = ((x($_POST,'logfile')) ? notags(trim($_POST['logfile'])) : '');
$logfile = ((x($_POST,'logfile')) ? Strings::escapeTags(trim($_POST['logfile'])) : '');
$debugging = ((x($_POST,'debugging')) ? true : false);
$loglevel = ((x($_POST,'loglevel')) ? intval(trim($_POST['loglevel'])) : 0);
@ -2477,9 +2478,9 @@ function admin_page_viewlogs(App $a)
}
$seek = fseek($fp, 0 - $size, SEEK_END);
if ($seek === 0) {
$data = escape_tags(fread($fp, $size));
$data = Strings::escapeHtml(fread($fp, $size));
while (!feof($fp)) {
$data .= escape_tags(fread($fp, 4096));
$data .= Strings::escapeHtml(fread($fp, 4096));
}
}
}

5
mod/bookmarklet.php
View file

@ -9,6 +9,7 @@ use Friendica\Core\Config;
use Friendica\Core\L10n;
use Friendica\Core\System;
use Friendica\Module\Login;
use Friendica\Util\Strings;
require_once 'include/conversation.php';
require_once 'include/items.php';
@ -26,8 +27,8 @@ function bookmarklet_content(App $a)
return $o;
}
$referer = normalise_link(defaults($_SERVER, 'HTTP_REFERER', ''));
$page = normalise_link(System::baseUrl() . "/bookmarklet");
$referer = Strings::normaliseLink(defaults($_SERVER, 'HTTP_REFERER', ''));
$page = Strings::normaliseLink(System::baseUrl() . "/bookmarklet");
if (!strstr($referer, $page)) {
if (empty($_REQUEST["url"])) {

6
mod/common.php
View file

@ -12,7 +12,7 @@ use Friendica\Database\DBA;
use Friendica\Model;
use Friendica\Module;
use Friendica\Util\Proxy as ProxyUtils;
use Friendica\Util\Strings;
require_once 'include/dba.php';
@ -67,11 +67,11 @@ function common_content(App $a)
}
if (!$cid && Model\Profile::getMyURL()) {
$contact = DBA::selectFirst('contact', ['id'], ['nurl' => normalise_link(Model\Profile::getMyURL()), 'uid' => $uid]);
$contact = DBA::selectFirst('contact', ['id'], ['nurl' => Strings::normaliseLink(Model\Profile::getMyURL()), 'uid' => $uid]);
if (DBA::isResult($contact)) {
$cid = $contact['id'];
} else {
$gcontact = DBA::selectFirst('gcontact', ['id'], ['nurl' => normalise_link(Model\Profile::getMyURL())]);
$gcontact = DBA::selectFirst('gcontact', ['id'], ['nurl' => Strings::normaliseLink(Model\Profile::getMyURL())]);
if (DBA::isResult($gcontact)) {
$zcid = $gcontact['id'];
}

3
mod/crepair.php
View file

@ -12,6 +12,7 @@ use Friendica\Core\Renderer;
use Friendica\Database\DBA;
use Friendica\Model;
use Friendica\Module;
use Friendica\Util\Strings;
function crepair_init(App $a)
{
@ -61,7 +62,7 @@ function crepair_post(App $a)
$attag = defaults($_POST, 'attag' , '');
$photo = defaults($_POST, 'photo' , '');
$remote_self = defaults($_POST, 'remote_self', false);
$nurl = normalise_link($url);
$nurl = Strings::normaliseLink($url);
$r = q("UPDATE `contact` SET `name` = '%s', `nick` = '%s', `url` = '%s', `nurl` = '%s', `request` = '%s', `confirm` = '%s', `notify` = '%s', `poll` = '%s', `attag` = '%s' , `remote_self` = %d
WHERE `id` = %d AND `uid` = %d",

5
mod/delegate.php
View file

@ -12,6 +12,7 @@ use Friendica\Core\System;
use Friendica\Database\DBA;
use Friendica\Model\User;
use Friendica\Util\Security;
use Friendica\Util\Strings;
require_once 'mod/settings.php';
@ -72,7 +73,7 @@ function delegate_content(App $a)
if (DBA::isResult($user)) {
$condition = [
'uid' => local_user(),
'nurl' => normalise_link(System::baseUrl() . '/profile/' . $user['nickname'])
'nurl' => Strings::normaliseLink(System::baseUrl() . '/profile/' . $user['nickname'])
];
if (DBA::exists('contact', $condition)) {
DBA::insert('manage', ['uid' => $user_id, 'mid' => local_user()]);
@ -114,7 +115,7 @@ function delegate_content(App $a)
AND SUBSTRING_INDEX(`nurl`, '/', 3) = '%s'
AND `uid` = %d
AND `network` = '%s' ",
DBA::escape(normalise_link(System::baseUrl())),
DBA::escape(Strings::normaliseLink(System::baseUrl())),
intval(local_user()),
DBA::escape(Protocol::DFRN)
);

5
mod/dfrn_confirm.php
View file

@ -33,6 +33,7 @@ use Friendica\Protocol\ActivityPub;
use Friendica\Util\Crypto;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Network;
use Friendica\Util\Strings;
use Friendica\Util\XML;
require_once 'include/enotify.php';
@ -84,7 +85,7 @@ function dfrn_confirm_post(App $a, $handsfree = null)
$cid = 0;
$hidden = intval(defaults($handsfree, 'hidden' , 0));
} else {
$dfrn_id = notags(trim(defaults($_POST, 'dfrn_id' , '')));
$dfrn_id = Strings::escapeTags(trim(defaults($_POST, 'dfrn_id' , '')));
$intro_id = intval(defaults($_POST, 'intro_id' , 0));
$duplex = intval(defaults($_POST, 'duplex' , 0));
$cid = intval(defaults($_POST, 'contact_id', 0));
@ -263,7 +264,7 @@ function dfrn_confirm_post(App $a, $handsfree = null)
break;
case 1:
// birthday paradox - generate new dfrn-id and fall through.
$new_dfrn_id = random_string();
$new_dfrn_id = Strings::getRandomHex();
q("UPDATE contact SET `issued-id` = '%s' WHERE `id` = %d AND `uid` = %d",
DBA::escape($new_dfrn_id),
intval($contact_id),

13
mod/dfrn_notify.php
View file

@ -14,6 +14,7 @@ use Friendica\Database\DBA;
use Friendica\Model\Contact;
use Friendica\Protocol\DFRN;
use Friendica\Protocol\Diaspora;
use Friendica\Util\Strings;
require_once 'include/items.php';
@ -38,15 +39,15 @@ function dfrn_notify_post(App $a) {
}
}
$dfrn_id = ((x($_POST,'dfrn_id')) ? notags(trim($_POST['dfrn_id'])) : '');
$dfrn_id = ((x($_POST,'dfrn_id')) ? Strings::escapeTags(trim($_POST['dfrn_id'])) : '');
$dfrn_version = ((x($_POST,'dfrn_version')) ? (float) $_POST['dfrn_version'] : 2.0);
$challenge = ((x($_POST,'challenge')) ? notags(trim($_POST['challenge'])) : '');
$challenge = ((x($_POST,'challenge')) ? Strings::escapeTags(trim($_POST['challenge'])) : '');
$data = ((x($_POST,'data')) ? $_POST['data'] : '');
$key = ((x($_POST,'key')) ? $_POST['key'] : '');
$rino_remote = ((x($_POST,'rino')) ? intval($_POST['rino']) : 0);
$dissolve = ((x($_POST,'dissolve')) ? intval($_POST['dissolve']) : 0);
$perm = ((x($_POST,'perm')) ? notags(trim($_POST['perm'])) : 'r');
$ssl_policy = ((x($_POST,'ssl_policy')) ? notags(trim($_POST['ssl_policy'])): 'none');
$perm = ((x($_POST,'perm')) ? Strings::escapeTags(trim($_POST['perm'])) : 'r');
$ssl_policy = ((x($_POST,'ssl_policy')) ? Strings::escapeTags(trim($_POST['ssl_policy'])): 'none');
$page = ((x($_POST,'page')) ? intval($_POST['page']) : 0);
$forum = (($page == 1) ? 1 : 0);
@ -253,7 +254,7 @@ function dfrn_notify_content(App $a) {
* If this is a duplex communication, ours will be the opposite.
*/
$dfrn_id = notags(trim($_GET['dfrn_id']));
$dfrn_id = Strings::escapeTags(trim($_GET['dfrn_id']));
$dfrn_version = (float) $_GET['dfrn_version'];
$rino_remote = ((x($_GET,'rino')) ? intval($_GET['rino']) : 0);
$type = "";
@ -267,7 +268,7 @@ function dfrn_notify_content(App $a) {
$dfrn_id = substr($dfrn_id,2);
}
$hash = random_string();
$hash = Strings::getRandomHex();
$status = 0;

3
mod/dfrn_poll.php
View file

@ -14,6 +14,7 @@ use Friendica\Module\Login;
use Friendica\Protocol\DFRN;
use Friendica\Protocol\OStatus;
use Friendica\Util\Network;
use Friendica\Util\Strings;
use Friendica\Util\XML;
require_once 'include/items.php';
@ -415,7 +416,7 @@ function dfrn_poll_content(App $a)
if ($dfrn_id != '') {
// initial communication from external contact
$hash = random_string();
$hash = Strings::getRandomHex();
$status = 0;

21
mod/dfrn_request.php
View file

@ -28,6 +28,7 @@ use Friendica\Module\Login;
use Friendica\Network\Probe;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Network;
use Friendica\Util\Strings;
require_once 'include/enotify.php';
@ -75,7 +76,7 @@ function dfrn_request_post(App $a)
if ((x($_POST, 'localconfirm')) && ($_POST['localconfirm'] == 1)) {
// Ensure this is a valid request
if (local_user() && ($a->user['nickname'] == $a->argv[1]) && (x($_POST, 'dfrn_url'))) {
$dfrn_url = notags(trim($_POST['dfrn_url']));
$dfrn_url = Strings::escapeTags(trim($_POST['dfrn_url']));
$aes_allow = (((x($_POST, 'aes_allow')) && ($_POST['aes_allow'] == 1)) ? 1 : 0);
$confirm_key = ((x($_POST, 'confirm_key')) ? $_POST['confirm_key'] : "");
$hidden = ((x($_POST, 'hidden-contact')) ? intval($_POST['hidden-contact']) : 0);
@ -87,7 +88,7 @@ function dfrn_request_post(App $a)
// Lookup the contact based on their URL (which is the only unique thing we have at the moment)
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `nurl` = '%s' AND NOT `self` LIMIT 1",
intval(local_user()),
DBA::escape(normalise_link($dfrn_url))
DBA::escape(Strings::normaliseLink($dfrn_url))
);
if (DBA::isResult($r)) {
@ -141,7 +142,7 @@ function dfrn_request_post(App $a)
intval(local_user()),
DateTimeFormat::utcNow(),
DBA::escape($dfrn_url),
DBA::escape(normalise_link($dfrn_url)),
DBA::escape(Strings::normaliseLink($dfrn_url)),
$parms['addr'],
$parms['fn'],
$parms['nick'],
@ -269,7 +270,7 @@ function dfrn_request_post(App $a)
}
}
$real_name = x($_POST, 'realname') ? notags(trim($_POST['realname'])) : '';
$real_name = x($_POST, 'realname') ? Strings::escapeTags(trim($_POST['realname'])) : '';
$url = trim($_POST['dfrn_url']);
if (!strlen($url)) {
@ -320,7 +321,7 @@ function dfrn_request_post(App $a)
}
}
$issued_id = random_string();
$issued_id = Strings::getRandomHex();
if (is_array($contact_record)) {
// There is a contact record but no issued-id, so this
@ -380,7 +381,7 @@ function dfrn_request_post(App $a)
intval($uid),
DBA::escape(DateTimeFormat::utcNow()),
$parms['url'],
DBA::escape(normalise_link($url)),
DBA::escape(Strings::normaliseLink($url)),
$parms['addr'],
$parms['fn'],
$parms['nick'],
@ -415,7 +416,7 @@ function dfrn_request_post(App $a)
return;
}
$hash = random_string() . (string) time(); // Generate a confirm_key
$hash = Strings::getRandomHex() . (string) time(); // Generate a confirm_key
if (is_array($contact_record)) {
$ret = q("INSERT INTO `intro` ( `uid`, `contact-id`, `blocked`, `knowyou`, `note`, `hash`, `datetime`)
@ -423,7 +424,7 @@ function dfrn_request_post(App $a)
intval($uid),
intval($contact_record['id']),
((x($_POST,'knowyou') && ($_POST['knowyou'] == 1)) ? 1 : 0),
DBA::escape(notags(trim(defaults($_POST, 'dfrn-request-message', '')))),
DBA::escape(Strings::escapeTags(trim(defaults($_POST, 'dfrn-request-message', '')))),
DBA::escape($hash),
DBA::escape(DateTimeFormat::utcNow())
);
@ -497,12 +498,12 @@ function dfrn_request_content(App $a)
return Login::form();
}
$dfrn_url = notags(trim(hex2bin($_GET['dfrn_url'])));
$dfrn_url = Strings::escapeTags(trim(hex2bin($_GET['dfrn_url'])));
$aes_allow = x($_GET, 'aes_allow') && $_GET['aes_allow'] == 1 ? 1 : 0;
$confirm_key = x($_GET, 'confirm_key') ? $_GET['confirm_key'] : "";
// Checking fastlane for validity
if (x($_SESSION, "fastlane") && (normalise_link($_SESSION["fastlane"]) == normalise_link($dfrn_url))) {
if (x($_SESSION, "fastlane") && (Strings::normaliseLink($_SESSION["fastlane"]) == Strings::normaliseLink($dfrn_url))) {
$_POST["dfrn_url"] = $dfrn_url;
$_POST["confirm_key"] = $confirm_key;
$_POST["localconfirm"] = 1;

5
mod/directory.php
View file

@ -15,6 +15,7 @@ use Friendica\Database\DBA;
use Friendica\Model\Contact;
use Friendica\Model\Profile;
use Friendica\Util\Proxy as ProxyUtils;
use Friendica\Util\Strings;
function directory_init(App $a)
{
@ -47,9 +48,9 @@ function directory_content(App $a)
Nav::setSelected('directory');
if (x($a->data, 'search')) {
$search = notags(trim($a->data['search']));
$search = Strings::escapeTags(trim($a->data['search']));
} else {
$search = ((x($_GET, 'search')) ? notags(trim(rawurldecode($_GET['search']))) : '');
$search = ((x($_GET, 'search')) ? Strings::escapeTags(trim(rawurldecode($_GET['search']))) : '');
}
$gdirpath = '';

15
mod/dirfind.php
View file

@ -20,6 +20,7 @@ use Friendica\Network\Probe;
use Friendica\Protocol\PortableContact;
use Friendica\Util\Network;
use Friendica\Util\Proxy as ProxyUtils;
use Friendica\Util\Strings;
function dirfind_init(App $a) {
@ -45,15 +46,15 @@ function dirfind_content(App $a, $prefix = "") {
$local = Config::get('system','poco_local_search');
$search = $prefix.notags(trim(defaults($_REQUEST, 'search', '')));
$search = $prefix.Strings::escapeTags(trim(defaults($_REQUEST, 'search', '')));
$header = '';
if (strpos($search,'@') === 0) {
$search = substr($search,1);
$header = L10n::t('People Search - %s', $search);
if ((valid_email($search) && Network::isEmailDomainValid($search)) ||
(substr(normalise_link($search), 0, 7) == "http://")) {
if ((filter_var($search, FILTER_VALIDATE_EMAIL) && Network::isEmailDomainValid($search)) ||
(substr(Strings::normaliseLink($search), 0, 7) == "http://")) {
$user_data = Probe::uri($search);
$discover_user = (in_array($user_data["network"], [Protocol::ACTIVITYPUB, Protocol::DFRN, Protocol::OSTATUS, Protocol::DIASPORA]));
}
@ -125,8 +126,8 @@ function dirfind_content(App $a, $prefix = "") {
(`url` LIKE '%s' OR `name` LIKE '%s' OR `location` LIKE '%s' OR
`addr` LIKE '%s' OR `about` LIKE '%s' OR `keywords` LIKE '%s') $extra_sql",
DBA::escape(Protocol::DFRN), DBA::escape($ostatus), DBA::escape($diaspora),
DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)),
DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)));
DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)),
DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)));
$results = q("SELECT `nurl`
FROM `gcontact`
@ -137,8 +138,8 @@ function dirfind_content(App $a, $prefix = "") {
GROUP BY `nurl`
ORDER BY `updated` DESC LIMIT %d, %d",
DBA::escape(Protocol::DFRN), DBA::escape($ostatus), DBA::escape($diaspora),
DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)),
DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)),
DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)),
DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)),
$pager->getStart(), $pager->getItemsPerPage());
$j = new stdClass();
$j->total = $count[0]["total"];

5
mod/display.php
View file

@ -21,6 +21,7 @@ use Friendica\Model\Item;
use Friendica\Model\Profile;
use Friendica\Protocol\ActivityPub;
use Friendica\Protocol\DFRN;
use Friendica\Util\Strings;
function display_init(App $a)
{
@ -90,8 +91,8 @@ function display_init(App $a)
$profiledata = display_fetchauthor($a, $item);
if (strstr(normalise_link($profiledata["url"]), normalise_link(System::baseUrl()))) {
$nickname = str_replace(normalise_link(System::baseUrl())."/profile/", "", normalise_link($profiledata["url"]));
if (strstr(Strings::normaliseLink($profiledata["url"]), Strings::normaliseLink(System::baseUrl()))) {
$nickname = str_replace(Strings::normaliseLink(System::baseUrl())."/profile/", "", Strings::normaliseLink($profiledata["url"]));
if (($nickname != $a->user["nickname"])) {
$profile = DBA::fetchFirst("SELECT `profile`.`uid` AS `profile_uid`, `profile`.* , `contact`.`avatar-date` AS picdate, `user`.* FROM `profile`

11
mod/events.php
View file

@ -19,6 +19,7 @@ use Friendica\Model\Item;
use Friendica\Model\Profile;
use Friendica\Module\Login;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Strings;
use Friendica\Util\Temporal;
require_once 'include/items.php';
@ -59,8 +60,8 @@ function events_post(App $a)
$cid = !empty($_POST['cid']) ? intval($_POST['cid']) : 0;
$uid = local_user();
$start_text = escape_tags(defaults($_REQUEST, 'start_text', ''));
$finish_text = escape_tags(defaults($_REQUEST, 'finish_text', ''));
$start_text = Strings::escapeHtml(defaults($_REQUEST, 'start_text', ''));
$finish_text = Strings::escapeHtml(defaults($_REQUEST, 'finish_text', ''));
$adjust = intval(defaults($_POST, 'adjust', 0));
$nofinish = intval(defaults($_POST, 'nofinish', 0));
@ -96,9 +97,9 @@ function events_post(App $a)
// and we'll waste a bunch of time responding to it. Time that
// could've been spent doing something else.
$summary = escape_tags(trim(defaults($_POST, 'summary', '')));
$desc = escape_tags(trim(defaults($_POST, 'desc', '')));
$location = escape_tags(trim(defaults($_POST, 'location', '')));
$summary = Strings::escapeHtml(trim(defaults($_POST, 'summary', '')));
$desc = Strings::escapeHtml(trim(defaults($_POST, 'desc', '')));
$location = Strings::escapeHtml(trim(defaults($_POST, 'location', '')));
$type = 'event';
$action = ($event_id == '') ? 'new' : "event/" . $event_id;

3
mod/fetch.php
View file

@ -10,6 +10,7 @@ use Friendica\Core\System;
use Friendica\Protocol\Diaspora;
use Friendica\Model\Item;
use Friendica\Model\User;
use Friendica\Util\Strings;
use Friendica\Util\XML;
use Friendica\Database\DBA;
@ -35,7 +36,7 @@ function fetch_init(App $a)
$parts = parse_url($item["author-link"]);
$host = $parts["scheme"]."://".$parts["host"];
if (normalise_link($host) != normalise_link(System::baseUrl())) {
if (Strings::normaliseLink($host) != Strings::normaliseLink(System::baseUrl())) {
$location = $host."/fetch/".$a->argv[1]."/".urlencode($guid);
header("HTTP/1.1 301 Moved Permanently");

11
mod/follow.php
View file

@ -13,6 +13,7 @@ use Friendica\Model\Profile;
use Friendica\Network\Probe;
use Friendica\Database\DBA;
use Friendica\Util\Proxy as ProxyUtils;
use Friendica\Util\Strings;
function follow_post(App $a)
{
@ -25,7 +26,7 @@ function follow_post(App $a)
}
$uid = local_user();
$url = notags(trim($_REQUEST['url']));
$url = Strings::escapeTags(trim($_REQUEST['url']));
$return_path = 'contacts';
// Makes the connection request for friendica contacts easier
@ -60,7 +61,7 @@ function follow_content(App $a)
}
$uid = local_user();
$url = notags(trim($_REQUEST['url']));
$url = Strings::escapeTags(trim($_REQUEST['url']));
$submit = L10n::t('Submit Request');
@ -68,8 +69,8 @@ function follow_content(App $a)
$r = q("SELECT `pending` FROM `contact` WHERE `uid` = %d AND ((`rel` != %d) OR (`network` = '%s')) AND
(`nurl` = '%s' OR `alias` = '%s' OR `alias` = '%s') AND
`network` != '%s' LIMIT 1",
intval(local_user()), DBA::escape(Contact::FOLLOWER), DBA::escape(Protocol::DFRN), DBA::escape(normalise_link($url)),
DBA::escape(normalise_link($url)), DBA::escape($url), DBA::escape(Protocol::STATUSNET));
intval(local_user()), DBA::escape(Contact::FOLLOWER), DBA::escape(Protocol::DFRN), DBA::escape(Strings::normaliseLink($url)),
DBA::escape(Strings::normaliseLink($url)), DBA::escape($url), DBA::escape(Protocol::STATUSNET));
if ($r) {
if ($r[0]['pending']) {
@ -130,7 +131,7 @@ function follow_content(App $a)
$_SESSION['fastlane'] = $ret['url'];
$r = q("SELECT `id`, `location`, `about`, `keywords` FROM `gcontact` WHERE `nurl` = '%s'",
normalise_link($ret['url']));
Strings::normaliseLink($ret['url']));
if (!$r) {
$r = [['location' => '', 'about' => '', 'keywords' => '']];

5
mod/fsuggest.php
View file

@ -9,6 +9,7 @@ use Friendica\Core\L10n;
use Friendica\Core\Worker;
use Friendica\Database\DBA;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Strings;
function fsuggest_post(App $a)
{
@ -34,9 +35,9 @@ function fsuggest_post(App $a)
$new_contact = intval($_POST['suggest']);
$hash = random_string();
$hash = Strings::getRandomHex();
$note = escape_tags(trim(defaults($_POST, 'note', '')));
$note = Strings::escapeHtml(trim(defaults($_POST, 'note', '')));
if ($new_contact) {
$r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",

5
mod/group.php
View file

@ -16,6 +16,7 @@ use Friendica\Database\DBA;
use Friendica\Model;
use Friendica\Module;
use Friendica\Util\Security;
use Friendica\Util\Strings;
function group_init(App $a) {
if (local_user()) {
@ -33,7 +34,7 @@ function group_post(App $a) {
if (($a->argc == 2) && ($a->argv[1] === 'new')) {
BaseModule::checkFormSecurityTokenRedirectOnError('/group/new', 'group_edit');
$name = notags(trim($_POST['groupname']));
$name = Strings::escapeTags(trim($_POST['groupname']));
$r = Model\Group::create(local_user(), $name);
if ($r) {
info(L10n::t('Group created.') . EOL);
@ -61,7 +62,7 @@ function group_post(App $a) {
return; // NOTREACHED
}
$group = $r[0];
$groupname = notags(trim($_POST['groupname']));
$groupname = Strings::escapeTags(trim($_POST['groupname']));
if (strlen($groupname) && ($groupname != $group['name'])) {
$r = q("UPDATE `group` SET `name` = '%s' WHERE `uid` = %d AND `id` = %d",
DBA::escape($groupname),

3
mod/help.php
View file

@ -10,6 +10,7 @@ use Friendica\Core\Config;
use Friendica\Core\L10n;
use Friendica\Core\Renderer;
use Friendica\Core\System;
use Friendica\Util\Strings;
function load_doc_file($s)
{
@ -47,7 +48,7 @@ function help_content(App $a)
$title = basename($path);
$filename = $path;
$text = load_doc_file('doc/' . $path . '.md');
$a->page['title'] = L10n::t('Help:') . ' ' . str_replace('-', ' ', notags($title));
$a->page['title'] = L10n::t('Help:') . ' ' . str_replace('-', ' ', Strings::escapeTags($title));
}
$home = load_doc_file('doc/Home.md');

9
mod/hovercard.php
View file

@ -16,6 +16,7 @@ use Friendica\Database\DBA;
use Friendica\Model\Contact;
use Friendica\Model\GContact;
use Friendica\Util\Proxy as ProxyUtils;
use Friendica\Util\Strings;
function hovercard_init(App $a)
{
@ -55,7 +56,7 @@ function hovercard_content()
$contact = [];
// if it's the url containing https it should be converted to http
$nurl = normalise_link(GContact::cleanContactUrl($profileurl));
$nurl = Strings::normaliseLink(GContact::cleanContactUrl($profileurl));
if (!$nurl) {
return;
}
@ -73,12 +74,12 @@ function hovercard_content()
// Feeds url could have been destroyed through "cleanContactUrl", so we now use the original url
if (!count($contact) && local_user()) {
$nurl = normalise_link($profileurl);
$nurl = Strings::normaliseLink($profileurl);
$contact = Contact::getDetailsByURL($nurl, local_user());
}
if (!count($contact)) {
$nurl = normalise_link($profileurl);
$nurl = Strings::normaliseLink($profileurl);
$contact = Contact::getDetailsByURL($nurl);
}
@ -104,7 +105,7 @@ function hovercard_content()
'location' => $contact['location'],
'gender' => $contact['gender'],
'about' => $contact['about'],
'network' => format_network_name($contact['network'], $contact['url']),
'network' => Strings::formatNetworkName($contact['network'], $contact['url']),
'tags' => $contact['keywords'],
'bd' => $contact['birthday'] <= '0001-01-01' ? '' : $contact['birthday'],
'account_type' => Contact::getAccountType($contact),

5
mod/invite.php
View file

@ -17,6 +17,7 @@ use Friendica\Database\DBA;
use Friendica\Protocol\Email;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Security;
use Friendica\Util\Strings;
function invite_post(App $a)
{
@ -40,7 +41,7 @@ function invite_post(App $a)
$recipients = !empty($_POST['recipients']) ? explode("\n", $_POST['recipients']) : [];
$message = !empty($_POST['message']) ? notags(trim($_POST['message'])) : '';
$message = !empty($_POST['message']) ? Strings::escapeTags(trim($_POST['message'])) : '';
$total = 0;
@ -55,7 +56,7 @@ function invite_post(App $a)
foreach ($recipients as $recipient) {
$recipient = trim($recipient);
if (! valid_email($recipient)) {
if (!filter_var($recipient, FILTER_VALIDATE_EMAIL)) {
notice(L10n::t('%s : Not a valid email address.', $recipient) . EOL);
continue;
}

