diff --git a/include/api.php b/include/api.php index 0f7fa85bd..5bfb2d65a 100644 --- a/include/api.php +++ b/include/api.php @@ -43,6 +43,7 @@ use Friendica\Protocol\Diaspora; use Friendica\Util\DateTimeFormat; use Friendica\Util\Network; use Friendica\Util\Proxy as ProxyUtils; +use Friendica\Util\Strings; use Friendica\Util\XML; require_once 'include/conversation.php'; @@ -526,7 +527,7 @@ function api_get_user(App $a, $contact_id = null) // Searching for contact URL if (!is_null($contact_id) && (intval($contact_id) == 0)) { - $user = DBA::escape(normalise_link($contact_id)); + $user = DBA::escape(Strings::normaliseLink($contact_id)); $url = $user; $extra_query = "AND `contact`.`nurl` = '%s' "; if (api_user() !== false) { @@ -571,7 +572,7 @@ function api_get_user(App $a, $contact_id = null) } if (is_null($user) && x($_GET, 'profileurl')) { - $user = DBA::escape(normalise_link($_GET['profileurl'])); + $user = DBA::escape(Strings::normaliseLink($_GET['profileurl'])); $extra_query = "AND `contact`.`nurl` = '%s' "; if (api_user() !== false) { $extra_query .= "AND `contact`.`uid`=".intval(api_user()); @@ -639,7 +640,7 @@ function api_get_user(App $a, $contact_id = null) throw new BadRequestException("User not found."); } - $contact = DBA::selectFirst('contact', [], ['uid' => 0, 'nurl' => normalise_link($url)]); + $contact = DBA::selectFirst('contact', [], ['uid' => 0, 'nurl' => Strings::normaliseLink($url)]); if (DBA::isResult($contact)) { $network_name = ContactSelector::networkToName($contact['network'], $contact['url']); @@ -2662,7 +2663,7 @@ function api_get_entitities(&$text, $bbcode) "id" => $start+1, "id_str" => (string)$start+1, "indices" => [$start, $start+strlen($url)], - "media_url" => normalise_link($media_url), + "media_url" => Strings::normaliseLink($media_url), "media_url_https" => $media_url, "url" => $url, "display_url" => $display_url, @@ -3665,8 +3666,8 @@ function api_friendships_destroy($type) $url = $contact["url