26
mod/item.php
View file

@ -36,6 +36,7 @@ use Friendica\Protocol\Email;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Emailer;
use Friendica\Util\Security;
use Friendica\Util\Strings;
require_once 'include/enotify.php';
require_once 'include/text.php';
@ -203,8 +204,8 @@ function item_post(App $a) {
$objecttype = $orig_post['object-type'];
$app = $orig_post['app'];
$categories = $orig_post['file'];
$title = notags(trim($_REQUEST['title']));
$body = escape_tags(trim($_REQUEST['body']));
$title = Strings::escapeTags(trim($_REQUEST['title']));
$body = Strings::escapeHtml(trim($_REQUEST['body']));
$private = $orig_post['private'];
$pubmail_enabled = $orig_post['pubmail'];
$network = $orig_post['network'];
@ -235,13 +236,13 @@ function item_post(App $a) {
$str_contact_deny = perms2str(defaults($_REQUEST, 'contact_deny', ''));
}
$title = notags(trim(defaults($_REQUEST, 'title' , '')));
$location = notags(trim(defaults($_REQUEST, 'location', '')));
$coord = notags(trim(defaults($_REQUEST, 'coord' , '')));
$verb = notags(trim(defaults($_REQUEST, 'verb' , '')));
$emailcc = notags(trim(defaults($_REQUEST, 'emailcc' , '')));
$body = escape_tags(trim(defaults($_REQUEST, 'body' , '')));
$network = notags(trim(defaults($_REQUEST, 'network' , Protocol::DFRN)));
$title = Strings::escapeTags(trim(defaults($_REQUEST, 'title' , '')));
$location = Strings::escapeTags(trim(defaults($_REQUEST, 'location', '')));
$coord = Strings::escapeTags(trim(defaults($_REQUEST, 'coord' , '')));
$verb = Strings::escapeTags(trim(defaults($_REQUEST, 'verb' , '')));
$emailcc = Strings::escapeTags(trim(defaults($_REQUEST, 'emailcc' , '')));
$body = Strings::escapeHtml(trim(defaults($_REQUEST, 'body' , '')));
$network = Strings::escapeTags(trim(defaults($_REQUEST, 'network' , Protocol::DFRN)));
$guid = System::createUUID();
$postopts = defaults($_REQUEST, 'postopts', '');
@ -347,7 +348,7 @@ function item_post(App $a) {
$str_tags = '';
$inform = '';
$tags = get_tags($body);
$tags = BBCode::getTags($body);
// Add a tag if the parent contact is from ActivityPub or OStatus (This will notify them)
if ($parent && in_array($thr_parent_contact['network'], [Protocol::OSTATUS, Protocol::ACTIVITYPUB])) {
@ -698,10 +699,9 @@ function item_post(App $a) {
}
if ($orig_post) {
// Fill the cache field
// This could be done in Item::update as well - but we have to check for the existance of some fields.
put_item_in_cache($datarray);
Item::putInCache($datarray);
$fields = [
'title' => $datarray['title'],
@ -817,7 +817,7 @@ function item_post(App $a) {
$subject = Email::encodeHeader('[Friendica]' . ' ' . L10n::t('%s posted an update.', $a->user['username']), 'UTF-8');
}
$link = '<a href="' . System::baseUrl() . '/profile/' . $a->user['nickname'] . '"><img src="' . $author['thumb'] . '" alt="' . $a->user['username'] . '" /></a><br /><br />';
$html = prepare_body($datarray);
$html = Item::prepareBody($datarray);
$message = '<html><body>' . $link . $html . $disclaimer . '</body></html>';
$params = [
'fromName' => $a->user['username'],

5
mod/like.php
View file

@ -3,6 +3,7 @@
use Friendica\App;
use Friendica\Core\System;
use Friendica\Model\Item;
use Friendica\Util\Strings;
require_once 'include/items.php';
@ -12,13 +13,13 @@ function like_content(App $a) {
}
$verb = notags(trim($_GET['verb']));
$verb = Strings::escapeTags(trim($_GET['verb']));
if (!$verb) {
$verb = 'like';
}
$item_id = (($a->argc > 1) ? notags(trim($a->argv[1])) : 0);
$item_id = (($a->argc > 1) ? Strings::escapeTags(trim($a->argv[1])) : 0);
$r = Item::performLike($item_id, $verb);
if (!$r) {

13
mod/lostpass.php
View file

@ -11,6 +11,7 @@ use Friendica\Core\System;
use Friendica\Database\DBA;
use Friendica\Model\User;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Strings;
require_once 'boot.php';
require_once 'include/enotify.php';
@ -18,7 +19,7 @@ require_once 'include/text.php';
function lostpass_post(App $a)
{
$loginame = notags(trim($_POST['login-name']));
$loginame = Strings::escapeTags(trim($_POST['login-name']));
if (!$loginame) {
$a->internalRedirect();
}
@ -30,7 +31,7 @@ function lostpass_post(App $a)
$a->internalRedirect();
}
$pwdreset_token = autoname(12) . mt_rand(1000, 9999);
$pwdreset_token = Strings::getRandomName(12) . mt_rand(1000, 9999);
$fields = [
'pwdreset' => $pwdreset_token,
@ -44,7 +45,7 @@ function lostpass_post(App $a)
$sitename = Config::get('config', 'sitename');
$resetlink = System::baseUrl() . '/lostpass/' . $pwdreset_token;
$preamble = deindent(L10n::t('
$preamble = Strings::deindent(L10n::t('
Dear %1$s,
A request was recently received at "%2$s" to reset your account
password. In order to confirm this request, please select the verification link
@ -55,7 +56,7 @@ function lostpass_post(App $a)
Your password will not be changed unless we can verify that you
issued this request.', $user['username'], $sitename));
$body = deindent(L10n::t('
$body = Strings::deindent(L10n::t('
Follow this link soon to verify your identity:
%1$s
@ -150,13 +151,13 @@ function lostpass_generate_password($user)
info("Your password has been reset." . EOL);
$sitename = Config::get('config', 'sitename');
$preamble = deindent(L10n::t('
$preamble = Strings::deindent(L10n::t('
Dear %1$s,
Your password has been changed as requested. Please retain this
information for your records ' . "\x28" . 'or change your password immediately to
something that you will remember' . "\x29" . '.
', $user['username']));
$body = deindent(L10n::t('
$body = Strings::deindent(L10n::t('
Your login details are as follows:
Site Location: %1$s

3
mod/maintenance.php
View file

@ -6,12 +6,13 @@ use Friendica\App;
use Friendica\Core\Config;
use Friendica\Core\L10n;
use Friendica\Core\Renderer;
use Friendica\Util\Strings;
function maintenance_content(App $a)
{
$reason = Config::get('system', 'maintenance_reason');
if (substr(normalise_link($reason), 0, 7) == 'http://') {
if (substr(Strings::normaliseLink($reason), 0, 7) == 'http://') {
header("HTTP/1.1 307 Temporary Redirect");
header("Location:".$reason);
return;

3
mod/match.php
View file

@ -14,6 +14,7 @@ use Friendica\Database\DBA;
use Friendica\Model\Contact;
use Friendica\Util\Network;
use Friendica\Util\Proxy as ProxyUtils;
use Friendica\Util\Strings;
require_once 'include/text.php';
@ -76,7 +77,7 @@ function match_content(App $a)
$id = 0;
foreach ($j->results as $jj) {
$match_nurl = normalise_link($jj->url);
$match_nurl = Strings::normaliseLink($jj->url);
$match = q(
"SELECT `nurl` FROM `contact` WHERE `uid` = '%d' AND nurl='%s' LIMIT 1",
intval(local_user()),

13
mod/message.php
View file

@ -18,6 +18,7 @@ use Friendica\Model\Mail;
use Friendica\Module\Login;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Proxy as ProxyUtils;
use Friendica\Util\Strings;
use Friendica\Util\Temporal;
require_once 'include/conversation.php';
@ -58,9 +59,9 @@ function message_post(App $a)
return;
}
$replyto = x($_REQUEST, 'replyto') ? notags(trim($_REQUEST['replyto'])) : '';
$subject = x($_REQUEST, 'subject') ? notags(trim($_REQUEST['subject'])) : '';
$body = x($_REQUEST, 'body') ? escape_tags(trim($_REQUEST['body'])) : '';
$replyto = x($_REQUEST, 'replyto') ? Strings::escapeTags(trim($_REQUEST['replyto'])) : '';
$subject = x($_REQUEST, 'subject') ? Strings::escapeTags(trim($_REQUEST['subject'])) : '';
$body = x($_REQUEST, 'body') ? Strings::escapeHtml(trim($_REQUEST['body'])) : '';
$recipient = x($_REQUEST, 'messageto') ? intval($_REQUEST['messageto']) : 0;
$ret = Mail::send($recipient, $body, $subject, $replyto);
@ -218,7 +219,7 @@ function message_content(App $a)
if (!DBA::isResult($r)) {
$r = q("SELECT `name`, `url`, `id` FROM `contact` WHERE `uid` = %d AND `nurl` = '%s' LIMIT 1",
intval(local_user()),
DBA::escape(normalise_link(base64_decode($a->argv[2])))
DBA::escape(Strings::normaliseLink(base64_decode($a->argv[2])))
);
}
@ -253,7 +254,7 @@ function message_content(App $a)
'$preid' => $preid,
'$subject' => L10n::t('Subject:'),
'$subjtxt' => x($_REQUEST, 'subject') ? strip_tags($_REQUEST['subject']) : '',
'$text' => x($_REQUEST, 'body') ? escape_tags(htmlspecialchars($_REQUEST['body'])) : '',
'$text' => x($_REQUEST, 'body') ? Strings::escapeHtml(htmlspecialchars($_REQUEST['body'])) : '',
'$readonly' => '',
'$yourmessage' => L10n::t('Your message:'),
'$select' => $select,
@ -462,7 +463,7 @@ function render_messages(array $msg, $t)
foreach ($msg as $rr) {
if ($rr['unknown']) {
$participants = L10n::t("Unknown sender - %s", $rr['from-name']);
} elseif (link_compare($rr['from-url'], $myprofile)) {
} elseif (Strings::compareLink($rr['from-url'], $myprofile)) {
$participants = L10n::t("You and %s", $rr['name']);
} else {
$participants = L10n::t("%s and You", $rr['from-name']);

17
mod/network.php
View file

@ -28,6 +28,7 @@ use Friendica\Model\Profile;
use Friendica\Module\Login;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Proxy as ProxyUtils;
use Friendica\Util\Strings;
require_once 'include/conversation.php';
require_once 'include/items.php';
@ -41,7 +42,7 @@ function network_init(App $a)
Hook::add('head', __FILE__, 'network_infinite_scroll_head');
$search = (x($_GET, 'search') ? escape_tags($_GET['search']) : '');
$search = (x($_GET, 'search') ? Strings::escapeHtml($_GET['search']) : '');
if (($search != '') && !empty($_GET['submit'])) {
$a->internalRedirect('search?search=' . urlencode($search));
@ -518,9 +519,9 @@ function networkThreadedView(App $a, $update, $parent)
for ($x = 1; $x < $a->argc; $x ++) {
if (is_a_date_arg($a->argv[$x])) {
if ($datequery) {
$datequery2 = escape_tags($a->argv[$x]);
$datequery2 = Strings::escapeHtml($a->argv[$x]);
} else {
$datequery = escape_tags($a->argv[$x]);
$datequery = Strings::escapeHtml($a->argv[$x]);
$_GET['order'] = 'post';
}
} elseif (intval($a->argv[$x])) {
@ -536,7 +537,7 @@ function networkThreadedView(App $a, $update, $parent)
$star = intval(defaults($_GET, 'star' , 0));
$bmark = intval(defaults($_GET, 'bmark', 0));
$conv = intval(defaults($_GET, 'conv' , 0));
$order = notags(defaults($_GET, 'order', 'comment'));
$order = Strings::escapeTags(defaults($_GET, 'order', 'comment'));
$nets = defaults($_GET, 'nets' , '');
if ($cid) {
@ -649,7 +650,7 @@ function networkThreadedView(App $a, $update, $parent)
$sql_post_table .= " INNER JOIN `item` AS `temp1` ON `temp1`.`id` = " . $sql_table . "." . $sql_parent;
$sql_extra3 .= " AND (`thread`.`contact-id` IN ($contact_str) ";
$sql_extra3 .= " OR (`thread`.`contact-id` = '$contact_str_self' AND `temp1`.`allow_gid` LIKE '" . protect_sprintf('%<' . intval($gid) . '>%') . "' AND `temp1`.`private`))";
$sql_extra3 .= " OR (`thread`.`contact-id` = '$contact_str_self' AND `temp1`.`allow_gid` LIKE '" . Strings::protectSprintf('%<' . intval($gid) . '>%') . "' AND `temp1`.`private`))";
} else {
$sql_extra3 .= " AND false ";
info(L10n::t('Group is empty'));
@ -697,11 +698,11 @@ function networkThreadedView(App $a, $update, $parent)
}
if ($datequery) {
$sql_extra3 .= protect_sprintf(sprintf(" AND $sql_table.created <= '%s' ",
$sql_extra3 .= Strings::protectSprintf(sprintf(" AND $sql_table.created <= '%s' ",
DBA::escape(DateTimeFormat::convert($datequery, 'UTC', date_default_timezone_get()))));
}
if ($datequery2) {
$sql_extra3 .= protect_sprintf(sprintf(" AND $sql_table.created >= '%s' ",
$sql_extra3 .= Strings::protectSprintf(sprintf(" AND $sql_table.created >= '%s' ",
DBA::escape(DateTimeFormat::convert($datequery2, 'UTC', date_default_timezone_get()))));
}
@ -882,7 +883,7 @@ function networkThreadedView(App $a, $update, $parent)
foreach ($data as $item) {
// Don't show hash tag posts from blocked or ignored contacts
$condition = ["`nurl` = ? AND `uid` = ? AND (`blocked` OR `readonly`)",
normalise_link($item['author-link']), local_user()];
Strings::normaliseLink($item['author-link']), local_user()];
if (!DBA::exists('contact', $condition)) {
$s[$item['uri']] = $item;
}

9
mod/oexchange.php
View file

@ -8,6 +8,7 @@ use Friendica\Core\Renderer;
use Friendica\Core\System;
use Friendica\Module\Login;
use Friendica\Util\Network;
use Friendica\Util\Strings;
function oexchange_init(App $a) {
@ -33,13 +34,13 @@ function oexchange_content(App $a) {
}
$url = ((x($_REQUEST,'url') && strlen($_REQUEST['url']))
? urlencode(notags(trim($_REQUEST['url']))) : '');
? urlencode(Strings::escapeTags(trim($_REQUEST['url']))) : '');
$title = ((x($_REQUEST,'title') && strlen($_REQUEST['title']))
? '&title=' . urlencode(notags(trim($_REQUEST['title']))) : '');
? '&title=' . urlencode(Strings::escapeTags(trim($_REQUEST['title']))) : '');
$description = ((x($_REQUEST,'description') && strlen($_REQUEST['description']))
? '&description=' . urlencode(notags(trim($_REQUEST['description']))) : '');
? '&description=' . urlencode(Strings::escapeTags(trim($_REQUEST['description']))) : '');
$tags = ((x($_REQUEST,'tags') && strlen($_REQUEST['tags']))
? '&tags=' . urlencode(notags(trim($_REQUEST['tags']))) : '');
? '&tags=' . urlencode(Strings::escapeTags(trim($_REQUEST['tags']))) : '');
$s = Network::fetchUrl(System::baseUrl() . '/parse_url?f=&url=' . $url . $title . $description . $tags);

13
mod/openid.php
View file

@ -10,6 +10,7 @@ use Friendica\Core\L10n;
use Friendica\Core\Logger;
use Friendica\Core\System;
use Friendica\Database\DBA;
use Friendica\Util\Strings;
function openid_content(App $a) {
@ -43,7 +44,7 @@ function openid_content(App $a) {
AND `blocked` = 0 AND `account_expired` = 0
AND `account_removed` = 0 AND `verified` = 1
LIMIT 1",
DBA::escape($authid), DBA::escape(normalise_openid($authid))
DBA::escape($authid), DBA::escape(Strings::normaliseOpenID($authid))
);
if (DBA::isResult($r)) {
@ -74,16 +75,16 @@ function openid_content(App $a) {
if (is_array($attr) && count($attr)) {
foreach ($attr as $k => $v) {
if ($k === 'namePerson/friendly') {
$nick = notags(trim($v));
$nick = Strings::escapeTags(trim($v));
}
if($k === 'namePerson/first') {
$first = notags(trim($v));
$first = Strings::escapeTags(trim($v));
}
if($k === 'namePerson') {
$args .= '&username=' . urlencode(notags(trim($v)));
$args .= '&username=' . urlencode(Strings::escapeTags(trim($v)));
}
if ($k === 'contact/email') {
$args .= '&email=' . urlencode(notags(trim($v)));
$args .= '&email=' . urlencode(Strings::escapeTags(trim($v)));
}
if ($k === 'media/image/aspect11') {
$photosq = bin2hex(trim($v));
@ -107,7 +108,7 @@ function openid_content(App $a) {
$args .= '&photo=' . urlencode($photo);
}
$args .= '&openid_url=' . urlencode(notags(trim($authid)));
$args .= '&openid_url=' . urlencode(Strings::escapeTags(trim($authid)));
$a->internalRedirect('register?' . $args);

21
mod/photos.php
View file

@ -31,6 +31,7 @@ use Friendica\Util\DateTimeFormat;
use Friendica\Util\Map;
use Friendica\Util\Security;
use Friendica\Util\Temporal;
use Friendica\Util\Strings;
use Friendica\Util\XML;
require_once 'include/items.php';
@ -222,7 +223,7 @@ function photos_post(App $a)
}
// RENAME photo album
$newalbum = notags(trim($_POST['albumname']));
$newalbum = Strings::escapeTags(trim($_POST['albumname']));
if ($newalbum != $album) {
q("UPDATE `photo` SET `album` = '%s' WHERE `album` = '%s' AND `uid` = %d",
DBA::escape($newalbum),
@ -365,11 +366,11 @@ function photos_post(App $a)
}
if ($a->argc > 2 && (!empty($_POST['desc']) || !empty($_POST['newtag']) || !empty($_POST['albname']) !== false)) {
$desc = !empty($_POST['desc']) ? notags(trim($_POST['desc'])) : '';
$rawtags = !empty($_POST['newtag']) ? notags(trim($_POST['newtag'])) : '';
$desc = !empty($_POST['desc']) ? Strings::escapeTags(trim($_POST['desc'])) : '';
$rawtags = !empty($_POST['newtag']) ? Strings::escapeTags(trim($_POST['newtag'])) : '';
$item_id = !empty($_POST['item_id']) ? intval($_POST['item_id']) : 0;
$albname = !empty($_POST['albname']) ? notags(trim($_POST['albname'])) : '';
$origaname = !empty($_POST['origaname']) ? notags(trim($_POST['origaname'])) : '';
$albname = !empty($_POST['albname']) ? Strings::escapeTags(trim($_POST['albname'])) : '';
$origaname = !empty($_POST['origaname']) ? Strings::escapeTags(trim($_POST['origaname'])) : '';
$str_group_allow = !empty($_POST['group_allow']) ? perms2str($_POST['group_allow']) : '';
$str_contact_allow = !empty($_POST['contact_allow']) ? perms2str($_POST['contact_allow']) : '';
@ -524,7 +525,7 @@ function photos_post(App $a)
}
$taginfo = [];
$tags = get_tags($rawtags);
$tags = BBCode::getTags($rawtags);
if (count($tags)) {
foreach ($tags as $tag) {
@ -707,8 +708,8 @@ function photos_post(App $a)
Addon::callHooks('photo_post_init', $_POST);
// Determine the album to use
$album = !empty($_REQUEST['album']) ? notags(trim($_REQUEST['album'])) : '';
$newalbum = !empty($_REQUEST['newalbum']) ? notags(trim($_REQUEST['newalbum'])) : '';
$album = !empty($_REQUEST['album']) ? Strings::escapeTags(trim($_REQUEST['album'])) : '';
$newalbum = !empty($_REQUEST['newalbum']) ? Strings::escapeTags(trim($_REQUEST['newalbum'])) : '';
Logger::log('mod/photos.php: photos_post(): album= ' . $album . ' newalbum= ' . $newalbum , Logger::DEBUG);
@ -779,7 +780,7 @@ function photos_post(App $a)
notice(L10n::t('Image exceeds size limit of %s', ini_get('upload_max_filesize')) . EOL);
break;
case UPLOAD_ERR_FORM_SIZE:
notice(L10n::t('Image exceeds size limit of %s', formatBytes(defaults($_REQUEST, 'MAX_FILE_SIZE', 0))) . EOL);
notice(L10n::t('Image exceeds size limit of %s', Strings::formatBytes(defaults($_REQUEST, 'MAX_FILE_SIZE', 0))) . EOL);
break;
case UPLOAD_ERR_PARTIAL:
notice(L10n::t('Image upload didn\'t complete, please try again') . EOL);
@ -808,7 +809,7 @@ function photos_post(App $a)
$maximagesize = Config::get('system', 'maximagesize');
if ($maximagesize && ($filesize > $maximagesize)) {
notice(L10n::t('Image exceeds size limit of %s', formatBytes($maximagesize)) . EOL);
notice(L10n::t('Image exceeds size limit of %s', Strings::formatBytes($maximagesize)) . EOL);
@unlink($src);
$foo = 0;
Addon::callHooks('photo_post_end', $foo);

3
mod/poco.php
View file

@ -15,6 +15,7 @@ use Friendica\Core\System;
use Friendica\Database\DBA;
use Friendica\Protocol\PortableContact;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Strings;
use Friendica\Util\XML;
function poco_init(App $a) {
@ -25,7 +26,7 @@ function poco_init(App $a) {
}
if ($a->argc > 1) {
$user = notags(trim($a->argv[1]));
$user = Strings::escapeTags(trim($a->argv[1]));
}
if (empty($user)) {
$c = q("SELECT * FROM `pconfig` WHERE `cat` = 'system' AND `k` = 'suggestme' AND `v` = 1");

3
mod/poke.php
View file

@ -22,6 +22,7 @@ use Friendica\Core\System;
use Friendica\Core\Worker;
use Friendica\Database\DBA;
use Friendica\Model\Item;
use Friendica\Util\Strings;
use Friendica\Util\XML;
require_once 'include/items.php';
@ -38,7 +39,7 @@ function poke_init(App $a)
return;
}
$verb = notags(trim($_GET['verb']));
$verb = Strings::escapeTags(trim($_GET['verb']));
$verbs = L10n::getPokeVerbs();

15
mod/profile.php
View file

@ -24,6 +24,7 @@ use Friendica\Protocol\ActivityPub;
use Friendica\Protocol\DFRN;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Security;
use Friendica\Util\Strings;
use Friendica\Util\XML;
function profile_init(App $a)
@ -114,9 +115,9 @@ function profile_content(App $a, $update = 0)
for ($x = 2; $x < $a->argc; $x ++) {
if (is_a_date_arg($a->argv[$x])) {
if ($datequery) {
$datequery2 = escape_tags($a->argv[$x]);
$datequery2 = Strings::escapeHtml($a->argv[$x]);
} else {
$datequery = escape_tags($a->argv[$x]);
$datequery = Strings::escapeHtml($a->argv[$x]);
}
} else {
$category = $a->argv[$x];
@ -193,7 +194,7 @@ function profile_content(App $a, $update = 0)
if (!$update) {
$tab = false;
if (!empty($_GET['tab'])) {
$tab = notags(trim($_GET['tab']));
$tab = Strings::escapeTags(trim($_GET['tab']));
}
$o .= Profile::getTabs($a, $is_owner, $a->profile['nickname']);
@ -272,19 +273,19 @@ function profile_content(App $a, $update = 0)
if (!empty($category)) {
$sql_post_table = sprintf("INNER JOIN (SELECT `oid` FROM `term` WHERE `term` = '%s' AND `otype` = %d AND `type` = %d AND `uid` = %d ORDER BY `tid` DESC) AS `term` ON `item`.`id` = `term`.`oid` ",
DBA::escape(protect_sprintf($category)), intval(TERM_OBJ_POST), intval(TERM_CATEGORY), intval($a->profile['profile_uid']));
DBA::escape(Strings::protectSprintf($category)), intval(TERM_OBJ_POST), intval(TERM_CATEGORY), intval($a->profile['profile_uid']));
}
if (!empty($hashtags)) {
$sql_post_table .= sprintf("INNER JOIN (SELECT `oid` FROM `term` WHERE `term` = '%s' AND `otype` = %d AND `type` = %d AND `uid` = %d ORDER BY `tid` DESC) AS `term` ON `item`.`id` = `term`.`oid` ",
DBA::escape(protect_sprintf($hashtags)), intval(TERM_OBJ_POST), intval(TERM_HASHTAG), intval($a->profile['profile_uid']));
DBA::escape(Strings::protectSprintf($hashtags)), intval(TERM_OBJ_POST), intval(TERM_HASHTAG), intval($a->profile['profile_uid']));
}
if (!empty($datequery)) {
$sql_extra2 .= protect_sprintf(sprintf(" AND `thread`.`created` <= '%s' ", DBA::escape(DateTimeFormat::convert($datequery, 'UTC', date_default_timezone_get()))));
$sql_extra2 .= Strings::protectSprintf(sprintf(" AND `thread`.`created` <= '%s' ", DBA::escape(DateTimeFormat::convert($datequery, 'UTC', date_default_timezone_get()))));
}
if (!empty($datequery2)) {
$sql_extra2 .= protect_sprintf(sprintf(" AND `thread`.`created` >= '%s' ", DBA::escape(DateTimeFormat::convert($datequery2, 'UTC', date_default_timezone_get()))));
$sql_extra2 .= Strings::protectSprintf(sprintf(" AND `thread`.`created` >= '%s' ", DBA::escape(DateTimeFormat::convert($datequery2, 'UTC', date_default_timezone_get()))));
}
// Does the profile page belong to a forum?

3
mod/profile_photo.php
View file

@ -16,6 +16,7 @@ use Friendica\Model\Photo;
use Friendica\Model\Profile;
use Friendica\Object\Image;
use Friendica\Util\Security;
use Friendica\Util\Strings;
function profile_photo_init(App $a)
{
@ -151,7 +152,7 @@ function profile_photo_post(App $a)
$maximagesize = Config::get('system', 'maximagesize');
if (($maximagesize) && ($filesize > $maximagesize)) {
notice(L10n::t('Image exceeds size limit of %s', formatBytes($maximagesize)) . EOL);
notice(L10n::t('Image exceeds size limit of %s', Strings::formatBytes($maximagesize)) . EOL);
@unlink($src);
return;
}

67
mod/profiles.php
View file

@ -22,6 +22,7 @@ use Friendica\Model\Profile;
use Friendica\Module\Login;
use Friendica\Network\Probe;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Strings;
use Friendica\Util\Temporal;
function profiles_init(App $a) {
@ -201,13 +202,13 @@ function profiles_post(App $a) {
$is_default = (($orig[0]['is-default']) ? 1 : 0);
$profile_name = notags(trim($_POST['profile_name']));
$profile_name = Strings::escapeTags(trim($_POST['profile_name']));
if (! strlen($profile_name)) {
notice(L10n::t('Profile Name is required.') . EOL);
return;
}
$dob = $_POST['dob'] ? escape_tags(trim($_POST['dob'])) : '0000-00-00';
$dob = $_POST['dob'] ? Strings::escapeHtml(trim($_POST['dob'])) : '0000-00-00';
$y = substr($dob, 0, 4);
if ((! ctype_digit($y)) || ($y < 1900)) {
@ -228,7 +229,7 @@ function profiles_post(App $a) {
}
}
$name = notags(trim($_POST['name']));
$name = Strings::escapeTags(trim($_POST['name']));
if (! strlen($name)) {
$name = '[No Name]';
@ -238,19 +239,19 @@ function profiles_post(App $a) {
$namechanged = true;
}
$pdesc = notags(trim($_POST['pdesc']));
$gender = notags(trim($_POST['gender']));
$address = notags(trim($_POST['address']));
$locality = notags(trim($_POST['locality']));
$region = notags(trim($_POST['region']));
$postal_code = notags(trim($_POST['postal_code']));
$country_name = notags(trim($_POST['country_name']));
$pub_keywords = profile_clean_keywords(notags(trim($_POST['pub_keywords'])));
$prv_keywords = profile_clean_keywords(notags(trim($_POST['prv_keywords'])));
$marital = notags(trim($_POST['marital']));
$howlong = notags(trim($_POST['howlong']));
$pdesc = Strings::escapeTags(trim($_POST['pdesc']));
$gender = Strings::escapeTags(trim($_POST['gender']));
$address = Strings::escapeTags(trim($_POST['address']));
$locality = Strings::escapeTags(trim($_POST['locality']));
$region = Strings::escapeTags(trim($_POST['region']));
$postal_code = Strings::escapeTags(trim($_POST['postal_code']));
$country_name = Strings::escapeTags(trim($_POST['country_name']));
$pub_keywords = profile_clean_keywords(Strings::escapeTags(trim($_POST['pub_keywords'])));
$prv_keywords = profile_clean_keywords(Strings::escapeTags(trim($_POST['prv_keywords'])));
$marital = Strings::escapeTags(trim($_POST['marital']));
$howlong = Strings::escapeTags(trim($_POST['howlong']));
$with = ((x($_POST,'with')) ? notags(trim($_POST['with'])) : '');
$with = ((x($_POST,'with')) ? Strings::escapeTags(trim($_POST['with'])) : '');
if (! strlen($howlong)) {
$howlong = DBA::NULL_DATETIME;
@ -311,30 +312,30 @@ function profiles_post(App $a) {
}
/// @TODO Not flexible enough for later expansion, let's have more OOP here
$sexual = notags(trim($_POST['sexual']));
$xmpp = notags(trim($_POST['xmpp']));
$homepage = notags(trim($_POST['homepage']));
$sexual = Strings::escapeTags(trim($_POST['sexual']));
$xmpp = Strings::escapeTags(trim($_POST['xmpp']));
$homepage = Strings::escapeTags(trim($_POST['homepage']));
if ((strpos($homepage, 'http') !== 0) && (strlen($homepage))) {
// neither http nor https in URL, add them
$homepage = 'http://'.$homepage;
}
$hometown = notags(trim($_POST['hometown']));
$politic = notags(trim($_POST['politic']));
$religion = notags(trim($_POST['religion']));
$hometown = Strings::escapeTags(trim($_POST['hometown']));
$politic = Strings::escapeTags(trim($_POST['politic']));
$religion = Strings::escapeTags(trim($_POST['religion']));
$likes = escape_tags(trim($_POST['likes']));
$dislikes = escape_tags(trim($_POST['dislikes']));
$likes = Strings::escapeHtml(trim($_POST['likes']));
$dislikes = Strings::escapeHtml(trim($_POST['dislikes']));
$about = escape_tags(trim($_POST['about']));
$interest = escape_tags(trim($_POST['interest']));
$contact = escape_tags(trim($_POST['contact']));
$music = escape_tags(trim($_POST['music']));
$book = escape_tags(trim($_POST['book']));
$tv = escape_tags(trim($_POST['tv']));
$film = escape_tags(trim($_POST['film']));
$romance = escape_tags(trim($_POST['romance']));
$work = escape_tags(trim($_POST['work']));
$education = escape_tags(trim($_POST['education']));
$about = Strings::escapeHtml(trim($_POST['about']));
$interest = Strings::escapeHtml(trim($_POST['interest']));
$contact = Strings::escapeHtml(trim($_POST['contact']));
$music = Strings::escapeHtml(trim($_POST['music']));
$book = Strings::escapeHtml(trim($_POST['book']));
$tv = Strings::escapeHtml(trim($_POST['tv']));
$film = Strings::escapeHtml(trim($_POST['film']));
$romance = Strings::escapeHtml(trim($_POST['romance']));
$work = Strings::escapeHtml(trim($_POST['work']));
$education = Strings::escapeHtml(trim($_POST['education']));
$hide_friends = (($_POST['hide-friends'] == 1) ? 1: 0);

17
mod/pubsub.php
View file

@ -6,6 +6,7 @@ use Friendica\Core\Protocol;
use Friendica\Database\DBA;
use Friendica\Model\Contact;
use Friendica\Protocol\OStatus;
use Friendica\Util\Strings;
require_once 'include/items.php';
@ -30,15 +31,15 @@ function hub_post_return()
function pubsub_init(App $a)
{
$nick = (($a->argc > 1) ? notags(trim($a->argv[1])) : '');
$nick = (($a->argc > 1) ? Strings::escapeTags(trim($a->argv[1])) : '');
$contact_id = (($a->argc > 2) ? intval($a->argv[2]) : 0 );
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$hub_mode = notags(trim(defaults($_GET, 'hub_mode', '')));
$hub_topic = notags(trim(defaults($_GET, 'hub_topic', '')));
$hub_challenge = notags(trim(defaults($_GET, 'hub_challenge', '')));
$hub_lease = notags(trim(defaults($_GET, 'hub_lease_seconds', '')));
$hub_verify = notags(trim(defaults($_GET, 'hub_verify_token', '')));
$hub_mode = Strings::escapeTags(trim(defaults($_GET, 'hub_mode', '')));
$hub_topic = Strings::escapeTags(trim(defaults($_GET, 'hub_topic', '')));
$hub_challenge = Strings::escapeTags(trim(defaults($_GET, 'hub_challenge', '')));
$hub_lease = Strings::escapeTags(trim(defaults($_GET, 'hub_lease_seconds', '')));
$hub_verify = Strings::escapeTags(trim(defaults($_GET, 'hub_verify_token', '')));
Logger::log('Subscription from ' . $_SERVER['REMOTE_ADDR'] . ' Mode: ' . $hub_mode . ' Nick: ' . $nick);
Logger::log('Data: ' . print_r($_GET,true), Logger::DATA);
@ -63,7 +64,7 @@ function pubsub_init(App $a)
hub_return(false, '');
}
if (!empty($hub_topic) && !link_compare($hub_topic, $contact['poll'])) {
if (!empty($hub_topic) && !Strings::compareLink($hub_topic, $contact['poll'])) {
Logger::log('Hub topic ' . $hub_topic . ' != ' . $contact['poll']);
hub_return(false, '');
}
@ -91,7 +92,7 @@ function pubsub_post(App $a)
Logger::log('Feed arrived from ' . $_SERVER['REMOTE_ADDR'] . ' for ' . $a->cmd . ' with user-agent: ' . $_SERVER['HTTP_USER_AGENT']);
Logger::log('Data: ' . $xml, Logger::DATA);
$nick = (($a->argc > 1) ? notags(trim($a->argv[1])) : '');
$nick = (($a->argc > 1) ? Strings::escapeTags(trim($a->argv[1])) : '');
$contact_id = (($a->argc > 2) ? intval($a->argv[2]) : 0 );
$importer = DBA::selectFirst('user', [], ['nickname' => $nick, 'account_expired' => false, 'account_removed' => false]);

7
mod/pubsubhubbub.php
View file

@ -7,9 +7,10 @@ use Friendica\Core\System;
use Friendica\Database\DBA;
use Friendica\Model\PushSubscriber;
use Friendica\Util\Network;
use Friendica\Util\Strings;
function post_var($name) {
return (x($_POST, $name)) ? notags(trim($_POST[$name])) : '';
return (x($_POST, $name)) ? Strings::escapeTags(trim($_POST[$name])) : '';
}
function pubsubhubbub_init(App $a) {
@ -87,13 +88,13 @@ function pubsubhubbub_init(App $a) {
// sanity check that topic URLs are the same
$hub_topic2 = str_replace('/feed/', '/dfrn_poll/', $hub_topic);
if (!link_compare($hub_topic, $contact['poll']) && !link_compare($hub_topic2, $contact['poll'])) {
if (!Strings::compareLink($hub_topic, $contact['poll']) && !Strings::compareLink($hub_topic2, $contact['poll'])) {
Logger::log('Hub topic ' . $hub_topic . ' != ' . $contact['poll']);
System::httpExit(404);
}
// do subscriber verification according to the PuSH protocol
$hub_challenge = random_string(40);
$hub_challenge = Strings::getRandomHex(40);
$params = 'hub.mode=' .
($subscribe == 1 ? 'subscribe' : 'unsubscribe') .
'&hub.topic=' . urlencode($hub_topic) .

5
mod/redir.php
View file

@ -8,6 +8,7 @@ use Friendica\Core\System;
use Friendica\Database\DBA;
use Friendica\Model\Contact;
use Friendica\Model\Profile;
use Friendica\Util\Strings;
function redir_init(App $a) {
@ -93,7 +94,7 @@ function redir_init(App $a) {
$dfrn_id = '0:' . $orig_id;
}
$sec = random_string();
$sec = Strings::getRandomHex();
$fields = ['uid' => local_user(), 'cid' => $cid, 'dfrn_id' => $dfrn_id,
'sec' => $sec, 'expire' => time() + 45];
@ -115,7 +116,7 @@ function redir_init(App $a) {
if (!empty($url)) {
$my_profile = Profile::getMyURL();
if (!empty($my_profile) && !link_compare($my_profile, $url)) {
if (!empty($my_profile) && !Strings::compareLink($my_profile, $url)) {
$separator = strpos($url, '?') ? '&' : '?';
$url .= $separator . 'zrl=' . urlencode($my_profile);

3
mod/register.php
View file

@ -16,6 +16,7 @@ use Friendica\Core\System;
use Friendica\Core\Worker;
use Friendica\Model;
use Friendica\Module\Tos;
use Friendica\Util\Strings;
require_once 'include/enotify.php';
@ -83,7 +84,7 @@ function register_post(App $a)
$using_invites = Config::get('system', 'invitation_only');
$num_invites = Config::get('system', 'number_invites');
$invite_id = ((x($_POST, 'invite_id')) ? notags(trim($_POST['invite_id'])) : '');
$invite_id = ((x($_POST, 'invite_id')) ? Strings::escapeTags(trim($_POST['invite_id'])) : '');
if (intval(Config::get('config', 'register_policy')) === REGISTER_OPEN) {
if ($using_invites && $invite_id) {

2
mod/removeme.php
View file

@ -68,7 +68,7 @@ function removeme_content(App $a)
$a->internalRedirect();
}
$hash = random_string();
$hash = Strings::getRandomHex();
require_once("mod/settings.php");
settings_init($a);

17
mod/salmon.php
View file

@ -12,6 +12,7 @@ use Friendica\Model\Contact;
use Friendica\Protocol\OStatus;
use Friendica\Protocol\Salmon;
use Friendica\Util\Crypto;
use Friendica\Util\Strings;
require_once 'include/items.php';
@ -23,7 +24,7 @@ function salmon_post(App $a, $xml = '') {
Logger::log('new salmon ' . $xml, Logger::DATA);
$nick = (($a->argc > 1) ? notags(trim($a->argv[1])) : '');
$nick = (($a->argc > 1) ? Strings::escapeTags(trim($a->argv[1])) : '');
$mentions = (($a->argc > 2 && $a->argv[2] === 'mention') ? true : false);
$r = q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `account_expired` = 0 AND `account_removed` = 0 LIMIT 1",
@ -57,7 +58,7 @@ function salmon_post(App $a, $xml = '') {
// Stash the signature away for now. We have to find their key or it won't be good for anything.
$signature = base64url_decode($base->sig);
$signature = Strings::base64UrlDecode($base->sig);
// unpack the data
@ -76,13 +77,13 @@ function salmon_post(App $a, $xml = '') {
$stnet_signed_data = $data;
$signed_data = $data . '.' . base64url_encode($type) . '.' . base64url_encode($encoding) . '.' . base64url_encode($alg);
$signed_data = $data . '.' . Strings::base64UrlEncode($type) . '.' . Strings::base64UrlEncode($encoding) . '.' . Strings::base64UrlEncode($alg);
$compliant_format = str_replace('=', '', $signed_data);
// decode the data
$data = base64url_decode($data);
$data = Strings::base64UrlDecode($data);
$author = OStatus::salmonAuthor($data, $importer);
$author_link = $author["author-link"];
@ -105,8 +106,8 @@ function salmon_post(App $a, $xml = '') {
$key_info = explode('.',$key);
$m = base64url_decode($key_info[1]);
$e = base64url_decode($key_info[2]);
$m = Strings::base64UrlDecode($key_info[1]);
$e = Strings::base64UrlDecode($key_info[2]);
Logger::log('key details: ' . print_r($key_info,true), Logger::DEBUG);
@ -149,9 +150,9 @@ function salmon_post(App $a, $xml = '') {
AND `uid` = %d LIMIT 1",
DBA::escape(Protocol::OSTATUS),
DBA::escape(Protocol::DFRN),
DBA::escape(normalise_link($author_link)),
DBA::escape(Strings::normaliseLink($author_link)),
DBA::escape($author_link),
DBA::escape(normalise_link($author_link)),
DBA::escape(Strings::normaliseLink($author_link)),
intval($importer['uid'])
);

11
mod/search.php
View file

@ -16,6 +16,7 @@ use Friendica\Core\Renderer;
use Friendica\Core\System;
use Friendica\Database\DBA;
use Friendica\Model\Item;
use Friendica\Util\Strings;
require_once 'include/conversation.php';
require_once 'mod/dirfind.php';
@ -23,7 +24,7 @@ require_once 'mod/dirfind.php';
function search_saved_searches() {
$o = '';
$search = ((x($_GET,'search')) ? notags(trim(rawurldecode($_GET['search']))) : '');
$search = ((x($_GET,'search')) ? Strings::escapeTags(trim(rawurldecode($_GET['search']))) : '');
if (!Feature::isEnabled(local_user(),'savedsearch'))
return $o;
@ -62,7 +63,7 @@ function search_saved_searches() {
function search_init(App $a) {
$search = ((x($_GET,'search')) ? notags(trim(rawurldecode($_GET['search']))) : '');
$search = ((x($_GET,'search')) ? Strings::escapeTags(trim(rawurldecode($_GET['search']))) : '');
if (local_user()) {
if (x($_GET,'save') && $search) {
@ -149,14 +150,14 @@ function search_content(App $a) {
$search = '';
if (x($a->data,'search'))
$search = notags(trim($a->data['search']));
$search = Strings::escapeTags(trim($a->data['search']));
else
$search = ((x($_GET,'search')) ? notags(trim(rawurldecode($_GET['search']))) : '');
$search = ((x($_GET,'search')) ? Strings::escapeTags(trim(rawurldecode($_GET['search']))) : '');
$tag = false;
if (x($_GET,'tag')) {
$tag = true;
$search = (x($_GET,'tag') ? '#' . notags(trim(rawurldecode($_GET['tag']))) : '');
$search = (x($_GET,'tag') ? '#' . Strings::escapeTags(trim(rawurldecode($_GET['tag']))) : '');
}
// contruct a wrapper for the search header

21
mod/settings.php
View file

@ -25,6 +25,7 @@ use Friendica\Model\User;
use Friendica\Module\Login;
use Friendica\Protocol\Email;
use Friendica\Util\Network;
use Friendica\Util\Strings;
use Friendica\Util\Temporal;
function get_theme_config_file($theme)
@ -314,8 +315,8 @@ function settings_post(App $a)
if (($a->argc > 1) && ($a->argv[1] === 'display')) {
BaseModule::checkFormSecurityTokenRedirectOnError('/settings/display', 'settings_display');
$theme = x($_POST, 'theme') ? notags(trim($_POST['theme'])) : $a->user['theme'];
$mobile_theme = x($_POST, 'mobile_theme') ? notags(trim($_POST['mobile_theme'])) : '';
$theme = x($_POST, 'theme') ? Strings::escapeTags(trim($_POST['theme'])) : $a->user['theme'];
$mobile_theme = x($_POST, 'mobile_theme') ? Strings::escapeTags(trim($_POST['mobile_theme'])) : '';
$nosmile = x($_POST, 'nosmile') ? intval($_POST['nosmile']) : 0;
$first_day_of_week = x($_POST, 'first_day_of_week') ? intval($_POST['first_day_of_week']) : 0;
$noinfo = x($_POST, 'noinfo') ? intval($_POST['noinfo']) : 0;
@ -422,13 +423,13 @@ function settings_post(App $a)
}
}
$username = ((x($_POST, 'username')) ? notags(trim($_POST['username'])) : '');
$email = ((x($_POST, 'email')) ? notags(trim($_POST['email'])) : '');
$timezone = ((x($_POST, 'timezone')) ? notags(trim($_POST['timezone'])) : '');
$language = ((x($_POST, 'language')) ? notags(trim($_POST['language'])) : '');
$username = ((x($_POST, 'username')) ? Strings::escapeTags(trim($_POST['username'])) : '');
$email = ((x($_POST, 'email')) ? Strings::escapeTags(trim($_POST['email'])) : '');
$timezone = ((x($_POST, 'timezone')) ? Strings::escapeTags(trim($_POST['timezone'])) : '');
$language = ((x($_POST, 'language')) ? Strings::escapeTags(trim($_POST['language'])) : '');
$defloc = ((x($_POST, 'defloc')) ? notags(trim($_POST['defloc'])) : '');
$openid = ((x($_POST, 'openid_url')) ? notags(trim($_POST['openid_url'])) : '');
$defloc = ((x($_POST, 'defloc')) ? Strings::escapeTags(trim($_POST['defloc'])) : '');
$openid = ((x($_POST, 'openid_url')) ? Strings::escapeTags(trim($_POST['openid_url'])) : '');
$maxreq = ((x($_POST, 'maxreq')) ? intval($_POST['maxreq']) : 0);
$expire = ((x($_POST, 'expire')) ? intval($_POST['expire']) : 0);
$def_gid = ((x($_POST, 'group-selection')) ? intval($_POST['group-selection']) : 0);
@ -516,7 +517,7 @@ function settings_post(App $a)
$email = $a->user['email'];
}
// check the email is valid
if (!valid_email($email)) {
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$err .= L10n::t('Invalid email.');
}
// ensure new email is not the admin mail
@ -544,7 +545,7 @@ function settings_post(App $a)
$str_contact_deny = !empty($_POST['contact_deny']) ? perms2str($_POST['contact_deny']) : '';
$openidserver = $a->user['openidserver'];
//$openid = normalise_openid($openid);
//$openid = Strings::normaliseOpenID($openid);
// If openid has changed or if there's an openid but no openidserver, try and discover it.
if ($openid != $a->user['openid'] || (strlen($openid) && (!strlen($openidserver)))) {

3
mod/subthread.php
View file

@ -10,6 +10,7 @@ use Friendica\Core\System;
use Friendica\Database\DBA;
use Friendica\Model\Item;
use Friendica\Util\Security;
use Friendica\Util\Strings;
use Friendica\Util\XML;
require_once 'include/items.php';
@ -22,7 +23,7 @@ function subthread_content(App $a) {
$activity = ACTIVITY_FOLLOW;
$item_id = (($a->argc > 1) ? notags(trim($a->argv[1])) : 0);
$item_id = (($a->argc > 1) ? Strings::escapeTags(trim($a->argv[1])) : 0);
$condition = ["`parent` = ? OR `parent-uri` = ? AND `parent` = `id`", $item_id, $item_id];
$item = Item::selectFirst([], $condition);

5
mod/tagger.php
View file

@ -10,6 +10,7 @@ use Friendica\Core\System;
use Friendica\Core\Worker;
use Friendica\Database\DBA;
use Friendica\Model\Item;
use Friendica\Util\Strings;
use Friendica\Util\XML;
require_once 'include/items.php';
@ -20,7 +21,7 @@ function tagger_content(App $a) {
return;
}
$term = notags(trim($_GET['term']));
$term = Strings::escapeTags(trim($_GET['term']));
// no commas allowed
$term = str_replace([',',' '],['','_'],$term);
@ -28,7 +29,7 @@ function tagger_content(App $a) {
return;
}
$item_id = (($a->argc > 1) ? notags(trim($a->argv[1])) : 0);
$item_id = (($a->argc > 1) ? Strings::escapeTags(trim($a->argv[1])) : 0);
Logger::log('tagger: tag ' . $term . ' item ' . $item_id);

5
mod/tagrm.php
View file

@ -9,6 +9,7 @@ use Friendica\Core\L10n;
use Friendica\Database\DBA;
use Friendica\Model\Item;
use Friendica\Model\Term;
use Friendica\Util\Strings;
function tagrm_post(App $a)
{
@ -22,7 +23,7 @@ function tagrm_post(App $a)
$tags = [];
foreach (defaults($_POST, 'tag', []) as $tag) {
$tags[] = hex2bin(notags(trim($tag)));
$tags[] = hex2bin(Strings::escapeTags(trim($tag)));
}
$item_id = defaults($_POST,'item', 0);
@ -73,7 +74,7 @@ function tagrm_content(App $a)
}
if ($a->argc == 3) {
update_tags($a->argv[1], [notags(trim(hex2bin($a->argv[2])))]);
update_tags($a->argv[1], [Strings::escapeTags(trim(hex2bin($a->argv[2])))]);
$a->internalRedirect($_SESSION['photo_return']);
}

13
mod/unfollow.php
View file

@ -12,6 +12,7 @@ use Friendica\Database\DBA;
use Friendica\Model\Contact;
use Friendica\Model\Profile;
use Friendica\Model\User;
use Friendica\Util\Strings;
function unfollow_post(App $a)
{
@ -24,11 +25,11 @@ function unfollow_post(App $a)
}
$uid = local_user();
$url = notags(trim(defaults($_REQUEST, 'url', '')));
$url = Strings::escapeTags(trim(defaults($_REQUEST, 'url', '')));
$condition = ["`uid` = ? AND (`rel` = ? OR `rel` = ?) AND (`nurl` = ? OR `alias` = ? OR `alias` = ?)",
$uid, Contact::SHARING, Contact::FRIEND, normalise_link($url),
normalise_link($url), $url];
$uid, Contact::SHARING, Contact::FRIEND, Strings::normaliseLink($url),
Strings::normaliseLink($url), $url];
$contact = DBA::selectFirst('contact', [], $condition);
if (!DBA::isResult($contact)) {
@ -79,11 +80,11 @@ function unfollow_content(App $a)
}
$uid = local_user();
$url = notags(trim($_REQUEST['url']));
$url = Strings::escapeTags(trim($_REQUEST['url']));
$condition = ["`uid` = ? AND (`rel` = ? OR `rel` = ?) AND (`nurl` = ? OR `alias` = ? OR `alias` = ?)",
local_user(), Contact::SHARING, Contact::FRIEND, normalise_link($url),
normalise_link($url), $url];
local_user(), Contact::SHARING, Contact::FRIEND, Strings::normaliseLink($url),
Strings::normaliseLink($url), $url];
$contact = DBA::selectFirst('contact', ['url', 'network', 'addr', 'name'], $condition);

3
mod/wall_attach.php
View file

@ -11,6 +11,7 @@ use Friendica\Database\DBA;
use Friendica\Model\Contact;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Mimetype;
use Friendica\Util\Strings;
function wall_attach_post(App $a) {
@ -115,7 +116,7 @@ function wall_attach_post(App $a) {
}
if ($maxfilesize && $filesize > $maxfilesize) {
$msg = L10n::t('File exceeds size limit of %s', formatBytes($maxfilesize));
$msg = L10n::t('File exceeds size limit of %s', Strings::formatBytes($maxfilesize));
if ($r_json) {
echo json_encode(['error' => $msg]);
} else {

5
mod/wall_upload.php
View file

@ -17,13 +17,14 @@ use Friendica\Database\DBA;
use Friendica\Model\Contact;
use Friendica\Model\Photo;
use Friendica\Object\Image;
use Friendica\Util\Strings;
function wall_upload_post(App $a, $desktopmode = true)
{
Logger::log("wall upload: starting new upload", Logger::DEBUG);
$r_json = (x($_GET, 'response') && $_GET['response'] == 'json');
$album = (x($_GET, 'album') ? notags(trim($_GET['album'])) : '');
$album = (x($_GET, 'album') ? Strings::escapeTags(trim($_GET['album'])) : '');
if ($a->argc > 1) {
if (!x($_FILES, 'media')) {
@ -193,7 +194,7 @@ function wall_upload_post(App $a, $desktopmode = true)
$maximagesize = Config::get('system', 'maximagesize');
if (($maximagesize) && ($filesize > $maximagesize)) {
$msg = L10n::t('Image exceeds size limit of %s', formatBytes($maximagesize));
$msg = L10n::t('Image exceeds size limit of %s', Strings::formatBytes($maximagesize));
if ($r_json) {
echo json_encode(['error' => $msg]);
} else {

9
mod/wallmessage.php
View file

@ -10,6 +10,7 @@ use Friendica\Core\System;
use Friendica\Database\DBA;
use Friendica\Model\Mail;
use Friendica\Model\Profile;
use Friendica\Util\Strings;
function wallmessage_post(App $a) {
@ -19,10 +20,10 @@ function wallmessage_post(App $a) {
return;
}
$subject = ((x($_REQUEST,'subject')) ? notags(trim($_REQUEST['subject'])) : '');
$body = ((x($_REQUEST,'body')) ? escape_tags(trim($_REQUEST['body'])) : '');
$subject = ((x($_REQUEST,'subject')) ? Strings::escapeTags(trim($_REQUEST['subject'])) : '');
$body = ((x($_REQUEST,'body')) ? Strings::escapeHtml(trim($_REQUEST['body'])) : '');
$recipient = (($a->argc > 1) ? notags($a->argv[1]) : '');
$recipient = (($a->argc > 1) ? Strings::escapeTags($a->argv[1]) : '');
if ((! $recipient) || (! $body)) {
return;
}
@ -131,7 +132,7 @@ function wallmessage_content(App $a) {
'$recipname' => $user['username'],
'$nickname' => $user['nickname'],
'$subjtxt' => ((x($_REQUEST, 'subject')) ? strip_tags($_REQUEST['subject']) : ''),
'$text' => ((x($_REQUEST, 'body')) ? escape_tags(htmlspecialchars($_REQUEST['body'])) : ''),
'$text' => ((x($_REQUEST, 'body')) ? Strings::escapeHtml(htmlspecialchars($_REQUEST['body'])) : ''),
'$readonly' => '',
'$yourmessage' => L10n::t('Your message:'),
'$parent' => '',

5
mod/xrd.php
View file

@ -9,6 +9,7 @@ use Friendica\Core\Renderer;
use Friendica\Core\System;
use Friendica\Database\DBA;
use Friendica\Protocol\Salmon;
use Friendica\Util\Strings;
function xrd_init(App $a)
{
@ -17,7 +18,7 @@ function xrd_init(App $a)
System::httpExit(404);
}
$uri = urldecode(notags(trim($_GET['uri'])));
$uri = urldecode(Strings::escapeTags(trim($_GET['uri'])));
if (defaults($_SERVER, 'HTTP_ACCEPT', '') == 'application/jrd+json') {
$mode = 'json';
} else {
@ -28,7 +29,7 @@ function xrd_init(App $a)
System::httpExit(404);
}
$uri = urldecode(notags(trim($_GET['resource'])));
$uri = urldecode(Strings::escapeTags(trim($_GET['resource'])));
if (defaults($_SERVER, 'HTTP_ACCEPT', '') == 'application/xrd+xml') {
$mode = 'xml';
} else {

2
spec/dfrn2_contact_request.svg
View file

@ -38,7 +38,7 @@ text { font:12px Dialog; }
<text x="904" y="1084" style="font:13px Open Sans">where self = 0 to look if this contact is already there (if </text>
<text x="904" y="1107" style="font:13px Open Sans">issued-id or rel is already available return here because it </text>
<text x="904" y="1130" style="font:13px Open Sans">seems that we are already connected)</text>
<text x="904" y="1176" style="font:13px Open Sans">- create a issued-id with $issued_id = random_string();</text>
<text x="904" y="1176" style="font:13px Open Sans">- create a issued-id with $issued_id = Strings::getRandomHex();</text>
<text x="904" y="1222" style="font:13px Open Sans">- if we already found a contact record above update the </text>
<text x="904" y="1245" style="font:13px Open Sans">issued-id with the one we have created</text>
<text x="904" y="1291" style="font:13px Open Sans">- otherwise if Bob is not already in the contact table scrape </text>

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 33 KiB

After

Width:  |  Height:  |  Size: 33 KiB

4
spec/zot-2012.txt
View file

@ -11,12 +11,12 @@ First create a global unique userid
Site userid:
https://macgirvin.com/1
$guuid = base64url_encode(hash('whirlpool','https://macgirvin.com/1.' . mt_rand(1000000,9999999),1);
$guuid = Strings::base64UrlEncode(hash('whirlpool','https://macgirvin.com/1.' . mt_rand(1000000,9999999),1);
Then create a hashed site destination.
$gduid = base64url_encode(hash('whirlpool', $guuid . 'https://macgirvin.com',1);
$gduid = Strings::base64UrlEncode(hash('whirlpool', $guuid . 'https://macgirvin.com',1);
These two keys will identify you as a person+site pair in the future.
You will also obtain a password upon introducing yourself to a site.

8
src/App.php
View file

@ -816,12 +816,12 @@ class App
public function removeBaseURL($origURL)
{
// Remove the hostname from the url if it is an internal link
$nurl = normalise_link($origURL);
$base = normalise_link($this->getBaseURL());
$nurl = Util\Strings::normaliseLink($origURL);
$base = Util\Strings::normaliseLink($this->getBaseURL());
$url = str_replace($base . '/', '', $nurl);
// if it is an external link return the orignal value
if ($url == normalise_link($origURL)) {
if ($url == Util\Strings::normaliseLink($origURL)) {
return $origURL;
} else {
return $url;
@ -1443,7 +1443,7 @@ class App
// and www.example.com vs example.com.
// We will only change the url to an ip address if there is no existing setting
if (empty($url) || (!link_compare($url, $this->getBaseURL())) && (!preg_match("/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/", $this->getHostName()))) {
if (empty($url) || (!Util\Strings::compareLink($url, $this->getBaseURL())) && (!preg_match("/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/", $this->getHostName()))) {
Core\Config::set('system', 'url', $this->getBaseURL());
}
}

7
src/Content/ContactSelector.php
View file

@ -10,6 +10,7 @@ use Friendica\Core\Protocol;
use Friendica\Core\System;
use Friendica\Database\DBA;
use Friendica\Util\Network;
use Friendica\Util\Strings;
/**
* @brief ContactSelector class
@ -106,12 +107,12 @@ class ContactSelector
// Create the server url out of the profile url
$parts = parse_url($profile);
unset($parts['path']);
$server_url = [normalise_link(Network::unparseURL($parts))];
$server_url = [Strings::normaliseLink(Network::unparseURL($parts))];
// Fetch the server url
$gcontact = DBA::selectFirst('gcontact', ['server_url'], ['nurl' => normalise_link($profile)]);
$gcontact = DBA::selectFirst('gcontact', ['server_url'], ['nurl' => Strings::normaliseLink($profile)]);
if (!empty($gcontact) && !empty($gcontact['server_url'])) {
$server_url[] = normalise_link($gcontact['server_url']);
$server_url[] = Strings::normaliseLink($gcontact['server_url']);
}
// Now query the GServer for the platform name

7
src/Content/OEmbed.php
View file

@ -21,6 +21,7 @@ use Friendica\Util\DateTimeFormat;
use Friendica\Util\Network;
use Friendica\Util\ParseUrl;
use Friendica\Util\Proxy as ProxyUtils;
use Friendica\Util\Strings;
require_once 'include/dba.php';
@ -61,7 +62,7 @@ class OEmbed
$cache_key = 'oembed:' . $a->videowidth . ':' . $embedurl;
$condition = ['url' => normalise_link($embedurl), 'maxwidth' => $a->videowidth];
$condition = ['url' => Strings::normaliseLink($embedurl), 'maxwidth' => $a->videowidth];
$oembed_record = DBA::selectFirst('oembed', ['content'], $condition);
if (DBA::isResult($oembed_record)) {
$json_string = $oembed_record['content'];
@ -116,7 +117,7 @@ class OEmbed
if (!empty($oembed->type) && $oembed->type != 'error') {
DBA::insert('oembed', [
'url' => normalise_link($embedurl),
'url' => Strings::normaliseLink($embedurl),
'maxwidth' => $a->videowidth,
'content' => $json_string,
'created' => DateTimeFormat::utcNow()
@ -373,7 +374,7 @@ class OEmbed
}
$width = '100%';
$src = System::baseUrl() . '/oembed/' . base64url_encode($src);
$src = System::baseUrl() . '/oembed/' . Strings::base64UrlEncode($src);
return '<iframe onload="resizeIframe(this);" class="embed_rich" height="' . $height . '" width="' . $width . '" src="' . $src . '" allowfullscreen scrolling="no" frameborder="no">' . L10n::t('Embedded content') . '</iframe>';
}

5
src/Content/Smilies.php
View file

@ -19,6 +19,7 @@ use Friendica\Core\Addon;
use Friendica\Core\Config;
use Friendica\Core\PConfig;
use Friendica\Core\System;
use Friendica\Util\Strings;
/**
* This class contains functions to handle smiles
@ -241,7 +242,7 @@ class Smilies
*/
private static function encode($m)
{
return(str_replace($m[1], base64url_encode($m[1]), $m[0]));
return(str_replace($m[1], Strings::base64UrlEncode($m[1]), $m[0]));
}
/**
@ -251,7 +252,7 @@ class Smilies
*/
private static function decode($m)
{
return(str_replace($m[1], base64url_decode($m[1]), $m[0]));
return(str_replace($m[1], Strings::base64UrlDecode($m[1]), $m[0]));
}

83
src/Content/Text/BBCode.php
View file

@ -27,6 +27,7 @@ use Friendica\Util\Map;
use Friendica\Util\Network;
use Friendica\Util\ParseUrl;
use Friendica\Util\Proxy as ProxyUtils;
use Friendica\Util\Strings;
class BBCode extends BaseObject
{
@ -943,7 +944,7 @@ class BBCode extends BaseObject
case 3: // Diaspora
$headline = '<p><b>' . html_entity_decode('&#x2672; ', ENT_QUOTES, 'UTF-8') . $mention . ':</b></p>' . "\n";
if (stripos(normalise_link($attributes['link']), 'http://twitter.com/') === 0) {
if (stripos(Strings::normaliseLink($attributes['link']), 'http://twitter.com/') === 0) {
$text = ($is_quote_share? '<hr />' : '') . '<p><a href="' . $attributes['link'] . '">' . $attributes['link'] . '</a></p>' . "\n";
} else {
$text = ($is_quote_share? '<hr />' : '') . $headline . '<blockquote>' . trim($content) . '</blockquote>' . "\n";
@ -978,7 +979,7 @@ class BBCode extends BaseObject
break;
default:
// Transforms quoted tweets in rich attachments to avoid nested tweets
if (stripos(normalise_link($attributes['link']), 'http://twitter.com/') === 0 && OEmbed::isAllowedURL($attributes['link'])) {
if (stripos(Strings::normaliseLink($attributes['link']), 'http://twitter.com/') === 0 && OEmbed::isAllowedURL($attributes['link'])) {
try {
$text = ($is_quote_share? '<br />' : '') . OEmbed::getHTML($attributes['link']);
} catch (Exception $e) {
@ -1363,7 +1364,7 @@ class BBCode extends BaseObject
$text = preg_replace("/\[mail\=([$MAILSearchString]*)\](.*?)\[\/mail\]/", '<a href="mailto:$1">$2</a>', $text);
// leave open the posibility of [map=something]
// this is replaced in prepare_body() which has knowledge of the item location
// this is replaced in Item::prepareBody() which has knowledge of the item location
if (strpos($text, '[/map]') !== false) {
$text = preg_replace_callback(
@ -1474,7 +1475,7 @@ class BBCode extends BaseObject
$text = str_replace('[hr]', '<hr />', $text);
// This is actually executed in prepare_body()
// This is actually executed in Item::prepareBody()
$text = str_replace('[nosmile]', '', $text);
@ -1910,4 +1911,78 @@ class BBCode extends BaseObject
return $text;
}
/**
* @brief Pull out all #hashtags and @person tags from $string.
*
* We also get @person@domain.com - which would make
* the regex quite complicated as tags can also
* end a sentence. So we'll run through our results
* and strip the period from any tags which end with one.
* Returns array of tags found, or empty array.
*
* @param string $string Post content
*
* @return array List of tag and person names
*/
public static function getTags($string)
{
$ret = [];
// Convert hashtag links to hashtags
$string = preg_replace('/#\[url\=([^\[\]]*)\](.*?)\[\/url\]/ism', '#$2', $string);
// ignore anything in a code block
$string = preg_replace('/\[code\](.*?)\[\/code\]/sm', '', $string);
// Force line feeds at bbtags
$string = str_replace(['[', ']'], ["\n[", "]\n"], $string);
// ignore anything in a bbtag
$string = preg_replace('/\[(.*?)\]/sm', '', $string);
// Match full names against @tags including the space between first and last
// We will look these up afterward to see if they are full names or not recognisable.
if (preg_match_all('/(@[^ \x0D\x0A,:?]+ [^ \x0D\x0A@,:?]+)([ \x0D\x0A@,:?]|$)/', $string, $matches)) {
foreach ($matches[1] as $match) {
if (strstr($match, ']')) {
// we might be inside a bbcode color tag - leave it alone
continue;
}
if (substr($match, -1, 1) === '.') {
$ret[] = substr($match, 0, -1);
} else {
$ret[] = $match;
}
}
}
// Otherwise pull out single word tags. These can be @nickname, @first_last
// and #hash tags.
if (preg_match_all('/([!#@][^\^ \x0D\x0A,;:?]+)([ \x0D\x0A,;:?]|$)/', $string, $matches)) {
foreach ($matches[1] as $match) {
if (strstr($match, ']')) {
// we might be inside a bbcode color tag - leave it alone
continue;
}
if (substr($match, -1, 1) === '.') {
$match = substr($match,0,-1);
}
// ignore strictly numeric tags like #1
if ((strpos($match, '#') === 0) && ctype_digit(substr($match, 1))) {
continue;
}
// try not to catch url fragments
if (strpos($string, $match) && preg_match('/[a-zA-z0-9\/]/', substr($string, strpos($string, $match) - 1, 1))) {
continue;
}
$ret[] = $match;
}
}
return $ret;
}
}

5
src/Content/Text/HTML.php
View file

@ -7,6 +7,7 @@ namespace Friendica\Content\Text;
use DOMDocument;
use DOMXPath;
use Friendica\Content\Feature;
use Friendica\Core\Addon;
use Friendica\Core\L10n;
use Friendica\Core\Config;
@ -17,9 +18,9 @@ use Friendica\Database\DBA;
use Friendica\Model\Contact;
use Friendica\Util\Network;
use Friendica\Util\Proxy as ProxyUtils;
use Friendica\Util\Strings;
use Friendica\Util\XML;
use League\HTMLToMarkdown\HtmlConverter;
use Friendica\Content\Feature;
class HTML
{
@ -1011,7 +1012,7 @@ class HTML
$tpl = Renderer::getMarkupTemplate('wall/content_filter.tpl');
$html = Renderer::replaceMacros($tpl, [
'$reasons' => $reasons,
'$rnd' => random_string(8),
'$rnd' => Strings::getRandomHex(8),
'$openclose' => L10n::t('Click to open/close'),
'$html' => $html
]);

5
src/Content/Widget.php
View file

@ -18,6 +18,7 @@ use Friendica\Model\Contact;
use Friendica\Model\FileTag;
use Friendica\Model\GContact;
use Friendica\Model\Profile;
use Friendica\Util\Strings;
use Friendica\Util\XML;
require_once 'boot.php';
@ -270,11 +271,11 @@ class Widget
if (!$cid) {
if (Profile::getMyURL()) {
$contact = DBA::selectFirst('contact', ['id'],
['nurl' => normalise_link(Profile::getMyURL()), 'uid' => $profile_uid]);
['nurl' => Strings::normaliseLink(Profile::getMyURL()), 'uid' => $profile_uid]);
if (DBA::isResult($contact)) {
$cid = $contact['id'];
} else {
$gcontact = DBA::selectFirst('gcontact', ['id'], ['nurl' => normalise_link(Profile::getMyURL())]);
$gcontact = DBA::selectFirst('gcontact', ['id'], ['nurl' => Strings::normaliseLink(Profile::getMyURL())]);
if (DBA::isResult($gcontact)) {
$zcid = $gcontact['id'];
}

50
src/Core/Authentication.php
View file

@ -12,6 +12,7 @@ use Friendica\Core\L10n;
use Friendica\Core\Logger;
use Friendica\Core\PConfig;
use Friendica\Database\DBA;
use Friendica\Model\User;
use Friendica\Util\DateTimeFormat;
/**
@ -103,55 +104,16 @@ class Authentication extends BaseObject
$a->timezone = $a->user['timezone'];
}
$master_record = $a->user;
$masterUid = $user_record['uid'];
if ((x($_SESSION, 'submanage')) && intval($_SESSION['submanage'])) {
$user = DBA::selectFirst('user', [], ['uid' => $_SESSION['submanage']]);
$user = DBA::selectFirst('user', ['uid'], ['uid' => $_SESSION['submanage']]);
if (DBA::isResult($user)) {
$master_record = $user;
$masterUid = $user['uid'];
}
}
if ($master_record['parent-uid'] == 0) {
// First add our own entry
$a->identities = [['uid' => $master_record['uid'],
'username' => $master_record['username'],
'nickname' => $master_record['nickname']]];
// Then add all the children
$r = DBA::select('user', ['uid', 'username', 'nickname'],
['parent-uid' => $master_record['uid'], 'account_removed' => false]);
if (DBA::isResult($r)) {
$a->identities = array_merge($a->identities, DBA::toArray($r));
}
} else {
// Just ensure that the array is always defined
$a->identities = [];
// First entry is our parent
$r = DBA::select('user', ['uid', 'username', 'nickname'],
['uid' => $master_record['parent-uid'], 'account_removed' => false]);
if (DBA::isResult($r)) {
$a->identities = DBA::toArray($r);
}
// Then add all siblings
$r = DBA::select('user', ['uid', 'username', 'nickname'],
['parent-uid' => $master_record['parent-uid'], 'account_removed' => false]);
if (DBA::isResult($r)) {
$a->identities = array_merge($a->identities, DBA::toArray($r));
}
}
$r = DBA::p("SELECT `user`.`uid`, `user`.`username`, `user`.`nickname`
FROM `manage`
INNER JOIN `user` ON `manage`.`mid` = `user`.`uid`
WHERE `user`.`account_removed` = 0 AND `manage`.`uid` = ?",
$master_record['uid']
);
if (DBA::isResult($r)) {
$a->identities = array_merge($a->identities, DBA::toArray($r));
}
$a->identities = User::identities($masterUid);
if ($login_initial) {
Logger::log('auth_identities: ' . print_r($a->identities, true), Logger::DEBUG);
@ -174,7 +136,7 @@ class Authentication extends BaseObject
// Set the login date for all identities of the user
DBA::update('user', ['login_date' => DateTimeFormat::utcNow()],
['parent-uid' => $master_record['uid'], 'account_removed' => false]);
['parent-uid' => $masterUid, 'account_removed' => false]);
}
if ($login_initial) {

3
src/Core/Console/ArchiveContact.php
View file

@ -5,6 +5,7 @@ namespace Friendica\Core\Console;
use Friendica\App;
use Friendica\Core\L10n;
use Friendica\Database\DBA;
use Friendica\Util\Strings;
use RuntimeException;
/**
@ -60,7 +61,7 @@ HELP;
throw new RuntimeException('Friendica isn\'t properly installed yet.');
}
$nurl = normalise_link($this->getArgument(0));
$nurl = Strings::normaliseLink($this->getArgument(0));
if (!DBA::exists('contact', ['nurl' => $nurl, 'archive' => false])) {
throw new RuntimeException(L10n::t('Could not find any unarchived contact entry for this URL (%s)', $nurl));
}

3
src/Core/Console/GlobalCommunitySilence.php
View file

@ -5,6 +5,7 @@ namespace Friendica\Core\Console;
use Friendica\Core\Protocol;
use Friendica\Database\DBA;
use Friendica\Network\Probe;
use Friendica\Util\Strings;
use RuntimeException;
require_once 'include/text.php';
@ -79,7 +80,7 @@ HELP;
throw new RuntimeException('This account seems not to exist.');
}
$nurl = normalise_link($net['url']);
$nurl = Strings::normaliseLink($net['url']);
$contact = DBA::selectFirst("contact", ["id"], ["nurl" => $nurl, "uid" => 0]);
if (DBA::isResult($contact)) {
DBA::update("contact", ["hidden" => true], ["id" => $contact["id"]]);

5
src/Core/Installer.php
View file

@ -11,6 +11,7 @@ use Friendica\Database\DBA;
use Friendica\Database\DBStructure;
use Friendica\Object\Image;
use Friendica\Util\Network;
use Friendica\Util\Strings;
/**
* Contains methods for installation purpose of Friendica
@ -264,7 +265,7 @@ class Installer
}
if ($passed2) {
$str = autoname(8);
$str = Strings::getRandomName(8);
$cmd = "$phppath util/testargs.php $str";
$result = trim(shell_exec($cmd));
$passed3 = $result == $str;
@ -510,7 +511,7 @@ class Installer
if (function_exists('curl_init')) {
$fetchResult = Network::fetchUrlFull($baseurl . "/install/testrewrite");
$url = normalise_link($baseurl . "/install/testrewrite");
$url = Strings::normaliseLink($baseurl . "/install/testrewrite");
if ($fetchResult->getReturnCode() != 204) {
$fetchResult = Network::fetchUrlFull($url);
}

5
src/Core/Update.php
View file

@ -4,6 +4,7 @@ namespace Friendica\Core;
use Friendica\Database\DBA;
use Friendica\Database\DBStructure;
use Friendica\Util\Strings;
class Update
{
@ -209,7 +210,7 @@ class Update
$lang = (($admin['language'])?$admin['language']:'en');
L10n::pushLang($lang);
$preamble = deindent(L10n::t("
$preamble = Strings::deindent(L10n::t("
The friendica developers released update %s recently,
but when I tried to install it, something went terribly wrong.
This needs to be fixed soon and I can't do it alone. Please contact a
@ -244,7 +245,7 @@ class Update
$lang = (($admin['language']) ? $admin['language'] : 'en');
L10n::pushLang($lang);
$preamble = deindent(L10n::t("
$preamble = Strings::deindent(L10n::t("
The friendica database was successfully updated from %s to %s.",
$from_build, $to_build));

5
src/Core/UserImport.php
View file

@ -10,6 +10,7 @@ use Friendica\Core\Protocol;
use Friendica\Database\DBA;
use Friendica\Model\Photo;
use Friendica\Object\Image;
use Friendica\Util\Strings;
require_once "include/dba.php";
@ -119,8 +120,8 @@ class UserImport
$oldbaseurl = $account['baseurl'];
$newbaseurl = System::baseUrl();
$oldaddr = str_replace('http://', '@', normalise_link($oldbaseurl));
$newaddr = str_replace('http://', '@', normalise_link($newbaseurl));
$oldaddr = str_replace('http://', '@', Strings::normaliseLink($oldbaseurl));
$newaddr = str_replace('http://', '@', Strings::normaliseLink($newbaseurl));
if (!empty($account['profile']['addr'])) {
$old_handle = $account['profile']['addr'];

9
src/Model/APContact.php
View file

@ -7,13 +7,14 @@
namespace Friendica\Model;
use Friendica\BaseObject;
use Friendica\Content\Text\HTML;
use Friendica\Core\Logger;
use Friendica\Database\DBA;
use Friendica\Protocol\ActivityPub;
use Friendica\Util\Network;
use Friendica\Util\JsonLD;
use Friendica\Util\DateTimeFormat;
use Friendica\Content\Text\HTML;
use Friendica\Util\Strings;
require_once 'boot.php';
@ -186,16 +187,16 @@ class APContact extends BaseObject
// Update some data in the contact table with various ways to catch them all
$contact_fields = ['name' => $apcontact['name'], 'about' => $apcontact['about']];
DBA::update('contact', $contact_fields, ['nurl' => normalise_link($url)]);
DBA::update('contact', $contact_fields, ['nurl' => Strings::normaliseLink($url)]);
$contacts = DBA::select('contact', ['uid', 'id'], ['nurl' => normalise_link($url)]);
$contacts = DBA::select('contact', ['uid', 'id'], ['nurl' => Strings::normaliseLink($url)]);
while ($contact = DBA::fetch($contacts)) {
Contact::updateAvatar($apcontact['photo'], $contact['uid'], $contact['id']);
}
DBA::close($contacts);
// Update the gcontact table
DBA::update('gcontact', $contact_fields, ['nurl' => normalise_link($url)]);
DBA::update('gcontact', $contact_fields, ['nurl' => Strings::normaliseLink($url)]);
Logger::log('Updated profile for ' . $url, Logger::DEBUG);

59
src/Model/Contact.php
View file

@ -25,6 +25,7 @@ use Friendica\Protocol\PortableContact;
use Friendica\Protocol\Salmon;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Network;
use Friendica\Util\Strings;
require_once 'boot.php';
require_once 'include/dba.php';
@ -392,7 +393,7 @@ class Contact extends BaseObject
'blocked' => 0,
'pending' => 0,
'url' => System::baseUrl() . '/profile/' . $user['nickname'],
'nurl' => normalise_link(System::baseUrl() . '/profile/' . $user['nickname']),
'nurl' => Strings::normaliseLink(System::baseUrl() . '/profile/' . $user['nickname']),
'addr' => $user['nickname'] . '@' . substr(System::baseUrl(), strpos(System::baseUrl(), '://') + 3),
'request' => System::baseUrl() . '/dfrn_request/' . $user['nickname'],
'notify' => System::baseUrl() . '/dfrn_notify/' . $user['nickname'],
@ -477,7 +478,7 @@ class Contact extends BaseObject
// it seems as if ported accounts can have wrong values, so we make sure that now everything is fine.
$fields['url'] = System::baseUrl() . '/profile/' . $user['nickname'];
$fields['nurl'] = normalise_link($fields['url']);
$fields['nurl'] = Strings::normaliseLink($fields['url']);
$fields['addr'] = $user['nickname'] . '@' . substr(System::baseUrl(), strpos(System::baseUrl(), '://') + 3);
$fields['request'] = System::baseUrl() . '/dfrn_request/' . $user['nickname'];
$fields['notify'] = System::baseUrl() . '/dfrn_notify/' . $user['nickname'];
@ -597,7 +598,7 @@ class Contact extends BaseObject
if ($contact['term-date'] <= DBA::NULL_DATETIME) {
DBA::update('contact', ['term-date' => DateTimeFormat::utcNow()], ['id' => $contact['id']]);
DBA::update('contact', ['term-date' => DateTimeFormat::utcNow()], ['`nurl` = ? AND `term-date` <= ? AND NOT `self`', normalise_link($contact['url']), DBA::NULL_DATETIME]);
DBA::update('contact', ['term-date' => DateTimeFormat::utcNow()], ['`nurl` = ? AND `term-date` <= ? AND NOT `self`', Strings::normaliseLink($contact['url']), DBA::NULL_DATETIME]);
} else {
/* @todo
* We really should send a notification to the owner after 2-3 weeks
@ -615,7 +616,7 @@ class Contact extends BaseObject
* the whole process over again.
*/
DBA::update('contact', ['archive' => 1], ['id' => $contact['id']]);
DBA::update('contact', ['archive' => 1], ['nurl' => normalise_link($contact['url']), 'self' => false]);
DBA::update('contact', ['archive' => 1], ['nurl' => Strings::normaliseLink($contact['url']), 'self' => false]);
}
}
}
@ -649,7 +650,7 @@ class Contact extends BaseObject
// It's a miracle. Our dead contact has inexplicably come back to life.
$fields = ['term-date' => DBA::NULL_DATETIME, 'archive' => false];
DBA::update('contact', $fields, ['id' => $contact['id']]);
DBA::update('contact', $fields, ['nurl' => normalise_link($contact['url'])]);
DBA::update('contact', $fields, ['nurl' => Strings::normaliseLink($contact['url'])]);
if (!empty($contact['batch'])) {
$condition = ['batch' => $contact['batch'], 'contact-type' => self::ACCOUNT_TYPE_RELAY];
@ -690,14 +691,14 @@ class Contact extends BaseObject
// Fetch contact data from the contact table for the given user
$s = DBA::p("SELECT `id`, `id` AS `cid`, 0 AS `gid`, 0 AS `zid`, `uid`, `url`, `nurl`, `alias`, `network`, `name`, `nick`, `addr`, `location`, `about`, `xmpp`,
`keywords`, `gender`, `photo`, `thumb`, `micro`, `forum`, `prv`, (`forum` | `prv`) AS `community`, `contact-type`, `bd` AS `birthday`, `self`
FROM `contact` WHERE `nurl` = ? AND `uid` = ?", normalise_link($url), $uid);
FROM `contact` WHERE `nurl` = ? AND `uid` = ?", Strings::normaliseLink($url), $uid);
$r = DBA::toArray($s);
// Fetch contact data from the contact table for the given user, checking with the alias
if (!DBA::isResult($r)) {
$s = DBA::p("SELECT `id`, `id` AS `cid`, 0 AS `gid`, 0 AS `zid`, `uid`, `url`, `nurl`, `alias`, `network`, `name`, `nick`, `addr`, `location`, `about`, `xmpp`,
`keywords`, `gender`, `photo`, `thumb`, `micro`, `forum`, `prv`, (`forum` | `prv`) AS `community`, `contact-type`, `bd` AS `birthday`, `self`
FROM `contact` WHERE `alias` IN (?, ?, ?) AND `uid` = ?", normalise_link($url), $url, $ssl_url, $uid);
FROM `contact` WHERE `alias` IN (?, ?, ?) AND `uid` = ?", Strings::normaliseLink($url), $url, $ssl_url, $uid);
$r = DBA::toArray($s);
}
@ -705,7 +706,7 @@ class Contact extends BaseObject
if (!DBA::isResult($r)) {
$s = DBA::p("SELECT `id`, 0 AS `cid`, `id` AS `zid`, 0 AS `gid`, `uid`, `url`, `nurl`, `alias`, `network`, `name`, `nick`, `addr`, `location`, `about`, `xmpp`,
`keywords`, `gender`, `photo`, `thumb`, `micro`, `forum`, `prv`, (`forum` | `prv`) AS `community`, `contact-type`, `bd` AS `birthday`, 0 AS `self`
FROM `contact` WHERE `nurl` = ? AND `uid` = 0", normalise_link($url));
FROM `contact` WHERE `nurl` = ? AND `uid` = 0", Strings::normaliseLink($url));
$r = DBA::toArray($s);
}
@ -713,7 +714,7 @@ class Contact extends BaseObject
if (!DBA::isResult($r)) {
$s = DBA::p("SELECT `id`, 0 AS `cid`, `id` AS `zid`, 0 AS `gid`, `uid`, `url`, `nurl`, `alias`, `network`, `name`, `nick`, `addr`, `location`, `about`, `xmpp`,
`keywords`, `gender`, `photo`, `thumb`, `micro`, `forum`, `prv`, (`forum` | `prv`) AS `community`, `contact-type`, `bd` AS `birthday`, 0 AS `self`
FROM `contact` WHERE `alias` IN (?, ?, ?) AND `uid` = 0", normalise_link($url), $url, $ssl_url);
FROM `contact` WHERE `alias` IN (?, ?, ?) AND `uid` = 0", Strings::normaliseLink($url), $url, $ssl_url);
$r = DBA::toArray($s);
}
@ -721,7 +722,7 @@ class Contact extends BaseObject
if (!DBA::isResult($r)) {
$s = DBA::p("SELECT 0 AS `id`, 0 AS `cid`, `id` AS `gid`, 0 AS `zid`, 0 AS `uid`, `url`, `nurl`, `alias`, `network`, `name`, `nick`, `addr`, `location`, `about`, '' AS `xmpp`,
`keywords`, `gender`, `photo`, `photo` AS `thumb`, `photo` AS `micro`, 0 AS `forum`, 0 AS `prv`, `community`, `contact-type`, `birthday`, 0 AS `self`
FROM `gcontact` WHERE `nurl` = ?", normalise_link($url));
FROM `gcontact` WHERE `nurl` = ?", Strings::normaliseLink($url));
$r = DBA::toArray($s);
}
@ -1038,7 +1039,7 @@ class Contact extends BaseObject
/// @todo Verify if we can't use Contact::getDetailsByUrl instead of the following
// We first try the nurl (http://server.tld/nick), most common case
$contact = DBA::selectFirst('contact', ['id', 'avatar', 'avatar-date'], ['nurl' => normalise_link($url), 'uid' => $uid, 'deleted' => false]);
$contact = DBA::selectFirst('contact', ['id', 'avatar', 'avatar-date'], ['nurl' => Strings::normaliseLink($url), 'uid' => $uid, 'deleted' => false]);
// Then the addr (nick@server.tld)
if (!DBA::isResult($contact)) {
@ -1049,7 +1050,7 @@ class Contact extends BaseObject
if (!DBA::isResult($contact)) {
// The link could be provided as http although we stored it as https
$ssl_url = str_replace('http://', 'https://', $url);
$condition = ['`alias` IN (?, ?, ?) AND `uid` = ? AND NOT `deleted`', $url, normalise_link($url), $ssl_url, $uid];
$condition = ['`alias` IN (?, ?, ?) AND `uid` = ? AND NOT `deleted`', $url, Strings::normaliseLink($url), $ssl_url, $uid];
$contact = DBA::selectFirst('contact', ['id', 'avatar', 'avatar-date'], $condition);
}
@ -1076,7 +1077,7 @@ class Contact extends BaseObject
$fields = ['url', 'addr', 'alias', 'notify', 'poll', 'name', 'nick',
'photo', 'keywords', 'location', 'about', 'network',
'priority', 'batch', 'request', 'confirm', 'poco'];
$data = DBA::selectFirst('contact', $fields, ['nurl' => normalise_link($url)]);
$data = DBA::selectFirst('contact', $fields, ['nurl' => Strings::normaliseLink($url)]);
if (DBA::isResult($data)) {
// For security reasons we don't fetch key data from our users
@ -1103,9 +1104,9 @@ class Contact extends BaseObject
// Get data from the gcontact table
$fields = ['name', 'nick', 'url', 'photo', 'addr', 'alias', 'network'];
$contact = DBA::selectFirst('gcontact', $fields, ['nurl' => normalise_link($url)]);
$contact = DBA::selectFirst('gcontact', $fields, ['nurl' => Strings::normaliseLink($url)]);
if (!DBA::isResult($contact)) {
$contact = DBA::selectFirst('contact', $fields, ['nurl' => normalise_link($url)]);
$contact = DBA::selectFirst('contact', $fields, ['nurl' => Strings::normaliseLink($url)]);
}
if (!DBA::isResult($contact)) {
@ -1118,14 +1119,14 @@ class Contact extends BaseObject
if (!DBA::isResult($contact)) {
// The link could be provided as http although we stored it as https
$ssl_url = str_replace('http://', 'https://', $url);
$condition = ['alias' => [$url, normalise_link($url), $ssl_url]];
$condition = ['alias' => [$url, Strings::normaliseLink($url), $ssl_url]];
$contact = DBA::selectFirst('contact', $fields, $condition);
}
if (!DBA::isResult($contact)) {
$fields = ['url', 'addr', 'alias', 'notify', 'poll', 'name', 'nick',
'photo', 'network', 'priority', 'batch', 'request', 'confirm'];
$condition = ['url' => [$url, normalise_link($url), $ssl_url]];
$condition = ['url' => [$url, Strings::normaliseLink($url), $ssl_url]];
$contact = DBA::selectFirst('fcontact', $fields, $condition);
}
@ -1150,7 +1151,7 @@ class Contact extends BaseObject
'uid' => $uid,
'created' => DateTimeFormat::utcNow(),
'url' => $data["url"],
'nurl' => normalise_link($data["url"]),
'nurl' => Strings::normaliseLink($data["url"]),
'addr' => $data["addr"],
'alias' => $data["alias"],
'notify' => $data["notify"],
@ -1178,7 +1179,7 @@ class Contact extends BaseObject
'pending' => 0]
);
$s = DBA::select('contact', ['id'], ['nurl' => normalise_link($data["url"]), 'uid' => $uid], ['order' => ['id'], 'limit' => 2]);
$s = DBA::select('contact', ['id'], ['nurl' => Strings::normaliseLink($data["url"]), 'uid' => $uid], ['order' => ['id'], 'limit' => 2]);
$contacts = DBA::toArray($s);
if (!DBA::isResult($contacts)) {
return 0;
@ -1187,7 +1188,7 @@ class Contact extends BaseObject
$contact_id = $contacts[0]["id"];
// Update the newly created contact from data in the gcontact table
$gcontact = DBA::selectFirst('gcontact', ['location', 'about', 'keywords', 'gender'], ['nurl' => normalise_link($data["url"])]);
$gcontact = DBA::selectFirst('gcontact', ['location', 'about', 'keywords', 'gender'], ['nurl' => Strings::normaliseLink($data["url"])]);
if (DBA::isResult($gcontact)) {
// Only use the information when the probing hadn't fetched these values
if ($data['keywords'] != '') {
@ -1204,7 +1205,7 @@ class Contact extends BaseObject
if (count($contacts) > 1 && $uid == 0 && $contact_id != 0 && $data["url"] != "") {
DBA::delete('contact', ["`nurl` = ? AND `uid` = 0 AND `id` != ? AND NOT `self`",
normalise_link($data["url"]), $contact_id]);
Strings::normaliseLink($data["url"]), $contact_id]);
}
}
@ -1221,7 +1222,7 @@ class Contact extends BaseObject
$updated = ['addr' => $data['addr'],
'alias' => $data['alias'],
'url' => $data['url'],
'nurl' => normalise_link($data['url']),
'nurl' => Strings::normaliseLink($data['url']),
'name' => $data['name'],
'nick' => $data['nick']];
@ -1543,7 +1544,7 @@ class Contact extends BaseObject
DBA::update(
'contact', [
'url' => $ret['url'],
'nurl' => normalise_link($ret['url']),
'nurl' => Strings::normaliseLink($ret['url']),
'network' => $ret['network'],
'addr' => $ret['addr'],
'alias' => $ret['alias'],
@ -1627,10 +1628,10 @@ class Contact extends BaseObject
// the poll url is more reliable than the profile url, as we may have
// indirect links or webfinger links
$condition = ['uid' => $uid, 'poll' => [$ret['poll'], normalise_link($ret['poll'])], 'network' => $ret['network'], 'pending' => false];
$condition = ['uid' => $uid, 'poll' => [$ret['poll'], Strings::normaliseLink($ret['poll'])], 'network' => $ret['network'], 'pending' => false];
$contact = DBA::selectFirst('contact', ['id', 'rel'], $condition);
if (!DBA::isResult($contact)) {
$condition = ['uid' => $uid, 'nurl' => normalise_link($url), 'network' => $ret['network'], 'pending' => false];
$condition = ['uid' => $uid, 'nurl' => Strings::normaliseLink($url), 'network' => $ret['network'], 'pending' => false];
$contact = DBA::selectFirst('contact', ['id', 'rel'], $condition);
}
@ -1710,7 +1711,7 @@ class Contact extends BaseObject
'uid' => $uid,
'created' => DateTimeFormat::utcNow(),
'url' => $ret['url'],
'nurl' => normalise_link($ret['url']),
'nurl' => Strings::normaliseLink($ret['url']),
'addr' => $ret['addr'],
'alias' => $ret['alias'],
'batch' => $ret['batch'],
@ -1855,7 +1856,7 @@ class Contact extends BaseObject
// send email notification to owner?
} else {
if (DBA::exists('contact', ['nurl' => normalise_link($url), 'uid' => $importer['uid'], 'pending' => true])) {
if (DBA::exists('contact', ['nurl' => Strings::normaliseLink($url), 'uid' => $importer['uid'], 'pending' => true])) {
Logger::log('ignoring duplicated connection request from pending contact ' . $url);
return;
}
@ -1866,7 +1867,7 @@ class Contact extends BaseObject
intval($importer['uid']),
DBA::escape(DateTimeFormat::utcNow()),
DBA::escape($url),
DBA::escape(normalise_link($url)),
DBA::escape(Strings::normaliseLink($url)),
DBA::escape($name),
DBA::escape($nick),
DBA::escape($photo),
@ -1889,7 +1890,7 @@ class Contact extends BaseObject
$user = DBA::selectFirst('user', $fields, ['uid' => $importer['uid']]);
if (DBA::isResult($user) && !in_array($user['page-flags'], [self::PAGE_SOAPBOX, self::PAGE_FREELOVE, self::PAGE_COMMUNITY])) {
// create notification
$hash = random_string();
$hash = Strings::getRandomHex();
if (is_array($contact_record)) {
DBA::insert('intro', ['uid' => $importer['uid'], 'contact-id' => $contact_record['id'],

27
src/Model/GContact.php
View file

@ -17,6 +17,7 @@ use Friendica\Network\Probe;
use Friendica\Protocol\PortableContact;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Network;
use Friendica\Util\Strings;
require_once 'include/dba.php';
@ -146,13 +147,13 @@ class GContact
$alternate = PortableContact::alternateOStatusUrl($gcontact['url']);
// The global contacts should contain the original picture, not the cached one
if (($gcontact['generation'] != 1) && stristr(normalise_link($gcontact['photo']), normalise_link(System::baseUrl()."/photo/"))) {
if (($gcontact['generation'] != 1) && stristr(Strings::normaliseLink($gcontact['photo']), Strings::normaliseLink(System::baseUrl()."/photo/"))) {
$gcontact['photo'] = "";
}
if (!isset($gcontact['network'])) {
$condition = ["`uid` = 0 AND `nurl` = ? AND `network` != '' AND `network` != ?",
normalise_link($gcontact['url']), Protocol::STATUSNET];
Strings::normaliseLink($gcontact['url']), Protocol::STATUSNET];
$contact = DBA::selectFirst('contact', ['network'], $condition);
if (DBA::isResult($contact)) {
$gcontact['network'] = $contact["network"];
@ -160,7 +161,7 @@ class GContact
if (($gcontact['network'] == "") || ($gcontact['network'] == Protocol::OSTATUS)) {
$condition = ["`uid` = 0 AND `alias` IN (?, ?) AND `network` != '' AND `network` != ?",
$gcontact['url'], normalise_link($gcontact['url']), Protocol::STATUSNET];
$gcontact['url'], Strings::normaliseLink($gcontact['url']), Protocol::STATUSNET];
$contact = DBA::selectFirst('contact', ['network'], $condition);
if (DBA::isResult($contact)) {
$gcontact['network'] = $contact["network"];
@ -172,7 +173,7 @@ class GContact
$gcontact['network'] = '';
$fields = ['network', 'updated', 'server_url', 'url', 'addr'];
$gcnt = DBA::selectFirst('gcontact', $fields, ['nurl' => normalise_link($gcontact['url'])]);
$gcnt = DBA::selectFirst('gcontact', $fields, ['nurl' => Strings::normaliseLink($gcontact['url'])]);
if (DBA::isResult($gcnt)) {
if (!isset($gcontact['network']) && ($gcnt["network"] != Protocol::STATUSNET)) {
$gcontact['network'] = $gcnt["network"];
@ -180,7 +181,7 @@ class GContact
if ($gcontact['updated'] <= DBA::NULL_DATETIME) {
$gcontact['updated'] = $gcnt["updated"];
}
if (!isset($gcontact['server_url']) && (normalise_link($gcnt["server_url"]) != normalise_link($gcnt["url"]))) {
if (!isset($gcontact['server_url']) && (Strings::normaliseLink($gcnt["server_url"]) != Strings::normaliseLink($gcnt["url"]))) {
$gcontact['server_url'] = $gcnt["server_url"];
}
if (!isset($gcontact['addr'])) {
@ -205,8 +206,8 @@ class GContact
if ($alternate && ($gcontact['network'] == Protocol::OSTATUS)) {
// Delete the old entry - if it exists
if (DBA::exists('gcontact', ['nurl' => normalise_link($orig_profile)])) {
DBA::delete('gcontact', ['nurl' => normalise_link($orig_profile)]);
if (DBA::exists('gcontact', ['nurl' => Strings::normaliseLink($orig_profile)])) {
DBA::delete('gcontact', ['nurl' => Strings::normaliseLink($orig_profile)]);
}
}
}
@ -658,7 +659,7 @@ class GContact
DBA::lock('gcontact');
$fields = ['id', 'last_contact', 'last_failure', 'network'];
$gcnt = DBA::selectFirst('gcontact', $fields, ['nurl' => normalise_link($contact["url"])]);
$gcnt = DBA::selectFirst('gcontact', $fields, ['nurl' => Strings::normaliseLink($contact["url"])]);
if (DBA::isResult($gcnt)) {
$gcontact_id = $gcnt["id"];
@ -683,7 +684,7 @@ class GContact
DBA::escape($contact["addr"]),
DBA::escape($contact["network"]),
DBA::escape($contact["url"]),
DBA::escape(normalise_link($contact["url"])),
DBA::escape(Strings::normaliseLink($contact["url"])),
DBA::escape($contact["photo"]),
DBA::escape(DateTimeFormat::utcNow()),
DBA::escape(DateTimeFormat::utcNow()),
@ -693,7 +694,7 @@ class GContact
intval($contact["generation"])
);
$condition = ['nurl' => normalise_link($contact["url"])];
$condition = ['nurl' => Strings::normaliseLink($contact["url"])];
$cnt = DBA::selectFirst('gcontact', ['id', 'network'], $condition, ['order' => ['id']]);
if (DBA::isResult($cnt)) {
$gcontact_id = $cnt["id"];
@ -793,7 +794,7 @@ class GContact
$contact["server_url"] = $data['baseurl'];
}
} else {
$contact["server_url"] = normalise_link($contact["server_url"]);
$contact["server_url"] = Strings::normaliseLink($contact["server_url"]);
}
if (($contact["addr"] == "") && ($contact["server_url"] != "") && ($contact["nick"] != "")) {
@ -822,7 +823,7 @@ class GContact
if ($update) {
Logger::log("Update gcontact for ".$contact["url"], Logger::DEBUG);
$condition = ['`nurl` = ? AND (`generation` = 0 OR `generation` >= ?)',
normalise_link($contact["url"]), $contact["generation"]];
Strings::normaliseLink($contact["url"]), $contact["generation"]];
$contact["updated"] = DateTimeFormat::utc($contact["updated"]);
$updated = ['photo' => $contact['photo'], 'name' => $contact['name'],
@ -842,7 +843,7 @@ class GContact
// This is used for the shadow copies of public items.
/// @todo Check if we really should do this.
// The quality of the gcontact table is mostly lower than the public contact
$public_contact = DBA::selectFirst('contact', ['id'], ['nurl' => normalise_link($contact["url"]), 'uid' => 0]);
$public_contact = DBA::selectFirst('contact', ['id'], ['nurl' => Strings::normaliseLink($contact["url"]), 'uid' => 0]);
if (DBA::isResult($public_contact)) {
Logger::log("Update public contact ".$public_contact["id"], Logger::DEBUG);

314
src/Model/Item.php
View file

@ -8,25 +8,32 @@ namespace Friendica\Model;
use Friendica\BaseObject;
use Friendica\Content\Text\BBCode;
use Friendica\Content\Text\HTML;
use Friendica\Core\Addon;
use Friendica\Core\Config;
use Friendica\Core\Lock;
use Friendica\Core\Logger;
use Friendica\Core\L10n;
use Friendica\Core\PConfig;
use Friendica\Core\Protocol;
use Friendica\Core\Renderer;
use Friendica\Core\System;
use Friendica\Core\Worker;
use Friendica\Database\DBA;
use Friendica\Model\Contact;
use Friendica\Model\Event;
use Friendica\Model\FileTag;
use Friendica\Model\PermissionSet;
use Friendica\Model\Term;
use Friendica\Model\ItemURI;
use Friendica\Object\Image;
use Friendica\Protocol\Diaspora;
use Friendica\Protocol\OStatus;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Map;
use Friendica\Util\XML;
use Friendica\Util\Security;
use Friendica\Util\Strings;
use Text_LanguageDetect;
require_once 'boot.php';
@ -1143,7 +1150,7 @@ class Item extends BaseObject
private static function guid($item, $notify)
{
if (!empty($item['guid'])) {
return notags(trim($item['guid']));
return Strings::escapeTags(trim($item['guid']));
}
if ($notify) {
@ -1258,7 +1265,7 @@ class Item extends BaseObject
}
$item['guid'] = self::guid($item, $notify);
$item['uri'] = notags(trim(defaults($item, 'uri', self::newURI($item['uid'], $item['guid']))));
$item['uri'] = Strings::escapeTags(trim(defaults($item, 'uri', self::newURI($item['uid'], $item['guid']))));
// Store URI data
$item['uri-id'] = ItemURI::insert(['uri' => $item['uri'], 'guid' => $item['guid']]);
@ -1528,7 +1535,7 @@ class Item extends BaseObject
Logger::log("Checking if parent ".$parent_id." has to be tagged as mention for user ".$item['uid'], Logger::DEBUG);
$user = DBA::selectFirst('user', ['nickname'], ['uid' => $item['uid']]);
if (DBA::isResult($user)) {
$self = normalise_link(System::baseUrl() . '/profile/' . $user['nickname']);
$self = Strings::normaliseLink(System::baseUrl() . '/profile/' . $user['nickname']);
$self_id = Contact::getIdForURL($self, 0, true);
Logger::log("'myself' is ".$self_id." for parent ".$parent_id." checking against ".$item['author-id']." and ".$item['owner-id'], Logger::DEBUG);
if (($item['author-id'] == $self_id) || ($item['owner-id'] == $self_id)) {
@ -1607,7 +1614,7 @@ class Item extends BaseObject
$item["deleted"] = $parent_deleted;
// Fill the cache field
put_item_in_cache($item);
self::putInCache($item);
if ($notify) {
$item['edit'] = false;
@ -2396,7 +2403,7 @@ class Item extends BaseObject
public static function setHashtags(&$item)
{
$tags = get_tags($item["body"]);
$tags = BBCode::getTags($item["body"]);
// No hashtags?
if (!count($tags)) {
@ -2538,18 +2545,18 @@ class Item extends BaseObject
return;
}
$link = normalise_link(System::baseUrl() . '/profile/' . $user['nickname']);
$link = Strings::normaliseLink(System::baseUrl() . '/profile/' . $user['nickname']);
/*
* Diaspora uses their own hardwired link URL in @-tags
* instead of the one we supply with webfinger
*/
$dlink = normalise_link(System::baseUrl() . '/u/' . $user['nickname']);
$dlink = Strings::normaliseLink(System::baseUrl() . '/u/' . $user['nickname']);
$cnt = preg_match_all('/[\@\!]\[url\=(.*?)\](.*?)\[\/url\]/ism', $item['body'], $matches, PREG_SET_ORDER);
if ($cnt) {
foreach ($matches as $mtch) {
if (link_compare($link, $mtch[1]) || link_compare($dlink, $mtch[1])) {
if (Strings::compareLink($link, $mtch[1]) || Strings::compareLink($dlink, $mtch[1])) {
$mention = true;
Logger::log('mention found: ' . $mtch[2]);
}
@ -3247,4 +3254,295 @@ class Item extends BaseObject
return $sql;
}
/**
* get translated item type
*
* @param array $itme
* @return string
*/
public static function postType($item)
{
if (!empty($item['event-id'])) {
return L10n::t('event');
} elseif (!empty($item['resource-id'])) {
return L10n::t('photo');
} elseif (!empty($item['verb']) && $item['verb'] !== ACTIVITY_POST) {
return L10n::t('activity');
} elseif ($item['id'] != $item['parent']) {
return L10n::t('comment');
}
return L10n::t('post');
}
/**
* Sets the "rendered-html" field of the provided item
*
* Body is preserved to avoid side-effects as we modify it just-in-time for spoilers and private image links
*
* @param array $item
* @param bool $update
*
* @todo Remove reference, simply return "rendered-html" and "rendered-hash"
*/
public static function putInCache(&$item, $update = false)
{
$body = $item["body"];
$rendered_hash = defaults($item, 'rendered-hash', '');
$rendered_html = defaults($item, 'rendered-html', '');
if ($rendered_hash == ''
|| $rendered_html == ""
|| $rendered_hash != hash("md5", $item["body"])
|| Config::get("system", "ignore_cache")
) {
$a = self::getApp();
redir_private_images($a, $item);
$item["rendered-html"] = prepare_text($item["body"]);
$item["rendered-hash"] = hash("md5", $item["body"]);
$hook_data = ['item' => $item, 'rendered-html' => $item['rendered-html'], 'rendered-hash' => $item['rendered-hash']];
Addon::callHooks('put_item_in_cache', $hook_data);
$item['rendered-html'] = $hook_data['rendered-html'];
$item['rendered-hash'] = $hook_data['rendered-hash'];
unset($hook_data);
// Force an update if the generated values differ from the existing ones
if ($rendered_hash != $item["rendered-hash"]) {
$update = true;
}
// Only compare the HTML when we forcefully ignore the cache
if (Config::get("system", "ignore_cache") && ($rendered_html != $item["rendered-html"])) {
$update = true;
}
if ($update && !empty($item["id"])) {
self::update(
[
'rendered-html' => $item["rendered-html"],
'rendered-hash' => $item["rendered-hash"]
],
['id' => $item["id"]]
);
}
}
$item["body"] = $body;
}
/**
* @brief Given an item array, convert the body element from bbcode to html and add smilie icons.
* If attach is true, also add icons for item attachments.
*
* @param array $item
* @param boolean $attach
* @param boolean $is_preview
* @return string item body html
* @hook prepare_body_init item array before any work
* @hook prepare_body_content_filter ('item'=>item array, 'filter_reasons'=>string array) before first bbcode to html
* @hook prepare_body ('item'=>item array, 'html'=>body string, 'is_preview'=>boolean, 'filter_reasons'=>string array) after first bbcode to html
* @hook prepare_body_final ('item'=>item array, 'html'=>body string) after attach icons and blockquote special case handling (spoiler, author)
*/
public static function prepareBody(array &$item, $attach = false, $is_preview = false)
{
$a = self::getApp();
Addon::callHooks('prepare_body_init', $item);
// In order to provide theme developers more possibilities, event items
// are treated differently.
if ($item['object-type'] === ACTIVITY_OBJ_EVENT && isset($item['event-id'])) {
$ev = Event::getItemHTML($item);
return $ev;
}
$tags = Term::populateTagsFromItem($item);
$item['tags'] = $tags['tags'];
$item['hashtags'] = $tags['hashtags'];
$item['mentions'] = $tags['mentions'];
// Compile eventual content filter reasons
$filter_reasons = [];
if (!$is_preview && public_contact() != $item['author-id']) {
if (!empty($item['content-warning']) && (!local_user() || !PConfig::get(local_user(), 'system', 'disable_cw', false))) {
$filter_reasons[] = L10n::t('Content warning: %s', $item['content-warning']);
}
$hook_data = [
'item' => $item,
'filter_reasons' => $filter_reasons
];
Addon::callHooks('prepare_body_content_filter', $hook_data);
$filter_reasons = $hook_data['filter_reasons'];
unset($hook_data);
}
// Update the cached values if there is no "zrl=..." on the links.
$update = (!local_user() && !remote_user() && ($item["uid"] == 0));
// Or update it if the current viewer is the intented viewer.
if (($item["uid"] == local_user()) && ($item["uid"] != 0)) {
$update = true;
}
self::putInCache($item, $update);
$s = $item["rendered-html"];
$hook_data = [
'item' => $item,
'html' => $s,
'preview' => $is_preview,
'filter_reasons' => $filter_reasons
];
Addon::callHooks('prepare_body', $hook_data);
$s = $hook_data['html'];
unset($hook_data);
if (!$attach) {
// Replace the blockquotes with quotes that are used in mails.
$mailquote = '<blockquote type="cite" class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">';
$s = str_replace(['<blockquote>', '<blockquote class="spoiler">', '<blockquote class="author">'], [$mailquote, $mailquote, $mailquote], $s);
return $s;
}
$as = '';
$vhead = false;
$matches = [];
preg_match_all('|\[attach\]href=\"(.*?)\" length=\"(.*?)\" type=\"(.*?)\"(?: title=\"(.*?)\")?|', $item['attach'], $matches, PREG_SET_ORDER);
foreach ($matches as $mtch) {
$mime = $mtch[3];
$the_url = Contact::magicLinkById($item['author-id'], $mtch[1]);
if (strpos($mime, 'video') !== false) {
if (!$vhead) {
$vhead = true;
$a->page['htmlhead'] .= Renderer::replaceMacros(Renderer::getMarkupTemplate('videos_head.tpl'), [
'$baseurl' => System::baseUrl(),
]);
}
$url_parts = explode('/', $the_url);
$id = end($url_parts);
$as .= Renderer::replaceMacros(Renderer::getMarkupTemplate('video_top.tpl'), [
'$video' => [
'id' => $id,
'title' => L10n::t('View Video'),
'src' => $the_url,
'mime' => $mime,
],
]);
}
$filetype = strtolower(substr($mime, 0, strpos($mime, '/')));
if ($filetype) {
$filesubtype = strtolower(substr($mime, strpos($mime, '/') + 1));
$filesubtype = str_replace('.', '-', $filesubtype);
} else {
$filetype = 'unkn';
$filesubtype = 'unkn';
}
$title = Strings::escapeHtml(trim(!empty($mtch[4]) ? $mtch[4] : $mtch[1]));
$title .= ' ' . $mtch[2] . ' ' . L10n::t('bytes');
$icon = '<div class="attachtype icon s22 type-' . $filetype . ' subtype-' . $filesubtype . '"></div>';
$as .= '<a href="' . strip_tags($the_url) . '" title="' . $title . '" class="attachlink" target="_blank" >' . $icon . '</a>';
}
if ($as != '') {
$s .= '<div class="body-attach">'.$as.'<div class="clear"></div></div>';
}
// Map.
if (strpos($s, '<div class="map">') !== false && x($item, 'coord')) {
$x = Map::byCoordinates(trim($item['coord']));
if ($x) {
$s = preg_replace('/\<div class\=\"map\"\>/', '$0' . $x, $s);
}
}
// Look for spoiler.
$spoilersearch = '<blockquote class="spoiler">';
// Remove line breaks before the spoiler.
while ((strpos($s, "\n" . $spoilersearch) !== false)) {
$s = str_replace("\n" . $spoilersearch, $spoilersearch, $s);
}
while ((strpos($s, "<br />" . $spoilersearch) !== false)) {
$s = str_replace("<br />" . $spoilersearch, $spoilersearch, $s);
}
while ((strpos($s, $spoilersearch) !== false)) {
$pos = strpos($s, $spoilersearch);
$rnd = Strings::getRandomHex(8);
$spoilerreplace = '<br /> <span id="spoiler-wrap-' . $rnd . '" class="spoiler-wrap fakelink" onclick="openClose(\'spoiler-' . $rnd . '\');">' . L10n::t('Click to open/close') . '</span>'.
'<blockquote class="spoiler" id="spoiler-' . $rnd . '" style="display: none;">';
$s = substr($s, 0, $pos) . $spoilerreplace . substr($s, $pos + strlen($spoilersearch));
}
// Look for quote with author.
$authorsearch = '<blockquote class="author">';
while ((strpos($s, $authorsearch) !== false)) {
$pos = strpos($s, $authorsearch);
$rnd = Strings::getRandomHex(8);
$authorreplace = '<br /> <span id="author-wrap-' . $rnd . '" class="author-wrap fakelink" onclick="openClose(\'author-' . $rnd . '\');">' . L10n::t('Click to open/close') . '</span>'.
'<blockquote class="author" id="author-' . $rnd . '" style="display: block;">';
$s = substr($s, 0, $pos) . $authorreplace . substr($s, $pos + strlen($authorsearch));
}
// Replace friendica image url size with theme preference.
if (!empty($a->theme_info['item_image_size'])) {
$ps = $a->theme_info['item_image_size'];
$s = preg_replace('|(<img[^>]+src="[^"]+/photo/[0-9a-f]+)-[0-9]|', "$1-" . $ps, $s);
}
$s = HTML::applyContentFilter($s, $filter_reasons);
$hook_data = ['item' => $item, 'html' => $s];
Addon::callHooks('prepare_body_final', $hook_data);
return $hook_data['html'];
}
/**
* get private link for item
* @param array $item
* @return boolean|array False if item has not plink, otherwise array('href'=>plink url, 'title'=>translated title)
*/
public static function getPlink($item)
{
$a = self::getApp();
if ($a->user['nickname'] != "") {
$ret = [
'href' => "display/" . $item['guid'],
'orig' => "display/" . $item['guid'],
'title' => L10n::t('View on separate page'),
'orig_title' => L10n::t('view on separate page'),
];
if (!empty($item['plink'])) {
$ret["href"] = $a->removeBaseURL($item['plink']);
$ret["title"] = L10n::t('link to source');
}
} elseif (!empty($item['plink']) && ($item['private'] != 1)) {
$ret = [
'href' => $item['plink'],
'orig' => $item['plink'],
'title' => L10n::t('link to source'),
];
} else {
$ret = [];
}
return $ret;
}
}

13
src/Model/Profile.php
View file

@ -25,6 +25,7 @@ use Friendica\Protocol\Diaspora;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Network;
use Friendica\Util\Proxy as ProxyUtils;
use Friendica\Util\Strings;
use Friendica\Util\Temporal;
require_once 'include/dba.php';
@ -296,7 +297,7 @@ class Profile
$profile['picdate'] = urlencode(defaults($profile, 'picdate', ''));
if (($profile['network'] != '') && ($profile['network'] != Protocol::DFRN)) {
$profile['network_name'] = format_network_name($profile['network'], $profile['url']);
$profile['network_name'] = Strings::formatNetworkName($profile['network'], $profile['url']);
} else {
$profile['network_name'] = '';
}
@ -326,9 +327,9 @@ class Profile
// Is the local user already connected to that user?
if ($connect && local_user()) {
if (isset($profile['url'])) {
$profile_url = normalise_link($profile['url']);
$profile_url = Strings::normaliseLink($profile['url']);
} else {
$profile_url = normalise_link(System::baseUrl() . '/profile/' . $profile['nickname']);
$profile_url = Strings::normaliseLink(System::baseUrl() . '/profile/' . $profile['nickname']);
}
if (DBA::exists('contact', ['pending' => false, 'uid' => local_user(), 'nurl' => $profile_url])) {
@ -370,7 +371,7 @@ class Profile
$r = q(
"SELECT `url` FROM `contact` WHERE `uid` = %d AND `nurl` = '%s' AND `rel` = %d",
intval($profile['uid']),
DBA::escape(normalise_link(self::getMyURL())),
DBA::escape(Strings::normaliseLink(self::getMyURL())),
intval(Contact::FRIEND)
);
}
@ -881,7 +882,7 @@ class Profile
$tab = false;
if (x($_GET, 'tab')) {
$tab = notags(trim($_GET['tab']));
$tab = Strings::escapeTags(trim($_GET['tab']));
}
$url = System::baseUrl() . '/profile/' . $nickname;
@ -1140,7 +1141,7 @@ class Profile
}
$achar = strpos($s, '?') ? '&' : '?';
$mine = self::getMyURL();
if ($mine && !link_compare($mine, $s)) {
if ($mine && !Strings::compareLink($mine, $s)) {
return $s . $achar . 'zrl=' . urlencode($mine);
}
return $s;

5
src/Model/Register.php
View file

@ -7,6 +7,7 @@ namespace Friendica\Model;
use Friendica\Database\DBA;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Strings;
/**
* Class interacting with the register database table
@ -77,7 +78,7 @@ class Register
*/
public static function createForInvitation()
{
$code = autoname(8) . srand(1000, 9999);
$code = Strings::getRandomName(8) . srand(1000, 9999);
$fields = [
'hash' => $code,
@ -100,7 +101,7 @@ class Register
*/
public static function createForApproval($uid, $language, $note = '')
{
$hash = random_string();
$hash = Strings::getRandomHex();
if (!User::exists($uid)) {
return false;

97
src/Model/User.php
View file

@ -20,6 +20,7 @@ use Friendica\Object\Image;
use Friendica\Util\Crypto;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Network;
use Friendica\Util\Strings;
use LightOpenID;
require_once 'boot.php';
@ -60,7 +61,7 @@ class User
*/
public static function getIdForURL($url)
{
$self = DBA::selectFirst('contact', ['uid'], ['nurl' => normalise_link($url), 'self' => true]);
$self = DBA::selectFirst('contact', ['uid'], ['nurl' => Strings::normaliseLink($url), 'self' => true]);
if (!DBA::isResult($self)) {
return false;
} else {
@ -269,7 +270,7 @@ class User
*/
public static function generateNewPassword()
{
return autoname(6) . mt_rand(100, 9999);
return Strings::getRandomName(6) . mt_rand(100, 9999);
}
/**
@ -401,18 +402,18 @@ class User
$using_invites = Config::get('system', 'invitation_only');
$num_invites = Config::get('system', 'number_invites');
$invite_id = !empty($data['invite_id']) ? notags(trim($data['invite_id'])) : '';
$username = !empty($data['username']) ? notags(trim($data['username'])) : '';
$nickname = !empty($data['nickname']) ? notags(trim($data['nickname'])) : '';
$email = !empty($data['email']) ? notags(trim($data['email'])) : '';
$openid_url = !empty($data['openid_url']) ? notags(trim($data['openid_url'])) : '';
$photo = !empty($data['photo']) ? notags(trim($data['photo'])) : '';
$invite_id = !empty($data['invite_id']) ? Strings::escapeTags(trim($data['invite_id'])) : '';
$username = !empty($data['username']) ? Strings::escapeTags(trim($data['username'])) : '';
$nickname = !empty($data['nickname']) ? Strings::escapeTags(trim($data['nickname'])) : '';
$email = !empty($data['email']) ? Strings::escapeTags(trim($data['email'])) : '';
$openid_url = !empty($data['openid_url']) ? Strings::escapeTags(trim($data['openid_url'])) : '';
$photo = !empty($data['photo']) ? Strings::escapeTags(trim($data['photo'])) : '';
$password = !empty($data['password']) ? trim($data['password']) : '';
$password1 = !empty($data['password1']) ? trim($data['password1']) : '';
$confirm = !empty($data['confirm']) ? trim($data['confirm']) : '';
$blocked = !empty($data['blocked']) ? intval($data['blocked']) : 0;
$verified = !empty($data['verified']) ? intval($data['verified']) : 0;
$language = !empty($data['language']) ? notags(trim($data['language'])) : 'en';
$language = !empty($data['language']) ? Strings::escapeTags(trim($data['language'])) : 'en';
$publish = !empty($data['profile_publish_reg']) && intval($data['profile_publish_reg']) ? 1 : 0;
$netpublish = strlen(Config::get('system', 'directory')) ? $publish : 0;
@ -498,7 +499,7 @@ class User
throw new Exception(L10n::t('Your email domain is not among those allowed on this site.'));
}
if (!valid_email($email) || !Network::isEmailDomainValid($email)) {
if (!filter_var($email, FILTER_VALIDATE_EMAIL) || !Network::isEmailDomainValid($email)) {
throw new Exception(L10n::t('Not a valid email address.'));
}
if (self::isNicknameBlocked($nickname)) {
@ -692,7 +693,7 @@ class User
*/
public static function sendRegisterPendingEmail($user, $sitename, $siteurl, $password)
{
$body = deindent(L10n::t('
$body = Strings::deindent(L10n::t('
Dear %1$s,
Thank you for registering at %2$s. Your account is pending for approval by the administrator.
@ -727,13 +728,13 @@ class User
*/
public static function sendRegisterOpenEmail($user, $sitename, $siteurl, $password)
{
$preamble = deindent(L10n::t('
$preamble = Strings::deindent(L10n::t('
Dear %1$s,
Thank you for registering at %2$s. Your account has been created.
',
$preamble, $user['username'], $sitename
));
$body = deindent(L10n::t('
$body = Strings::deindent(L10n::t('
The login details are as follows:
Site Location: %3$s
@ -813,4 +814,74 @@ class User
$a->internalRedirect();
}
}
/**
* Return all identities to a user
*
* @param int $uid The user id
* @return array All identities for this user
*
* Example for a return:
* [
* [
* 'uid' => 1,
* 'username' => 'maxmuster',
* 'nickname' => 'Max Mustermann'
* ],
* [
* 'uid' => 2,
* 'username' => 'johndoe',
* 'nickname' => 'John Doe'
* ]
* ]
*/
public static function identities($uid)
{
$identities = [];
$user = DBA::selectFirst('user', ['uid', 'nickname', 'username', 'parent-uid'], ['uid' => $uid]);
if (!DBA::isResult($user)) {
return $identities;
}
if ($user['parent-uid'] == 0) {
// First add our own entry
$identities = [['uid' => $user['uid'],
'username' => $user['username'],
'nickname' => $user['nickname']]];
// Then add all the children
$r = DBA::select('user', ['uid', 'username', 'nickname'],
['parent-uid' => $user['uid'], 'account_removed' => false]);
if (DBA::isResult($r)) {
$identities = array_merge($identities, DBA::toArray($r));
}
} else {
// First entry is our parent
$r = DBA::select('user', ['uid', 'username', 'nickname'],
['uid' => $user['parent-uid'], 'account_removed' => false]);
if (DBA::isResult($r)) {
$identities = DBA::toArray($r);
}
// Then add all siblings
$r = DBA::select('user', ['uid', 'username', 'nickname'],
['parent-uid' => $user['parent-uid'], 'account_removed' => false]);
if (DBA::isResult($r)) {
$identities = array_merge($identities, DBA::toArray($r));
}
}
$r = DBA::p("SELECT `user`.`uid`, `user`.`username`, `user`.`nickname`
FROM `manage`
INNER JOIN `user` ON `manage`.`mid` = `user`.`uid`
WHERE `user`.`account_removed` = 0 AND `manage`.`uid` = ?",
$user['uid']
);
if (DBA::isResult($r)) {
$identities = array_merge($identities, DBA::toArray($r));
}
return $identities;
}
}

17
src/Module/Contact.php
View file

@ -22,6 +22,7 @@ use Friendica\Module\Login;
use Friendica\Network\Probe;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Proxy as ProxyUtils;
use Friendica\Util\Strings;
/**
* Manages and show Contacts and their content
@ -77,7 +78,7 @@ class Contact extends BaseModule
$a->data['contact'] = $contact;
if (($contact['network'] != '') && ($contact['network'] != Protocol::DFRN)) {
$networkname = format_network_name($contact['network'], $contact['url']);
$networkname = Strings::formatNetworkName($contact['network'], $contact['url']);
} else {
$networkname = '';
}
@ -213,14 +214,14 @@ class Contact extends BaseModule
$fetch_further_information = intval(defaults($_POST, 'fetch_further_information', 0));
$ffi_keyword_blacklist = escape_tags(trim(defaults($_POST, 'ffi_keyword_blacklist', '')));
$ffi_keyword_blacklist = Strings::escapeHtml(trim(defaults($_POST, 'ffi_keyword_blacklist', '')));
$priority = intval(defaults($_POST, 'poll', 0));
if ($priority > 5 || $priority < 0) {
$priority = 0;
}
$info = escape_tags(trim($_POST['info']));
$info = Strings::escapeHtml(trim($_POST['info']));
$r = DBA::update('contact', [
'profile-id' => $profile_id,
@ -303,7 +304,7 @@ class Contact extends BaseModule
}
}
$fields['nurl'] = normalise_link($data['url']);
$fields['nurl'] = Strings::normaliseLink($data['url']);
if (!empty($data['priority'])) {
$fields['priority'] = intval($data['priority']);
@ -601,7 +602,7 @@ class Contact extends BaseModule
'$lbl_vis2' => L10n::t('Please choose the profile you would like to display to %s when viewing your profile securely.', $contact['name']),
'$lbl_info1' => $lbl_info1,
'$lbl_info2' => L10n::t('Their personal note'),
'$reason' => trim(notags($contact['reason'])),
'$reason' => trim(Strings::escapeTags($contact['reason'])),
'$infedit' => L10n::t('Edit contact notes'),
'$common_link' => 'common/loc/' . local_user() . '/' . $contact['id'],
'$relation_text' => $relation_text,
@ -694,8 +695,8 @@ class Contact extends BaseModule
$sql_extra .= sprintf(" AND `network` != '%s' ", Protocol::PHANTOM);
$search = notags(trim(defaults($_GET, 'search', '')));
$nets = notags(trim(defaults($_GET, 'nets' , '')));
$search = Strings::escapeTags(trim(defaults($_GET, 'search', '')));
$nets = Strings::escapeTags(trim(defaults($_GET, 'nets' , '')));
$tabs = [
[
@ -765,7 +766,7 @@ class Contact extends BaseModule
if ($search) {
$searching = true;
$search_hdr = $search;
$search_txt = DBA::escape(protect_sprintf(preg_quote($search)));
$search_txt = DBA::escape(Strings::protectSprintf(preg_quote($search)));
$sql_extra .= " AND (name REGEXP '$search_txt' OR url REGEXP '$search_txt' OR nick REGEXP '$search_txt') ";
}

3
src/Module/Hashtag.php
View file

@ -7,6 +7,7 @@ namespace Friendica\Module;
use Friendica\BaseModule;
use Friendica\Core\System;
use Friendica\Database\DBA;
use Friendica\Util\Strings;
require_once 'include/dba.php';
require_once 'include/text.php';
@ -21,7 +22,7 @@ class Hashtag extends BaseModule
{
$result = [];
$t = escape_tags($_REQUEST['t']);
$t = Strings::escapeHtml($_REQUEST['t']);
if (empty($t)) {
System::jsonExit($result);
}

47
src/Module/Install.php
View file

@ -9,6 +9,7 @@ use Friendica\Database\DBStructure;
use Friendica\Core;
use Friendica\Core\L10n;
use Friendica\Core\Renderer;
use Friendica\Util\Strings;
use Friendica\Util\Temporal;
class Install extends BaseModule
@ -70,10 +71,10 @@ class Install extends BaseModule
break;
case self::SITE_SETTINGS:
$dbhost = notags(trim(defaults($_POST, 'dbhost', Core\Installer::DEFAULT_HOST)));
$dbuser = notags(trim(defaults($_POST, 'dbuser', '')));
$dbpass = notags(trim(defaults($_POST, 'dbpass', '')));
$dbdata = notags(trim(defaults($_POST, 'dbdata', '')));
$dbhost = Strings::escapeTags(trim(defaults($_POST, 'dbhost', Core\Installer::DEFAULT_HOST)));
$dbuser = Strings::escapeTags(trim(defaults($_POST, 'dbuser', '')));
$dbpass = Strings::escapeTags(trim(defaults($_POST, 'dbpass', '')));
$dbdata = Strings::escapeTags(trim(defaults($_POST, 'dbdata', '')));
// If we cannot connect to the database, return to the previous step
if (!self::$installer->checkDB($dbhost, $dbuser, $dbpass, $dbdata)) {
@ -84,13 +85,13 @@ class Install extends BaseModule
case self::FINISHED:
$urlpath = $a->getURLPath();
$dbhost = notags(trim(defaults($_POST, 'dbhost', Core\Installer::DEFAULT_HOST)));
$dbuser = notags(trim(defaults($_POST, 'dbuser', '')));
$dbpass = notags(trim(defaults($_POST, 'dbpass', '')));
$dbdata = notags(trim(defaults($_POST, 'dbdata', '')));
$timezone = notags(trim(defaults($_POST, 'timezone', Core\Installer::DEFAULT_TZ)));
$language = notags(trim(defaults($_POST, 'language', Core\Installer::DEFAULT_LANG)));
$adminmail = notags(trim(defaults($_POST, 'adminmail', '')));
$dbhost = Strings::escapeTags(trim(defaults($_POST, 'dbhost', Core\Installer::DEFAULT_HOST)));
$dbuser = Strings::escapeTags(trim(defaults($_POST, 'dbuser', '')));
$dbpass = Strings::escapeTags(trim(defaults($_POST, 'dbpass', '')));
$dbdata = Strings::escapeTags(trim(defaults($_POST, 'dbdata', '')));
$timezone = Strings::escapeTags(trim(defaults($_POST, 'timezone', Core\Installer::DEFAULT_TZ)));
$language = Strings::escapeTags(trim(defaults($_POST, 'language', Core\Installer::DEFAULT_LANG)));
$adminmail = Strings::escapeTags(trim(defaults($_POST, 'adminmail', '')));
// If we cannot connect to the database, return to the Database config wizard
if (!self::$installer->checkDB($dbhost, $dbuser, $dbpass, $dbdata)) {
@ -139,12 +140,12 @@ class Install extends BaseModule
break;
case self::DATABASE_CONFIG:
$dbhost = notags(trim(defaults($_POST, 'dbhost' , Core\Installer::DEFAULT_HOST)));
$dbuser = notags(trim(defaults($_POST, 'dbuser' , '' )));
$dbpass = notags(trim(defaults($_POST, 'dbpass' , '' )));
$dbdata = notags(trim(defaults($_POST, 'dbdata' , '' )));
$phpath = notags(trim(defaults($_POST, 'phpath' , '' )));
$adminmail = notags(trim(defaults($_POST, 'adminmail', '' )));
$dbhost = Strings::escapeTags(trim(defaults($_POST, 'dbhost' , Core\Installer::DEFAULT_HOST)));
$dbuser = Strings::escapeTags(trim(defaults($_POST, 'dbuser' , '' )));
$dbpass = Strings::escapeTags(trim(defaults($_POST, 'dbpass' , '' )));
$dbdata = Strings::escapeTags(trim(defaults($_POST, 'dbdata' , '' )));
$phpath = Strings::escapeTags(trim(defaults($_POST, 'phpath' , '' )));
$adminmail = Strings::escapeTags(trim(defaults($_POST, 'adminmail', '' )));
$tpl = Renderer::getMarkupTemplate('install_db.tpl');
$output .= Renderer::replaceMacros($tpl, [
@ -190,13 +191,13 @@ class Install extends BaseModule
break;
case self::SITE_SETTINGS:
$dbhost = notags(trim(defaults($_POST, 'dbhost', Core\Installer::DEFAULT_HOST)));
$dbuser = notags(trim(defaults($_POST, 'dbuser', '' )));
$dbpass = notags(trim(defaults($_POST, 'dbpass', '' )));
$dbdata = notags(trim(defaults($_POST, 'dbdata', '' )));
$phpath = notags(trim(defaults($_POST, 'phpath', '' )));
$dbhost = Strings::escapeTags(trim(defaults($_POST, 'dbhost', Core\Installer::DEFAULT_HOST)));
$dbuser = Strings::escapeTags(trim(defaults($_POST, 'dbuser', '' )));
$dbpass = Strings::escapeTags(trim(defaults($_POST, 'dbpass', '' )));
$dbdata = Strings::escapeTags(trim(defaults($_POST, 'dbdata', '' )));
$phpath = Strings::escapeTags(trim(defaults($_POST, 'phpath', '' )));
$adminmail = notags(trim(defaults($_POST, 'adminmail', '')));
$adminmail = Strings::escapeTags(trim(defaults($_POST, 'adminmail', '')));
$timezone = defaults($_POST, 'timezone', Core\Installer::DEFAULT_TZ);
/* Installed langs */

3
src/Module/Login.php
View file

@ -17,6 +17,7 @@ use Friendica\Database\DBA;
use Friendica\Model\User;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Network;
use Friendica\Util\Strings;
use LightOpenID;
require_once 'boot.php';
@ -148,7 +149,7 @@ class Login extends BaseModule
);
}
} catch (Exception $e) {
Logger::log('authenticate: failed login attempt: ' . notags($username) . ' from IP ' . $_SERVER['REMOTE_ADDR']);
Logger::log('authenticate: failed login attempt: ' . Strings::escapeTags($username) . ' from IP ' . $_SERVER['REMOTE_ADDR']);
info('Login failed. Please check your credentials.' . EOL);
$a->internalRedirect();
}

7
src/Module/Magic.php
View file

@ -11,6 +11,7 @@ use Friendica\Database\DBA;
use Friendica\Model\Contact;
use Friendica\Util\HTTPSignature;
use Friendica\Util\Network;
use Friendica\Util\Strings;
/**
* Magic Auth (remote authentication) module.
@ -49,7 +50,7 @@ class Magic extends BaseModule
$contact = DBA::selectFirst('contact', ['id', 'nurl', 'url'], ['id' => $cid]);
// Redirect if the contact is already authenticated on this site.
if (!empty($a->contact) && array_key_exists('id', $a->contact) && strpos($contact['nurl'], normalise_link(self::getApp()->getBaseURL())) !== false) {
if (!empty($a->contact) && array_key_exists('id', $a->contact) && strpos($contact['nurl'], Strings::normaliseLink(self::getApp()->getBaseURL())) !== false) {
if ($test) {
$ret['success'] = true;
$ret['message'] .= 'Local site - you are already authenticated.' . EOL;
@ -74,7 +75,7 @@ class Magic extends BaseModule
$headers = [];
$headers['Accept'] = 'application/x-dfrn+json';
$headers['X-Open-Web-Auth'] = random_string();
$headers['X-Open-Web-Auth'] = Strings::getRandomHex();
// Create a header that is signed with the local users private key.
$headers = HTTPSignature::createSig(
@ -94,7 +95,7 @@ class Magic extends BaseModule
if ($j['encrypted_token']) {
// The token is encrypted. If the local user is really the one the other instance
// thinks he/she is, the token can be decrypted with the local users public key.
openssl_private_decrypt(base64url_decode($j['encrypted_token']), $token, $user['prvkey']);
openssl_private_decrypt(Strings::base64UrlDecode($j['encrypted_token']), $token, $user['prvkey']);
} else {
$token = $j['token'];
}

3
src/Module/Oembed.php
View file

@ -4,6 +4,7 @@ namespace Friendica\Module;
use Friendica\BaseModule;
use Friendica\Content;
use Friendica\Util\Strings;
/**
* Oembed module
@ -36,7 +37,7 @@ class Oembed extends BaseModule
if ($a->argc == 2) {
echo '<html><body>';
$url = base64url_decode($a->argv[1]);
$url = Strings::base64UrlDecode($a->argv[1]);
$j = Content\OEmbed::fetchURL($url);
// workaround for media.ccc.de (and any other endpoint that return size 0)

5
src/Module/Owa.php
View file

@ -11,6 +11,7 @@ use Friendica\Database\DBA;
use Friendica\Model\Contact;
use Friendica\Model\OpenWebAuthToken;
use Friendica\Util\HTTPSignature;
use Friendica\Util\Strings;
/**
* @brief OpenWebAuth verifier and token generator
@ -62,7 +63,7 @@ class Owa extends BaseModule
Logger::log('OWA success: ' . $contact['addr'], Logger::DATA);
$ret['success'] = true;
$token = random_string(32);
$token = Strings::getRandomHex(32);
// Store the generated token in the databe.
OpenWebAuthToken::create('owt', 0, $token, $contact['addr']);
@ -74,7 +75,7 @@ class Owa extends BaseModule
// At a later time, we will compare weather the token we're getting
// is really the same token we have stored in the database.
openssl_public_encrypt($token, $result, $contact['pubkey']);
$ret['encrypted_token'] = base64url_encode($result);
$ret['encrypted_token'] = Strings::base64UrlEncode($result);
} else {
Logger::log('OWA fail: ' . $contact['id'] . ' ' . $contact['addr'] . ' ' . $contact['url'], Logger::DEBUG);
}

27
src/Network/Probe.php
View file

@ -24,6 +24,7 @@ use Friendica\Protocol\ActivityPub;
use Friendica\Util\Crypto;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Network;
use Friendica\Util\Strings;
use Friendica\Util\XML;
use DomXPath;
@ -347,7 +348,7 @@ class Probe
}
if (x($data, "photo")) {
$data["baseurl"] = Network::getUrlMatch(normalise_link(defaults($data, "baseurl", "")), normalise_link($data["photo"]));
$data["baseurl"] = Network::getUrlMatch(Strings::normaliseLink(defaults($data, "baseurl", "")), Strings::normaliseLink($data["photo"]));
} else {
$data["photo"] = System::baseUrl().'/images/person-300.jpg';
}
@ -426,7 +427,7 @@ class Probe
$fields['updated'] = DateTimeFormat::utcNow();
$condition = ['nurl' => normalise_link($data["url"])];
$condition = ['nurl' => Strings::normaliseLink($data["url"])];
$old_fields = DBA::selectFirst('gcontact', $fieldnames, $condition);
@ -473,7 +474,7 @@ class Probe
}
}
$condition = ['nurl' => normalise_link($data["url"]), 'self' => false, 'uid' => 0];
$condition = ['nurl' => Strings::normaliseLink($data["url"]), 'self' => false, 'uid' => 0];
// "$old_fields" will return a "false" when the contact doesn't exist.
// This won't trigger an insert. This is intended, since we only need
@ -1009,7 +1010,7 @@ class Probe
foreach ($webfinger["aliases"] as $alias) {
if (empty($data["url"]) && !strstr($alias, "@")) {
$data["url"] = $alias;
} elseif (!strstr($alias, "@") && normalise_link($alias) != normalise_link($data["url"])) {
} elseif (!strstr($alias, "@") && Strings::normaliseLink($alias) != Strings::normaliseLink($data["url"])) {
$data["alias"] = $alias;
} elseif (substr($alias, 0, 5) == 'acct:') {
$data["addr"] = substr($alias, 5);
@ -1212,7 +1213,7 @@ class Probe
if (!empty($webfinger["aliases"]) && is_array($webfinger["aliases"])) {
foreach ($webfinger["aliases"] as $alias) {
if (normalise_link($alias) != normalise_link($data["url"]) && ! strstr($alias, "@")) {
if (Strings::normaliseLink($alias) != Strings::normaliseLink($data["url"]) && ! strstr($alias, "@")) {
$data["alias"] = $alias;
} elseif (substr($alias, 0, 5) == 'acct:') {
$data["addr"] = substr($alias, 5);
@ -1268,14 +1269,14 @@ class Probe
if (!empty($webfinger["aliases"]) && is_array($webfinger["aliases"])) {
foreach ($webfinger["aliases"] as $alias) {
if (strstr($alias, "@") && !strstr(normalise_link($alias), "http://")) {
if (strstr($alias, "@") && !strstr(Strings::normaliseLink($alias), "http://")) {
$data["addr"] = str_replace('acct:', '', $alias);
}
}
}
if (!empty($webfinger["subject"]) && strstr($webfinger["subject"], "@")
&& !strstr(normalise_link($webfinger["subject"]), "http://")
&& !strstr(Strings::normaliseLink($webfinger["subject"]), "http://")
) {
$data["addr"] = str_replace('acct:', '', $webfinger["subject"]);
}
@ -1301,7 +1302,7 @@ class Probe
} else {
$pubkey = substr($pubkey, 5);
}
} elseif (normalise_link($pubkey) == 'http://') {
} elseif (Strings::normaliseLink($pubkey) == 'http://') {
$curlResult = Network::curl($pubkey);
if ($curlResult->isTimeout()) {
return false;
@ -1312,8 +1313,8 @@ class Probe
$key = explode(".", $pubkey);
if (sizeof($key) >= 3) {
$m = base64url_decode($key[1]);
$e = base64url_decode($key[2]);
$m = Strings::base64UrlDecode($key[1]);
$e = Strings::base64UrlDecode($key[2]);
$data["pubkey"] = Crypto::meToPem($m, $e);
}
}
@ -1648,8 +1649,8 @@ class Probe
$data["nick"] = $data["name"];
$data["photo"] = Network::lookupAvatarByEmail($uri);
$data["url"] = 'mailto:'.$uri;
$data["notify"] = 'smtp '.random_string();
$data["poll"] = 'email '.random_string();
$data["notify"] = 'smtp ' . Strings::getRandomHex();
$data["poll"] = 'email ' . Strings::getRandomHex();
$x = Email::messageMeta($mbox, $msgs[0]);
if (stristr($x[0]->from, $uri)) {
@ -1673,7 +1674,7 @@ class Probe
}
}
$data["name"] = notags($data["name"]);
$data["name"] = Strings::escapeTags($data["name"]);
}
}
}

11
src/Object/Post.php
View file

@ -21,6 +21,7 @@ use Friendica\Model\Term;
use Friendica\Util\Crypto;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Proxy as ProxyUtils;
use Friendica\Util\Strings;
use Friendica\Util\Temporal;
require_once 'include/dba.php';
@ -156,7 +157,7 @@ class Post extends BaseObject
$shareable = in_array($conv->getProfileOwner(), [0, local_user()]) && $item['private'] != 1;
if (local_user() && link_compare($a->contact['url'], $item['author-link'])) {
if (local_user() && Strings::compareLink($a->contact['url'], $item['author-link'])) {
if ($item["event-id"] != 0) {
$edpost = ["events/event/" . $item['event-id'], L10n::t("Edit")];
} else {
@ -315,7 +316,7 @@ class Post extends BaseObject
localize_item($item);
$body = prepare_body($item, true);
$body = Item::prepareBody($item, true);
list($categories, $folders) = get_cats_and_terms($item);
@ -392,7 +393,7 @@ class Post extends BaseObject
'owner_url' => $this->getOwnerUrl(),
'owner_photo' => $a->removeBaseURL(ProxyUtils::proxifyUrl($item['owner-avatar'], false, ProxyUtils::SIZE_THUMB)),
'owner_name' => htmlentities($owner_name_e),
'plink' => get_plink($item),
'plink' => Item::getPlink($item),
'edpost' => Feature::isEnabled($conv->getProfileOwner(), 'edit_posts') ? $edpost : '',
'isstarred' => $isstarred,
'star' => Feature::isEnabled($conv->getProfileOwner(), 'star_posts') ? $star : '',
@ -854,8 +855,8 @@ class Post extends BaseObject
$this->owner_name = $a->page_contact['name'];
$this->wall_to_wall = true;
} elseif ($this->getDataValue('owner-link')) {
$owner_linkmatch = (($this->getDataValue('owner-link')) && link_compare($this->getDataValue('owner-link'), $this->getDataValue('author-link')));
$alias_linkmatch = (($this->getDataValue('alias')) && link_compare($this->getDataValue('alias'), $this->getDataValue('author-link')));
$owner_linkmatch = (($this->getDataValue('owner-link')) && Strings::compareLink($this->getDataValue('owner-link'), $this->getDataValue('author-link')));
$alias_linkmatch = (($this->getDataValue('alias')) && Strings::compareLink($this->getDataValue('alias'), $this->getDataValue('author-link')));
$owner_namematch = (($this->getDataValue('owner-name')) && $this->getDataValue('owner-name') == $this->getDataValue('author-name'));
if (!$owner_linkmatch && !$alias_linkmatch && !$owner_namematch) {

32
src/Protocol/ActivityPub/Processor.php
View file

@ -5,6 +5,8 @@
namespace Friendica\Protocol\ActivityPub;
use Friendica\Database\DBA;
use Friendica\Content\Text\HTML;
use Friendica\Core\Config;
use Friendica\Core\Logger;
use Friendica\Core\Protocol;
use Friendica\Model\Conversation;
@ -13,11 +15,10 @@ use Friendica\Model\APContact;
use Friendica\Model\Item;
use Friendica\Model\Event;
use Friendica\Model\User;
use Friendica\Content\Text\HTML;
use Friendica\Util\JsonLD;
use Friendica\Core\Config;
use Friendica\Protocol\ActivityPub;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\JsonLD;
use Friendica\Util\Strings;
/**
* ActivityPub Processor Protocol class
@ -39,6 +40,23 @@ class Processor
return $body;
}
/**
* Replaces emojis in the body
*
* @param array $emojis
* @param string $body
*
* @return string with replaced emojis
*/
public static function replaceEmojis($emojis, $body)
{
foreach ($emojis as $emoji) {
$replace = '[class=emoji mastodon][img=' . $emoji['href'] . ']' . $emoji['name'] . '[/img][/class]';
$body = str_replace($emoji['name'], $replace, $body);
}
return $body;
}
/**
* Constructs a string with tags for a given tag array
*
@ -115,7 +133,8 @@ class Processor
$item['edited'] = $activity['updated'];
$item['title'] = HTML::toBBCode($activity['name']);
$item['content-warning'] = HTML::toBBCode($activity['summary']);
$item['body'] = self::convertMentions(HTML::toBBCode($activity['content']));
$content = self::replaceEmojis($activity['emojis'], HTML::toBBCode($activity['content']));
$item['body'] = self::convertMentions($content);
$item['tag'] = self::constructTagList($activity['tags'], $activity['sensitive']);
Item::update($item, ['uri' => $activity['id']]);
@ -250,7 +269,8 @@ class Processor
$item['guid'] = $activity['diaspora:guid'];
$item['title'] = HTML::toBBCode($activity['name']);
$item['content-warning'] = HTML::toBBCode($activity['summary']);
$item['body'] = self::convertMentions(HTML::toBBCode($activity['content']));
$content = self::replaceEmojis($activity['emojis'], HTML::toBBCode($activity['content']));
$item['body'] = self::convertMentions($content);
if (($activity['object_type'] == 'as:Video') && !empty($activity['alternate-url'])) {
$item['body'] .= "\n[video]" . $activity['alternate-url'] . '[/video]';
@ -398,7 +418,7 @@ class Processor
return;
}
$contacts = DBA::select('contact', ['id'], ['nurl' => normalise_link($activity['object_id'])]);
$contacts = DBA::select('contact', ['id'], ['nurl' => Strings::normaliseLink($activity['object_id'])]);
while ($contact = DBA::fetch($contacts)) {
Contact::remove($contact['id']);
}

61
src/Protocol/ActivityPub/Receiver.php
View file

@ -5,18 +5,19 @@
namespace Friendica\Protocol\ActivityPub;
use Friendica\Database\DBA;
use Friendica\Util\HTTPSignature;
use Friendica\Core\Logger;
use Friendica\Core\Protocol;
use Friendica\Model\Contact;
use Friendica\Model\APContact;
use Friendica\Model\Conversation;
use Friendica\Model\Item;
use Friendica\Model\User;
use Friendica\Protocol\ActivityPub;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\HTTPSignature;
use Friendica\Util\JsonLD;
use Friendica\Util\LDSignature;
use Friendica\Protocol\ActivityPub;
use Friendica\Model\Conversation;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Strings;
/**
* @brief ActivityPub Receiver Protocol class
@ -455,7 +456,7 @@ class Receiver
if (($receiver == self::PUBLIC_COLLECTION) && !empty($actor)) {
// This will most likely catch all OStatus connections to Mastodon
$condition = ['alias' => [$actor, normalise_link($actor)], 'rel' => [Contact::SHARING, Contact::FRIEND]
$condition = ['alias' => [$actor, Strings::normaliseLink($actor)], 'rel' => [Contact::SHARING, Contact::FRIEND]
, 'archive' => false, 'pending' => false];
$contacts = DBA::select('contact', ['uid'], $condition);
while ($contact = DBA::fetch($contacts)) {
@ -472,7 +473,7 @@ class Receiver
}
// Fetching all directly addressed receivers
$condition = ['self' => true, 'nurl' => normalise_link($receiver)];
$condition = ['self' => true, 'nurl' => Strings::normaliseLink($receiver)];
$contact = DBA::selectFirst('contact', ['uid', 'contact-type'], $condition);
if (!DBA::isResult($contact)) {
continue;
@ -482,7 +483,7 @@ class Receiver
// Exception: The receiver is targetted via "to" or this is a comment
if ((($element != 'as:to') && empty($replyto)) || ($contact['contact-type'] == Contact::ACCOUNT_TYPE_COMMUNITY)) {
$networks = [Protocol::ACTIVITYPUB, Protocol::DFRN, Protocol::DIASPORA, Protocol::OSTATUS];
$condition = ['nurl' => normalise_link($actor), 'rel' => [Contact::SHARING, Contact::FRIEND],
$condition = ['nurl' => Strings::normaliseLink($actor), 'rel' => [Contact::SHARING, Contact::FRIEND],
'network' => $networks, 'archive' => false, 'pending' => false, 'uid' => $contact['uid']];
// Forum posts are only accepted from forum contacts
@ -516,7 +517,7 @@ class Receiver
{
$receivers = [];
$networks = [Protocol::ACTIVITYPUB, Protocol::DFRN, Protocol::DIASPORA, Protocol::OSTATUS];
$condition = ['nurl' => normalise_link($actor), 'rel' => [Contact::SHARING, Contact::FRIEND, Contact::FOLLOWER],
$condition = ['nurl' => Strings::normaliseLink($actor), 'rel' => [Contact::SHARING, Contact::FRIEND, Contact::FOLLOWER],
'network' => $networks, 'archive' => false, 'pending' => false];
$contacts = DBA::select('contact', ['uid', 'rel'], $condition);
while ($contact = DBA::fetch($contacts)) {
@ -589,7 +590,7 @@ class Receiver
unset($profile['photo']);
unset($profile['baseurl']);
$profile['nurl'] = normalise_link($profile['url']);
$profile['nurl'] = Strings::normaliseLink($profile['url']);
DBA::update('contact', $profile, ['id' => $cid]);
Contact::updateAvatar($photo, $uid, $cid);
@ -614,12 +615,12 @@ class Receiver
}
foreach ($receivers as $receiver) {
$contact = DBA::selectFirst('contact', ['id'], ['uid' => $receiver, 'network' => Protocol::OSTATUS, 'nurl' => normalise_link($actor)]);
$contact = DBA::selectFirst('contact', ['id'], ['uid' => $receiver, 'network' => Protocol::OSTATUS, 'nurl' => Strings::normaliseLink($actor)]);
if (DBA::isResult($contact)) {
self::switchContact($contact['id'], $receiver, $actor);
}
$contact = DBA::selectFirst('contact', ['id'], ['uid' => $receiver, 'network' => Protocol::OSTATUS, 'alias' => [normalise_link($actor), $actor]]);
$contact = DBA::selectFirst('contact', ['id'], ['uid' => $receiver, 'network' => Protocol::OSTATUS, 'alias' => [Strings::normaliseLink($actor), $actor]]);
if (DBA::isResult($contact)) {
self::switchContact($contact['id'], $receiver, $actor);
}
@ -727,13 +728,48 @@ class Receiver
continue;
}
$taglist[] = ['type' => str_replace('as:', '', JsonLD::fetchElement($tag, '@type')),
$element = ['type' => str_replace('as:', '', JsonLD::fetchElement($tag, '@type')),
'href' => JsonLD::fetchElement($tag, 'as:href'),
'name' => JsonLD::fetchElement($tag, 'as:name')];
if (empty($element['type'])) {
continue;
}
$taglist[] = $element;
}
return $taglist;
}
/**
* Convert emojis from JSON-LD format into a simplified format
*
* @param array $tags Tags in JSON-LD format
*
* @return array with emojis in a simplified format
*/
private static function processEmojis($emojis)
{
$emojilist = [];
if (empty($emojis)) {
return [];
}
foreach ($emojis as $emoji) {
if (empty($emoji) || (JsonLD::fetchElement($emoji, '@type') != 'toot:Emoji') || empty($emoji['as:icon'])) {
continue;
}
$url = JsonLD::fetchElement($emoji['as:icon'], 'as:url');
$element = ['name' => JsonLD::fetchElement($emoji, 'as:name'),
'href' => $url];
$emojilist[] = $element;
}
return $emojilist;
}
/**
* Convert attachments from JSON-LD format into a simplified format
*
@ -821,6 +857,7 @@ class Receiver
$object_data['longitude'] = JsonLD::fetchElement($object_data, 'longitude', '@value');
$object_data['attachments'] = self::processAttachments(JsonLD::fetchElementArray($object, 'as:attachment'));
$object_data['tags'] = self::processTags(JsonLD::fetchElementArray($object, 'as:tag'));
$object_data['emojis'] = self::processEmojis(JsonLD::fetchElementArray($object, 'as:tag', 'toot:Emoji'));
$object_data['generator'] = JsonLD::fetchElement($object, 'as:generator', 'as:name', '@type', 'as:Application');
$object_data['alternate-url'] = JsonLD::fetchElement($object, 'as:url');

37
src/Protocol/DFRN.php
View file

@ -33,6 +33,7 @@ use Friendica\Object\Image;
use Friendica\Util\Crypto;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Network;
use Friendica\Util\Strings;
use Friendica\Util\XML;
use HTMLPurifier;
use HTMLPurifier_Config;
@ -240,7 +241,7 @@ class DFRN
if (isset($category)) {
$sql_post_table = sprintf(
"INNER JOIN (SELECT `oid` FROM `term` WHERE `term` = '%s' AND `otype` = %d AND `type` = %d AND `uid` = %d ORDER BY `tid` DESC) AS `term` ON `item`.`id` = `term`.`oid` ",
DBA::escape(protect_sprintf($category)),
DBA::escape(Strings::protectSprintf($category)),
intval(TERM_OBJ_POST),
intval(TERM_CATEGORY),
intval($owner_id)
@ -1001,7 +1002,7 @@ class DFRN
XML::addElement($doc, $entry, "updated", DateTimeFormat::utc($item["edited"] . "+00:00", DateTimeFormat::ATOM));
// "dfrn:env" is used to read the content
XML::addElement($doc, $entry, "dfrn:env", base64url_encode($body, true));
XML::addElement($doc, $entry, "dfrn:env", Strings::base64UrlEncode($body, true));
// The "content" field is not read by the receiver. We could remove it when the type is "text"
// We keep it at the moment, maybe there is some old version that doesn't read "dfrn:env"
@ -1096,7 +1097,7 @@ class DFRN
}
foreach ($mentioned as $mention) {
$condition = ['uid' => $owner["uid"], 'nurl' => normalise_link($mention)];
$condition = ['uid' => $owner["uid"], 'nurl' => Strings::normaliseLink($mention)];
$contact = DBA::selectFirst('contact', ['forum', 'prv'], $condition);
if (DBA::isResult($contact) && ($contact["forum"] || $contact["prv"])) {
@ -1568,7 +1569,7 @@ class DFRN
$fields = ['id', 'uid', 'url', 'network', 'avatar-date', 'avatar', 'name-date', 'uri-date', 'addr',
'name', 'nick', 'about', 'location', 'keywords', 'xmpp', 'bdyear', 'bd', 'hidden', 'contact-type'];
$condition = ["`uid` = ? AND `nurl` = ? AND `network` != ?",
$importer["importer_uid"], normalise_link($author["link"]), Protocol::STATUSNET];
$importer["importer_uid"], Strings::normaliseLink($author["link"]), Protocol::STATUSNET];
$contact_old = DBA::selectFirst('contact', $fields, $condition);
if (DBA::isResult($contact_old)) {
@ -1959,7 +1960,7 @@ class DFRN
*
* @see https://github.com/friendica/friendica/pull/3254#discussion_r107315246
*/
$condition = ['name' => $suggest["name"], 'nurl' => normalise_link($suggest["url"]),
$condition = ['name' => $suggest["name"], 'nurl' => Strings::normaliseLink($suggest["url"]),
'uid' => $suggest["uid"]];
if (DBA::exists('contact', $condition)) {
return false;
@ -2009,7 +2010,7 @@ class DFRN
$fid = $r[0]["id"];
$hash = random_string();
$hash = Strings::getRandomHex();
$r = q(
"INSERT INTO `intro` (`uid`, `fid`, `contact-id`, `note`, `hash`, `datetime`, `blocked`)
@ -2099,18 +2100,18 @@ class DFRN
$relocate["server_url"] = preg_replace("=(https?://)(.*)/profile/(.*)=ism", "$1$2", $relocate["url"]);
$fields = ['name' => $relocate["name"], 'photo' => $relocate["avatar"],
'url' => $relocate["url"], 'nurl' => normalise_link($relocate["url"]),
'url' => $relocate["url"], 'nurl' => Strings::normaliseLink($relocate["url"]),
'addr' => $relocate["addr"], 'connect' => $relocate["addr"],
'notify' => $relocate["notify"], 'server_url' => $relocate["server_url"]];
DBA::update('gcontact', $fields, ['nurl' => normalise_link($old["url"])]);
DBA::update('gcontact', $fields, ['nurl' => Strings::normaliseLink($old["url"])]);
// Update the contact table. We try to find every entry.
$fields = ['name' => $relocate["name"], 'avatar' => $relocate["avatar"],
'url' => $relocate["url"], 'nurl' => normalise_link($relocate["url"]),
'url' => $relocate["url"], 'nurl' => Strings::normaliseLink($relocate["url"]),
'addr' => $relocate["addr"], 'request' => $relocate["request"],
'confirm' => $relocate["confirm"], 'notify' => $relocate["notify"],
'poll' => $relocate["poll"], 'site-pubkey' => $relocate["sitepubkey"]];
$condition = ["(`id` = ?) OR (`nurl` = ?)", $importer["id"], normalise_link($old["url"])];
$condition = ["(`id` = ?) OR (`nurl` = ?)", $importer["id"], Strings::normaliseLink($old["url"])];
DBA::update('contact', $fields, $condition);
@ -2255,7 +2256,7 @@ class DFRN
}
}
if ($Blink && link_compare($Blink, System::baseUrl() . "/profile/" . $importer["nickname"])) {
if ($Blink && Strings::compareLink($Blink, System::baseUrl() . "/profile/" . $importer["nickname"])) {
$author = DBA::selectFirst('contact', ['name', 'thumb', 'url'], ['id' => $item['author-id']]);
$item['id'] = $posted_id;
@ -2493,7 +2494,7 @@ class DFRN
$item["body"] = XML::getFirstNodeValue($xpath, "dfrn:env/text()", $entry);
$item["body"] = str_replace([' ',"\t","\r","\n"], ['','','',''], $item["body"]);
// make sure nobody is trying to sneak some html tags by us
$item["body"] = notags(base64url_decode($item["body"]));
$item["body"] = Strings::escapeTags(Strings::base64UrlDecode($item["body"]));
$item["body"] = BBCode::limitBodySize($item["body"]);
@ -2737,7 +2738,7 @@ class DFRN
Logger::log("Contact ".$importer["id"]." isn't known to user ".$importer["importer_uid"].". The post will be ignored.", Logger::DEBUG);
return;
}
if (!link_compare($item["owner-link"], $importer["url"])) {
if (!Strings::compareLink($item["owner-link"], $importer["url"])) {
/*
* The item owner info is not our contact. It's OK and is to be expected if this is a tgroup delivery,
* but otherwise there's a possible data mixup on the sender's system.
@ -2985,7 +2986,7 @@ class DFRN
return;
}
$baseurl = substr($baseurl, $domain_st + 3);
$nurl = normalise_link($baseurl);
$nurl = Strings::normaliseLink($baseurl);
/// @todo Why is there a query for "url" *and* "nurl"? Especially this normalising is strange.
$r = q("SELECT `id` FROM `contact` WHERE `uid` = (SELECT `uid` FROM `user` WHERE `nickname` = '%s' LIMIT 1)
@ -3030,7 +3031,7 @@ class DFRN
return;
}
$sec = random_string();
$sec = Strings::getRandomHex();
DBA::insert('profile_check', ['uid' => local_user(), 'cid' => $cid, 'dfrn_id' => $dfrn_id, 'sec' => $sec, 'expire' => time() + 45]);
@ -3078,18 +3079,18 @@ class DFRN
$community_page = ($user['page-flags'] == Contact::PAGE_COMMUNITY);
$prvgroup = ($user['page-flags'] == Contact::PAGE_PRVGROUP);
$link = normalise_link(System::baseUrl() . '/profile/' . $user['nickname']);
$link = Strings::normaliseLink(System::baseUrl() . '/profile/' . $user['nickname']);
/*
* Diaspora uses their own hardwired link URL in @-tags
* instead of the one we supply with webfinger
*/
$dlink = normalise_link(System::baseUrl() . '/u/' . $user['nickname']);
$dlink = Strings::normaliseLink(System::baseUrl() . '/u/' . $user['nickname']);
$cnt = preg_match_all('/[\@\!]\[url\=(.*?)\](.*?)\[\/url\]/ism', $item['body'], $matches, PREG_SET_ORDER);
if ($cnt) {
foreach ($matches as $mtch) {
if (link_compare($link, $mtch[1]) || link_compare($dlink, $mtch[1])) {
if (Strings::compareLink($link, $mtch[1]) || Strings::compareLink($dlink, $mtch[1])) {
$mention = true;
Logger::log('mention found: ' . $mtch[2]);
}

151
src/Protocol/Diaspora.php
View file

@ -34,6 +34,7 @@ use Friendica\Util\Crypto;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Map;
use Friendica\Util\Network;
use Friendica\Util\Strings;
use Friendica\Util\XML;
use SimpleXMLElement;
@ -112,7 +113,7 @@ class Diaspora
// Now we are collecting all relay contacts
foreach ($serverlist as $server_url) {
// We don't send messages to ourselves
if (link_compare($server_url, System::baseUrl())) {
if (Strings::compareLink($server_url, System::baseUrl())) {
continue;
}
$contact = self::getRelayContact($server_url);
@ -146,7 +147,7 @@ class Diaspora
$fields = ['batch', 'id', 'name', 'network', 'archive', 'blocked'];
// Fetch the relay contact
$condition = ['uid' => 0, 'nurl' => normalise_link($server_url),
$condition = ['uid' => 0, 'nurl' => Strings::normaliseLink($server_url),
'contact-type' => Contact::ACCOUNT_TYPE_RELAY];
$contact = DBA::selectFirst('contact', $fields, $condition);
@ -185,7 +186,7 @@ class Diaspora
$fields = array_merge($fields, $network_fields);
$condition = ['uid' => 0, 'nurl' => normalise_link($server_url),
$condition = ['uid' => 0, 'nurl' => Strings::normaliseLink($server_url),
'contact-type' => Contact::ACCOUNT_TYPE_RELAY];
if (DBA::exists('contact', $condition)) {
@ -297,23 +298,23 @@ class Diaspora
$handle = "";
$data = base64url_decode($children->data);
$data = Strings::base64UrlDecode($children->data);
$type = $children->data->attributes()->type[0];
$encoding = $children->encoding;
$alg = $children->alg;
$sig = base64url_decode($children->sig);
$sig = Strings::base64UrlDecode($children->sig);
$key_id = $children->sig->attributes()->key_id[0];
if ($key_id != "") {
$handle = base64url_decode($key_id);
$handle = Strings::base64UrlDecode($key_id);
}
$b64url_data = base64url_encode($data);
$b64url_data = Strings::base64UrlEncode($data);
$msg = str_replace(["\n", "\r", " ", "\t"], ["", "", "", ""], $b64url_data);
$signable_data = $msg.".".base64url_encode($type).".".base64url_encode($encoding).".".base64url_encode($alg);
$signable_data = $msg.".".Strings::base64UrlEncode($type).".".Strings::base64UrlEncode($encoding).".".Strings::base64UrlEncode($alg);
if ($handle == '') {
Logger::log('No author could be decoded. Discarding. Message: ' . $envelope);
@ -425,10 +426,10 @@ class Diaspora
$type = $base->data[0]->attributes()->type[0];
$encoding = $base->encoding;
$alg = $base->alg;
$signed_data = $data.'.'.base64url_encode($type).'.'.base64url_encode($encoding).'.'.base64url_encode($alg);
$signed_data = $data.'.'.Strings::base64UrlEncode($type).'.'.Strings::base64UrlEncode($encoding).'.'.Strings::base64UrlEncode($alg);
// This is the signature
$signature = base64url_decode($base->sig);
$signature = Strings::base64UrlDecode($base->sig);
// Get the senders' public key
$key_id = $base->sig[0]->attributes()->key_id[0];
@ -462,7 +463,7 @@ class Diaspora
}
}
return ['message' => (string)base64url_decode($base->data),
return ['message' => (string)Strings::base64UrlDecode($base->data),
'author' => XML::unescape($author_addr),
'key' => (string)$key];
}
@ -546,7 +547,7 @@ class Diaspora
// Stash the signature away for now. We have to find their key or it won't be good for anything.
$signature = base64url_decode($base->sig);
$signature = Strings::base64UrlDecode($base->sig);
// unpack the data
@ -562,11 +563,11 @@ class Diaspora
$alg = $base->alg;
$signed_data = $data.'.'.base64url_encode($type).'.'.base64url_encode($encoding).'.'.base64url_encode($alg);
$signed_data = $data.'.'.Strings::base64UrlEncode($type).'.'.Strings::base64UrlEncode($encoding).'.'.Strings::base64UrlEncode($alg);
// decode the data
$data = base64url_decode($data);
$data = Strings::base64UrlDecode($data);
if ($public) {
@ -1433,7 +1434,7 @@ class Diaspora
*/
private static function authorContactByUrl($def_contact, $person, $uid)
{
$condition = ['nurl' => normalise_link($person["url"]), 'uid' => $uid];
$condition = ['nurl' => Strings::normaliseLink($person["url"]), 'uid' => $uid];
$contact = DBA::selectFirst('contact', ['id', 'network'], $condition);
if (DBA::isResult($contact)) {
$cid = $contact["id"];
@ -1505,9 +1506,9 @@ class Diaspora
*/
private static function receiveAccountMigration(array $importer, $data)
{
$old_handle = notags(XML::unescape($data->author));
$new_handle = notags(XML::unescape($data->profile->author));
$signature = notags(XML::unescape($data->signature));
$old_handle = Strings::escapeTags(XML::unescape($data->author));
$new_handle = Strings::escapeTags(XML::unescape($data->profile->author));
$signature = Strings::escapeTags(XML::unescape($data->signature));
$contact = self::contactByHandle($importer["uid"], $old_handle);
if (!$contact) {
@ -1535,7 +1536,7 @@ class Diaspora
return false;
}
$fields = ['url' => $data['url'], 'nurl' => normalise_link($data['url']),
$fields = ['url' => $data['url'], 'nurl' => Strings::normaliseLink($data['url']),
'name' => $data['name'], 'nick' => $data['nick'],
'addr' => $data['addr'], 'batch' => $data['batch'],
'notify' => $data['notify'], 'poll' => $data['poll'],
@ -1543,7 +1544,7 @@ class Diaspora
DBA::update('contact', $fields, ['addr' => $old_handle]);
$fields = ['url' => $data['url'], 'nurl' => normalise_link($data['url']),
$fields = ['url' => $data['url'], 'nurl' => Strings::normaliseLink($data['url']),
'name' => $data['name'], 'nick' => $data['nick'],
'addr' => $data['addr'], 'connect' => $data['addr'],
'notify' => $data['notify'], 'photo' => $data['photo'],
@ -1565,7 +1566,7 @@ class Diaspora
*/
private static function receiveAccountDeletion($data)
{
$author = notags(XML::unescape($data->author));
$author = Strings::escapeTags(XML::unescape($data->author));
$contacts = DBA::select('contact', ['id'], ['addr' => $author]);
while ($contact = DBA::fetch($contacts)) {
@ -1656,19 +1657,19 @@ class Diaspora
*/
private static function receiveComment(array $importer, $sender, $data, $xml)
{
$author = notags(XML::unescape($data->author));
$guid = notags(XML::unescape($data->guid));
$parent_guid = notags(XML::unescape($data->parent_guid));
$author = Strings::escapeTags(XML::unescape($data->author));
$guid = Strings::escapeTags(XML::unescape($data->guid));
$parent_guid = Strings::escapeTags(XML::unescape($data->parent_guid));
$text = XML::unescape($data->text);
if (isset($data->created_at)) {
$created_at = DateTimeFormat::utc(notags(XML::unescape($data->created_at)));
$created_at = DateTimeFormat::utc(Strings::escapeTags(XML::unescape($data->created_at)));
} else {
$created_at = DateTimeFormat::utcNow();
}
if (isset($data->thread_parent_guid)) {
$thread_parent_guid = notags(XML::unescape($data->thread_parent_guid));
$thread_parent_guid = Strings::escapeTags(XML::unescape($data->thread_parent_guid));
$thr_uri = self::getUriFromGuid("", $thread_parent_guid, true);
} else {
$thr_uri = "";
@ -1773,24 +1774,24 @@ class Diaspora
*/
private static function receiveConversationMessage(array $importer, array $contact, $data, $msg, $mesg, $conversation)
{
$author = notags(XML::unescape($data->author));
$guid = notags(XML::unescape($data->guid));
$subject = notags(XML::unescape($data->subject));
$author = Strings::escapeTags(XML::unescape($data->author));
$guid = Strings::escapeTags(XML::unescape($data->guid));
$subject = Strings::escapeTags(XML::unescape($data->subject));
// "diaspora_handle" is the element name from the old version
// "author" is the element name from the new version
if ($mesg->author) {
$msg_author = notags(XML::unescape($mesg->author));
$msg_author = Strings::escapeTags(XML::unescape($mesg->author));
} elseif ($mesg->diaspora_handle) {
$msg_author = notags(XML::unescape($mesg->diaspora_handle));
$msg_author = Strings::escapeTags(XML::unescape($mesg->diaspora_handle));
} else {
return false;
}
$msg_guid = notags(XML::unescape($mesg->guid));
$msg_conversation_guid = notags(XML::unescape($mesg->conversation_guid));
$msg_guid = Strings::escapeTags(XML::unescape($mesg->guid));
$msg_conversation_guid = Strings::escapeTags(XML::unescape($mesg->conversation_guid));
$msg_text = XML::unescape($mesg->text);
$msg_created_at = DateTimeFormat::utc(notags(XML::unescape($mesg->created_at)));
$msg_created_at = DateTimeFormat::utc(Strings::escapeTags(XML::unescape($mesg->created_at)));
if ($msg_conversation_guid != $guid) {
Logger::log("message conversation guid does not belong to the current conversation.");
@ -1861,11 +1862,11 @@ class Diaspora
*/
private static function receiveConversation(array $importer, $msg, $data)
{
$author = notags(XML::unescape($data->author));
$guid = notags(XML::unescape($data->guid));
$subject = notags(XML::unescape($data->subject));
$created_at = DateTimeFormat::utc(notags(XML::unescape($data->created_at)));
$participants = notags(XML::unescape($data->participants));
$author = Strings::escapeTags(XML::unescape($data->author));
$guid = Strings::escapeTags(XML::unescape($data->guid));
$subject = Strings::escapeTags(XML::unescape($data->subject));
$created_at = DateTimeFormat::utc(Strings::escapeTags(XML::unescape($data->created_at)));
$participants = Strings::escapeTags(XML::unescape($data->participants));
$messages = $data->message;
@ -1919,11 +1920,11 @@ class Diaspora
*/
private static function receiveLike(array $importer, $sender, $data)
{
$author = notags(XML::unescape($data->author));
$guid = notags(XML::unescape($data->guid));
$parent_guid = notags(XML::unescape($data->parent_guid));
$parent_type = notags(XML::unescape($data->parent_type));
$positive = notags(XML::unescape($data->positive));
$author = Strings::escapeTags(XML::unescape($data->author));
$guid = Strings::escapeTags(XML::unescape($data->guid));
$parent_guid = Strings::escapeTags(XML::unescape($data->parent_guid));
$parent_type = Strings::escapeTags(XML::unescape($data->parent_type));
$positive = Strings::escapeTags(XML::unescape($data->positive));
// likes on comments aren't supported by Diaspora - only on posts
// But maybe this will be supported in the future, so we will accept it.
@ -2028,11 +2029,11 @@ class Diaspora
*/
private static function receiveMessage(array $importer, $data)
{
$author = notags(XML::unescape($data->author));
$guid = notags(XML::unescape($data->guid));
$conversation_guid = notags(XML::unescape($data->conversation_guid));
$author = Strings::escapeTags(XML::unescape($data->author));
$guid = Strings::escapeTags(XML::unescape($data->guid));
$conversation_guid = Strings::escapeTags(XML::unescape($data->conversation_guid));
$text = XML::unescape($data->text);
$created_at = DateTimeFormat::utc(notags(XML::unescape($data->created_at)));
$created_at = DateTimeFormat::utc(Strings::escapeTags(XML::unescape($data->created_at)));
$contact = self::allowedContactByHandle($importer, $author, true);
if (!$contact) {
@ -2103,8 +2104,8 @@ class Diaspora
*/
private static function receiveParticipation(array $importer, $data)
{
$author = strtolower(notags(XML::unescape($data->author)));
$parent_guid = notags(XML::unescape($data->parent_guid));
$author = strtolower(Strings::escapeTags(XML::unescape($data->author)));
$parent_guid = Strings::escapeTags(XML::unescape($data->parent_guid));
$contact_id = Contact::getIdForURL($author);
if (!$contact_id) {
@ -2196,7 +2197,7 @@ class Diaspora
*/
private static function receiveProfile(array $importer, $data)
{
$author = strtolower(notags(XML::unescape($data->author)));
$author = strtolower(Strings::escapeTags(XML::unescape($data->author)));
$contact = self::contactByHandle($importer["uid"], $author);
if (!$contact) {
@ -2391,7 +2392,7 @@ class Diaspora
DBA::escape($ret["addr"]),
DateTimeFormat::utcNow(),
DBA::escape($ret["url"]),
DBA::escape(normalise_link($ret["url"])),
DBA::escape(Strings::normaliseLink($ret["url"])),
DBA::escape($batch),
DBA::escape($ret["name"]),
DBA::escape($ret["nick"]),
@ -2421,7 +2422,7 @@ class Diaspora
if (in_array($importer["page-flags"], [Contact::PAGE_NORMAL, Contact::PAGE_PRVGROUP])) {
Logger::log("Sending intra message for author ".$author.".", Logger::DEBUG);
$hash = random_string().(string)time(); // Generate a confirm_key
$hash = Strings::getRandomHex().(string)time(); // Generate a confirm_key
$ret = q(
"INSERT INTO `intro` (`uid`, `contact-id`, `blocked`, `knowyou`, `note`, `hash`, `datetime`)
@ -2573,13 +2574,13 @@ class Diaspora
*/
private static function receiveReshare(array $importer, $data, $xml)
{
$author = notags(XML::unescape($data->author));
$guid = notags(XML::unescape($data->guid));
$created_at = DateTimeFormat::utc(notags(XML::unescape($data->created_at)));
$root_author = notags(XML::unescape($data->root_author));
$root_guid = notags(XML::unescape($data->root_guid));
$author = Strings::escapeTags(XML::unescape($data->author));
$guid = Strings::escapeTags(XML::unescape($data->guid));
$created_at = DateTimeFormat::utc(Strings::escapeTags(XML::unescape($data->created_at)));
$root_author = Strings::escapeTags(XML::unescape($data->root_author));
$root_guid = Strings::escapeTags(XML::unescape($data->root_guid));
/// @todo handle unprocessed property "provider_display_name"
$public = notags(XML::unescape($data->public));
$public = Strings::escapeTags(XML::unescape($data->public));
$contact = self::allowedContactByHandle($importer, $author, false);
if (!$contact) {
@ -2665,9 +2666,9 @@ class Diaspora
*/
private static function itemRetraction(array $importer, array $contact, $data)
{
$author = notags(XML::unescape($data->author));
$target_guid = notags(XML::unescape($data->target_guid));
$target_type = notags(XML::unescape($data->target_type));
$author = Strings::escapeTags(XML::unescape($data->author));
$target_guid = Strings::escapeTags(XML::unescape($data->target_guid));
$target_type = Strings::escapeTags(XML::unescape($data->target_type));
$person = self::personByHandle($author);
if (!is_array($person)) {
@ -2705,7 +2706,7 @@ class Diaspora
$parent = Item::selectFirst(['author-link'], ['id' => $item["parent"]]);
// Only delete it if the parent author really fits
if (!link_compare($parent["author-link"], $contact["url"]) && !link_compare($item["author-link"], $contact["url"])) {
if (!Strings::compareLink($parent["author-link"], $contact["url"]) && !Strings::compareLink($item["author-link"], $contact["url"])) {
Logger::log("Thread author ".$parent["author-link"]." and item author ".$item["author-link"]." don't fit to expected contact ".$contact["url"], Logger::DEBUG);
continue;
}
@ -2729,7 +2730,7 @@ class Diaspora
*/
private static function receiveRetraction(array $importer, $sender, $data)
{
$target_type = notags(XML::unescape($data->target_type));
$target_type = Strings::escapeTags(XML::unescape($data->target_type));
$contact = self::contactByHandle($importer["uid"], $sender);
if (!$contact && (in_array($target_type, ["Contact", "Person"]))) {
@ -2774,12 +2775,12 @@ class Diaspora
*/
private static function receiveStatusMessage(array $importer, SimpleXMLElement $data, $xml)
{
$author = notags(XML::unescape($data->author));
$guid = notags(XML::unescape($data->guid));
$created_at = DateTimeFormat::utc(notags(XML::unescape($data->created_at)));
$public = notags(XML::unescape($data->public));
$author = Strings::escapeTags(XML::unescape($data->author));
$guid = Strings::escapeTags(XML::unescape($data->guid));
$created_at = DateTimeFormat::utc(Strings::escapeTags(XML::unescape($data->created_at)));
$public = Strings::escapeTags(XML::unescape($data->public));
$text = XML::unescape($data->text);
$provider_display_name = notags(XML::unescape($data->provider_display_name));
$provider_display_name = Strings::escapeTags(XML::unescape($data->provider_display_name));
$contact = self::allowedContactByHandle($importer, $author, false);
if (!$contact) {
@ -2794,7 +2795,7 @@ class Diaspora
$address = [];
if ($data->location) {
foreach ($data->location->children() as $fieldname => $data) {
$address[$fieldname] = notags(XML::unescape($data));
$address[$fieldname] = Strings::escapeTags(XML::unescape($data));
}
}
@ -2961,14 +2962,14 @@ class Diaspora
*/
public static function buildMagicEnvelope($msg, array $user)
{
$b64url_data = base64url_encode($msg);
$b64url_data = Strings::base64UrlEncode($msg);
$data = str_replace(["\n", "\r", " ", "\t"], ["", "", "", ""], $b64url_data);
$key_id = base64url_encode(self::myHandle($user));
$key_id = Strings::base64UrlEncode(self::myHandle($user));
$type = "application/xml";
$encoding = "base64url";
$alg = "RSA-SHA256";
$signable_data = $data.".".base64url_encode($type).".".base64url_encode($encoding).".".base64url_encode($alg);
$signable_data = $data.".".Strings::base64UrlEncode($type).".".Strings::base64UrlEncode($encoding).".".Strings::base64UrlEncode($alg);
// Fallback if the private key wasn't transmitted in the expected field
if ($user['uprvkey'] == "") {
@ -2976,7 +2977,7 @@ class Diaspora
}
$signature = Crypto::rsaSign($signable_data, $user["uprvkey"]);
$sig = base64url_encode($signature);
$sig = Strings::base64UrlEncode($signature);
$xmldata = ["me:env" => ["me:data" => $data,
"@attributes" => ["type" => $type],
@ -3055,7 +3056,7 @@ class Diaspora
return 200;
}
$logid = random_string(4);
$logid = Strings::getRandomHex(4);
$dest_url = ($public_batch ? $contact["batch"] : $contact["notify"]);

3
src/Protocol/Email.php
View file

@ -7,6 +7,7 @@ namespace Friendica\Protocol;
use Friendica\Core\Logger;
use Friendica\Content\Text\HTML;
use Friendica\Core\Protocol;
use Friendica\Model\Item;
/**
* @brief Email class
@ -331,7 +332,7 @@ class Email
$part = uniqid("", true);
$html = prepare_body($item);
$html = Item::prepareBody($item);
$headers .= "Mime-Version: 1.0\n";
$headers .= 'Content-Type: multipart/alternative; boundary="=_'.$part.'"'."\n\n";

21
src/Protocol/OStatus.php
View file

@ -26,6 +26,7 @@ use Friendica\Object\Image;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Network;
use Friendica\Util\Proxy as ProxyUtils;
use Friendica\Util\Strings;
use Friendica\Util\XML;
require_once 'include/dba.php';
@ -98,7 +99,7 @@ class OStatus
}
$condition = ["`uid` = ? AND `nurl` IN (?, ?) AND `network` != ? AND `rel` IN (?, ?)",
$importer["uid"], normalise_link($author["author-link"]), normalise_link($aliaslink),
$importer["uid"], Strings::normaliseLink($author["author-link"]), Strings::normaliseLink($aliaslink),
Protocol::STATUSNET, Contact::SHARING, Contact::FRIEND];
$contact = DBA::selectFirst('contact', [], $condition);
}
@ -164,7 +165,7 @@ class OStatus
// $contact["poll"] = $value;
$contact['url'] = $author["author-link"];
$contact['nurl'] = normalise_link($contact['url']);
$contact['nurl'] = Strings::normaliseLink($contact['url']);
$value = XML::getFirstNodeValue($xpath, 'atom:author/atom:uri/text()', $context);
if ($value != "") {
@ -209,7 +210,7 @@ class OStatus
// Update it with the current values
$fields = ['url' => $author["author-link"], 'name' => $contact["name"],
'nurl' => normalise_link($author["author-link"]),
'nurl' => Strings::normaliseLink($author["author-link"]),
'nick' => $contact["nick"], 'alias' => $contact["alias"],
'about' => $contact["about"], 'location' => $contact["location"],
'success_update' => DateTimeFormat::utcNow(), 'last-update' => DateTimeFormat::utcNow()];
@ -1599,7 +1600,7 @@ class OStatus
{
$r = q(
"SELECT * FROM `contact` WHERE `nurl` = '%s' AND `uid` IN (0, %d) ORDER BY `uid` DESC LIMIT 1",
DBA::escape(normalise_link($url)),
DBA::escape(Strings::normaliseLink($url)),
intval($owner["uid"])
);
if (DBA::isResult($r)) {
@ -1608,7 +1609,7 @@ class OStatus
}
if (!DBA::isResult($r)) {
$gcontact = DBA::selectFirst('gcontact', [], ['nurl' => normalise_link($url)]);
$gcontact = DBA::selectFirst('gcontact', [], ['nurl' => Strings::normaliseLink($url)]);
if (DBA::isResult($r)) {
$contact = $gcontact;
$contact["uid"] = -1;
@ -1651,7 +1652,7 @@ class OStatus
*/
private static function reshareEntry(DOMDocument $doc, array $item, array $owner, $repeated_guid, $toplevel)
{
if (($item["id"] != $item["parent"]) && (normalise_link($item["author-link"]) != normalise_link($owner["url"]))) {
if (($item["id"] != $item["parent"]) && (Strings::normaliseLink($item["author-link"]) != Strings::normaliseLink($owner["url"]))) {
Logger::log("OStatus entry is from author ".$owner["url"]." - not from ".$item["author-link"].". Quitting.", Logger::DEBUG);
}
@ -1714,7 +1715,7 @@ class OStatus
*/
private static function likeEntry(DOMDocument $doc, array $item, array $owner, $toplevel)
{
if (($item["id"] != $item["parent"]) && (normalise_link($item["author-link"]) != normalise_link($owner["url"]))) {
if (($item["id"] != $item["parent"]) && (Strings::normaliseLink($item["author-link"]) != Strings::normaliseLink($owner["url"]))) {
Logger::log("OStatus entry is from author ".$owner["url"]." - not from ".$item["author-link"].". Quitting.", Logger::DEBUG);
}
@ -1811,7 +1812,7 @@ class OStatus
$item['follow'] = $contact['alias'];
}
$condition = ['uid' => $owner['uid'], 'nurl' => normalise_link($contact["url"])];
$condition = ['uid' => $owner['uid'], 'nurl' => Strings::normaliseLink($contact["url"])];
$user_contact = DBA::selectFirst('contact', ['id'], $condition);
if (DBA::isResult($user_contact)) {
@ -1861,7 +1862,7 @@ class OStatus
*/
private static function noteEntry(DOMDocument $doc, array $item, array $owner, $toplevel)
{
if (($item["id"] != $item["parent"]) && (normalise_link($item["author-link"]) != normalise_link($owner["url"]))) {
if (($item["id"] != $item["parent"]) && (Strings::normaliseLink($item["author-link"]) != Strings::normaliseLink($owner["url"]))) {
Logger::log("OStatus entry is from author ".$owner["url"]." - not from ".$item["author-link"].". Quitting.", Logger::DEBUG);
}
@ -2048,7 +2049,7 @@ class OStatus
$mentioned = $newmentions;
foreach ($mentioned as $mention) {
$condition = ['uid' => $owner['uid'], 'nurl' => normalise_link($mention)];
$condition = ['uid' => $owner['uid'], 'nurl' => Strings::normaliseLink($mention)];
$contact = DBA::selectFirst('contact', ['forum', 'prv', 'self', 'contact-type'], $condition);
if ($contact["forum"] || $contact["prv"] || ($owner['contact-type'] == Contact::ACCOUNT_TYPE_COMMUNITY) ||
($contact['self'] && ($owner['account-type'] == Contact::ACCOUNT_TYPE_COMMUNITY))) {

53
src/Protocol/PortableContact.php
View file

@ -23,6 +23,7 @@ use Friendica\Model\Profile;
use Friendica\Network\Probe;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Network;
use Friendica\Util\Strings;
use Friendica\Util\XML;
require_once 'include/dba.php';
@ -284,7 +285,7 @@ class PortableContact
$r = q(
"SELECT `id` FROM `gserver` WHERE `nurl` = '%s' AND `last_contact` > `last_failure`",
DBA::escape(normalise_link($server_url))
DBA::escape(Strings::normaliseLink($server_url))
);
if (DBA::isResult($r)) {
@ -309,7 +310,7 @@ class PortableContact
{
$gcontacts = q(
"SELECT * FROM `gcontact` WHERE `nurl` = '%s'",
DBA::escape(normalise_link($profile))
DBA::escape(Strings::normaliseLink($profile))
);
if (!DBA::isResult($gcontacts)) {
@ -324,7 +325,7 @@ class PortableContact
$server_url = '';
if ($force) {
$server_url = normalise_link(self::detectServer($profile));
$server_url = Strings::normaliseLink(self::detectServer($profile));
}
if (($server_url == '') && ($gcontacts[0]["server_url"] != "")) {
@ -332,7 +333,7 @@ class PortableContact
}
if (!$force && (($server_url == '') || ($gcontacts[0]["server_url"] == $gcontacts[0]["nurl"]))) {
$server_url = normalise_link(self::detectServer($profile));
$server_url = Strings::normaliseLink(self::detectServer($profile));
}
if (!in_array($gcontacts[0]["network"], [Protocol::ACTIVITYPUB, Protocol::DFRN, Protocol::DIASPORA, Protocol::FEED, Protocol::OSTATUS, ""])) {
@ -344,7 +345,7 @@ class PortableContact
if (!self::checkServer($server_url, $gcontacts[0]["network"], $force)) {
if ($force) {
$fields = ['last_failure' => DateTimeFormat::utcNow()];
DBA::update('gcontact', $fields, ['nurl' => normalise_link($profile)]);
DBA::update('gcontact', $fields, ['nurl' => Strings::normaliseLink($profile)]);
}
Logger::log("Profile ".$profile.": Server ".$server_url." wasn't reachable.", Logger::DEBUG);
@ -356,7 +357,7 @@ class PortableContact
if (in_array($gcontacts[0]["network"], ["", Protocol::FEED])) {
$server = q(
"SELECT `network` FROM `gserver` WHERE `nurl` = '%s' AND `network` != ''",
DBA::escape(normalise_link($server_url))
DBA::escape(Strings::normaliseLink($server_url))
);
if ($server) {
@ -369,7 +370,7 @@ class PortableContact
// noscrape is really fast so we don't cache the call.
if (($server_url != "") && ($gcontacts[0]["nick"] != "")) {
// Use noscrape if possible
$server = q("SELECT `noscrape`, `network` FROM `gserver` WHERE `nurl` = '%s' AND `noscrape` != ''", DBA::escape(normalise_link($server_url)));
$server = q("SELECT `noscrape`, `network` FROM `gserver` WHERE `nurl` = '%s' AND `noscrape` != ''", DBA::escape(Strings::normaliseLink($server_url)));
if ($server) {
$curlResult = Network::curl($server[0]["noscrape"]."/".$gcontacts[0]["nick"]);
@ -425,7 +426,7 @@ class PortableContact
if (!empty($noscrape["updated"])) {
$fields = ['last_contact' => DateTimeFormat::utcNow()];
DBA::update('gcontact', $fields, ['nurl' => normalise_link($profile)]);
DBA::update('gcontact', $fields, ['nurl' => Strings::normaliseLink($profile)]);
Logger::log("Profile ".$profile." was last updated at ".$noscrape["updated"]." (noscrape)", Logger::DEBUG);
@ -449,11 +450,11 @@ class PortableContact
// Is the profile link the alternate OStatus link notation? (http://domain.tld/user/4711)
// Then check the other link and delete this one
if (($data["network"] == Protocol::OSTATUS) && self::alternateOStatusUrl($profile)
&& (normalise_link($profile) == normalise_link($data["alias"]))
&& (normalise_link($profile) != normalise_link($data["url"]))
&& (Strings::normaliseLink($profile) == Strings::normaliseLink($data["alias"]))
&& (Strings::normaliseLink($profile) != Strings::normaliseLink($data["url"]))
) {
// Delete the old entry
DBA::delete('gcontact', ['nurl' => normalise_link($profile)]);
DBA::delete('gcontact', ['nurl' => Strings::normaliseLink($profile)]);
$gcontact = array_merge($gcontacts[0], $data);
@ -474,7 +475,7 @@ class PortableContact
if (($data["poll"] == "") || (in_array($data["network"], [Protocol::FEED, Protocol::PHANTOM]))) {
$fields = ['last_failure' => DateTimeFormat::utcNow()];
DBA::update('gcontact', $fields, ['nurl' => normalise_link($profile)]);
DBA::update('gcontact', $fields, ['nurl' => Strings::normaliseLink($profile)]);
Logger::log("Profile ".$profile." wasn't reachable (profile)", Logger::DEBUG);
return false;
@ -490,7 +491,7 @@ class PortableContact
if (!$curlResult->isSuccess()) {
$fields = ['last_failure' => DateTimeFormat::utcNow()];
DBA::update('gcontact', $fields, ['nurl' => normalise_link($profile)]);
DBA::update('gcontact', $fields, ['nurl' => Strings::normaliseLink($profile)]);
Logger::log("Profile ".$profile." wasn't reachable (no feed)", Logger::DEBUG);
return false;
@ -533,11 +534,11 @@ class PortableContact
$fields['updated'] = $last_updated;
}
DBA::update('gcontact', $fields, ['nurl' => normalise_link($profile)]);
DBA::update('gcontact', $fields, ['nurl' => Strings::normaliseLink($profile)]);
if (($gcontacts[0]["generation"] == 0)) {
$fields = ['generation' => 9];
DBA::update('gcontact', $fields, ['nurl' => normalise_link($profile)]);
DBA::update('gcontact', $fields, ['nurl' => Strings::normaliseLink($profile)]);
}
Logger::log("Profile ".$profile." was last updated at ".$last_updated, Logger::DEBUG);
@ -930,11 +931,11 @@ class PortableContact
return false;
}
$gserver = DBA::selectFirst('gserver', [], ['nurl' => normalise_link($server_url)]);
$gserver = DBA::selectFirst('gserver', [], ['nurl' => Strings::normaliseLink($server_url)]);
if (DBA::isResult($gserver)) {
if ($gserver["created"] <= DBA::NULL_DATETIME) {
$fields = ['created' => DateTimeFormat::utcNow()];
$condition = ['nurl' => normalise_link($server_url)];
$condition = ['nurl' => Strings::normaliseLink($server_url)];
DBA::update('gserver', $fields, $condition);
}
$poco = $gserver["poco"];
@ -990,7 +991,7 @@ class PortableContact
// Mastodon uses the "@" for user profiles.
// But this can be misunderstood.
if (parse_url($server_url, PHP_URL_USER) != '') {
DBA::update('gserver', ['last_failure' => DateTimeFormat::utcNow()], ['nurl' => normalise_link($server_url)]);
DBA::update('gserver', ['last_failure' => DateTimeFormat::utcNow()], ['nurl' => Strings::normaliseLink($server_url)]);
return false;
}
@ -1006,7 +1007,7 @@ class PortableContact
if (DBA::isResult($gserver) && ($orig_server_url == $server_url) &&
($curlResult->isTimeout())) {
Logger::log("Connection to server ".$server_url." timed out.", Logger::DEBUG);
DBA::update('gserver', ['last_failure' => DateTimeFormat::utcNow()], ['nurl' => normalise_link($server_url)]);
DBA::update('gserver', ['last_failure' => DateTimeFormat::utcNow()], ['nurl' => Strings::normaliseLink($server_url)]);
return false;
}
@ -1021,7 +1022,7 @@ class PortableContact
// Quit if there is a timeout
if ($curlResult->isTimeout()) {
Logger::log("Connection to server " . $server_url . " timed out.", Logger::DEBUG);
DBA::update('gserver', ['last_failure' => DateTimeFormat::utcNow()], ['nurl' => normalise_link($server_url)]);
DBA::update('gserver', ['last_failure' => DateTimeFormat::utcNow()], ['nurl' => Strings::normaliseLink($server_url)]);
return false;
}
@ -1048,7 +1049,7 @@ class PortableContact
if (!$failure) {
// This will be too low, but better than no value at all.
$registered_users = DBA::count('gcontact', ['server_url' => normalise_link($server_url)]);
$registered_users = DBA::count('gcontact', ['server_url' => Strings::normaliseLink($server_url)]);
}
// Look for poco
@ -1410,7 +1411,7 @@ class PortableContact
}
// Check again if the server exists
$found = DBA::exists('gserver', ['nurl' => normalise_link($server_url)]);
$found = DBA::exists('gserver', ['nurl' => Strings::normaliseLink($server_url)]);
$version = strip_tags($version);
$site_name = strip_tags($site_name);
@ -1424,9 +1425,9 @@ class PortableContact
'last_contact' => $last_contact, 'last_failure' => $last_failure];
if ($found) {
DBA::update('gserver', $fields, ['nurl' => normalise_link($server_url)]);
DBA::update('gserver', $fields, ['nurl' => Strings::normaliseLink($server_url)]);
} elseif (!$failure) {
$fields['nurl'] = normalise_link($server_url);
$fields['nurl'] = Strings::normaliseLink($server_url);
$fields['created'] = DateTimeFormat::utcNow();
DBA::insert('gserver', $fields);
}
@ -1461,7 +1462,7 @@ class PortableContact
return;
}
$gserver = DBA::selectFirst('gserver', ['id', 'relay-subscribe', 'relay-scope'], ['nurl' => normalise_link($server_url)]);
$gserver = DBA::selectFirst('gserver', ['id', 'relay-subscribe', 'relay-scope'], ['nurl' => Strings::normaliseLink($server_url)]);
if (!DBA::isResult($gserver)) {
return;
@ -1560,7 +1561,7 @@ class PortableContact
foreach ($serverlist as $server) {
$server_url = str_replace("/index.php", "", $server['url']);
$r = q("SELECT `nurl` FROM `gserver` WHERE `nurl` = '%s'", DBA::escape(normalise_link($server_url)));
$r = q("SELECT `nurl` FROM `gserver` WHERE `nurl` = '%s'", DBA::escape(Strings::normaliseLink($server_url)));
if (!DBA::isResult($r)) {
Logger::log("Call server check for server ".$server_url, Logger::DEBUG);

19
src/Protocol/Salmon.php
View file

@ -8,6 +8,7 @@ use Friendica\Core\Logger;
use Friendica\Network\Probe;
use Friendica\Util\Crypto;
use Friendica\Util\Network;
use Friendica\Util\Strings;
use Friendica\Util\XML;
/**
@ -51,7 +52,7 @@ class Salmon
} else {
$ret[$x] = substr($ret[$x], 5);
}
} elseif (normalise_link($ret[$x]) == 'http://') {
} elseif (Strings::normaliseLink($ret[$x]) == 'http://') {
$ret[$x] = Network::fetchUrl($ret[$x]);
}
}
@ -70,7 +71,7 @@ class Salmon
return $ret[0];
} else {
foreach ($ret as $a) {
$hash = base64url_encode(hash('sha256', $a));
$hash = Strings::base64UrlEncode(hash('sha256', $a));
if ($hash == $keyhash) {
return $a;
}
@ -104,22 +105,22 @@ class Salmon
// create a magic envelope
$data = base64url_encode($slap);
$data = Strings::base64UrlEncode($slap);
$data_type = 'application/atom+xml';
$encoding = 'base64url';
$algorithm = 'RSA-SHA256';
$keyhash = base64url_encode(hash('sha256', self::salmonKey($owner['spubkey'])), true);
$keyhash = Strings::base64UrlEncode(hash('sha256', self::salmonKey($owner['spubkey'])), true);
$precomputed = '.' . base64url_encode($data_type) . '.' . base64url_encode($encoding) . '.' . base64url_encode($algorithm);
$precomputed = '.' . Strings::base64UrlEncode($data_type) . '.' . Strings::base64UrlEncode($encoding) . '.' . Strings::base64UrlEncode($algorithm);
// GNU Social format
$signature = base64url_encode(Crypto::rsaSign($data . $precomputed, $owner['sprvkey']));
$signature = Strings::base64UrlEncode(Crypto::rsaSign($data . $precomputed, $owner['sprvkey']));
// Compliant format
$signature2 = base64url_encode(Crypto::rsaSign(str_replace('=', '', $data . $precomputed), $owner['sprvkey']));
$signature2 = Strings::base64UrlEncode(Crypto::rsaSign(str_replace('=', '', $data . $precomputed), $owner['sprvkey']));
// Old Status.net format
$signature3 = base64url_encode(Crypto::rsaSign($data, $owner['sprvkey']));
$signature3 = Strings::base64UrlEncode(Crypto::rsaSign($data, $owner['sprvkey']));
// At first try the non compliant method that works for GNU Social
$xmldata = ["me:env" => ["me:data" => $data,
@ -208,6 +209,6 @@ class Salmon
public static function salmonKey($pubkey)
{
Crypto::pemToMe($pubkey, $m, $e);
return 'RSA' . '.' . base64url_encode($m, true) . '.' . base64url_encode($e, true);
return 'RSA' . '.' . Strings::base64UrlEncode($m, true) . '.' . Strings::base64UrlEncode($e, true);
}
}

33
src/Util/Crypto.php
View file

@ -7,6 +7,7 @@ namespace Friendica\Util;
use Friendica\Core\Addon;
use Friendica\Core\Config;
use Friendica\Core\Logger;
use Friendica\Util\Strings;
use ASN_BASE;
use ASNValue;
@ -159,8 +160,8 @@ class Crypto
$r = ASN_BASE::parseASNString($x);
$m = base64url_decode($r[0]->asnData[0]->asnData);
$e = base64url_decode($r[0]->asnData[1]->asnData);
$m = Strings::base64UrlDecode($r[0]->asnData[0]->asnData);
$e = Strings::base64UrlDecode($r[0]->asnData[1]->asnData);
}
/**
@ -198,8 +199,8 @@ class Crypto
$r = ASN_BASE::parseASNString($x);
$m = base64url_decode($r[0]->asnData[1]->asnData[0]->asnData[0]->asnData);
$e = base64url_decode($r[0]->asnData[1]->asnData[0]->asnData[1]->asnData);
$m = Strings::base64UrlDecode($r[0]->asnData[1]->asnData[0]->asnData[0]->asnData);
$e = Strings::base64UrlDecode($r[0]->asnData[1]->asnData[0]->asnData[1]->asnData);
}
/**
@ -355,7 +356,7 @@ class Crypto
$result = ['encrypted' => true];
$key = random_bytes(256);
$iv = random_bytes(256);
$result['data'] = base64url_encode(self::$fn($data, $key, $iv), true);
$result['data'] = Strings::base64UrlEncode(self::$fn($data, $key, $iv), true);
// log the offending call so we can track it down
if (!openssl_public_encrypt($key, $k, $pubkey)) {
@ -364,9 +365,9 @@ class Crypto
}
$result['alg'] = $alg;
$result['key'] = base64url_encode($k, true);
$result['key'] = Strings::base64UrlEncode($k, true);
openssl_public_encrypt($iv, $i, $pubkey);
$result['iv'] = base64url_encode($i, true);
$result['iv'] = Strings::base64UrlEncode($i, true);
return $result;
} else {
@ -395,7 +396,7 @@ class Crypto
$key = random_bytes(32);
$iv = random_bytes(16);
$result = ['encrypted' => true];
$result['data'] = base64url_encode(self::encryptAES256CBC($data, $key, $iv), true);
$result['data'] = Strings::base64UrlEncode(self::encryptAES256CBC($data, $key, $iv), true);
// log the offending call so we can track it down
if (!openssl_public_encrypt($key, $k, $pubkey)) {
@ -404,9 +405,9 @@ class Crypto
}
$result['alg'] = 'aes256cbc';
$result['key'] = base64url_encode($k, true);
$result['key'] = Strings::base64UrlEncode($k, true);
openssl_public_encrypt($iv, $i, $pubkey);
$result['iv'] = base64url_encode($i, true);
$result['iv'] = Strings::base64UrlEncode($i, true);
return $result;
}
@ -448,10 +449,10 @@ class Crypto
$fn = 'decrypt' . strtoupper($alg);
if (method_exists(__CLASS__, $fn)) {
openssl_private_decrypt(base64url_decode($data['key']), $k, $prvkey);
openssl_private_decrypt(base64url_decode($data['iv']), $i, $prvkey);
openssl_private_decrypt(Strings::base64UrlDecode($data['key']), $k, $prvkey);
openssl_private_decrypt(Strings::base64UrlDecode($data['iv']), $i, $prvkey);
return self::$fn(base64url_decode($data['data']), $k, $i);
return self::$fn(Strings::base64UrlDecode($data['data']), $k, $i);
} else {
$x = ['data' => $data, 'prvkey' => $prvkey, 'alg' => $alg, 'result' => $data];
Addon::callHooks('other_unencapsulate', $x);
@ -471,10 +472,10 @@ class Crypto
*/
private static function unencapsulateAes($data, $prvkey)
{
openssl_private_decrypt(base64url_decode($data['key']), $k, $prvkey);
openssl_private_decrypt(base64url_decode($data['iv']), $i, $prvkey);
openssl_private_decrypt(Strings::base64UrlDecode($data['key']), $k, $prvkey);
openssl_private_decrypt(Strings::base64UrlDecode($data['iv']), $i, $prvkey);
return self::decryptAES256CBC(base64url_decode($data['data']), $k, $i);
return self::decryptAES256CBC(Strings::base64UrlDecode($data['data']), $k, $i);
}

3
src/Util/JsonLD.php
View file

@ -90,7 +90,8 @@ class JsonLD
'dfrn' => (object)['@id' => 'http://purl.org/macgirvin/dfrn/1.0/', '@type' => '@id'],
'diaspora' => (object)['@id' => 'https://diasporafoundation.org/ns/', '@type' => '@id'],
'ostatus' => (object)['@id' => 'http://ostatus.org#', '@type' => '@id'],
'dc' => (object)['@id' => 'http://purl.org/dc/terms/', '@type' => '@id']];
'dc' => (object)['@id' => 'http://purl.org/dc/terms/', '@type' => '@id'],
'toot' => (object)['@id' => 'http://joinmastodon.org/ns#', '@type' => '@id']];
$jsonobj = json_decode(json_encode($json, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE));

2
src/Util/LDSignature.php
View file

@ -54,7 +54,7 @@ class LDSignature
{
$options = [
'type' => 'RsaSignature2017',
'nonce' => random_string(64),
'nonce' => Strings::getRandomHex(64),
'creator' => $owner['url'] . '#main-key',
'created' => DateTimeFormat::utcNow(DateTimeFormat::ATOM)
];

Some files were not shown because too many files have changed in this diff Show more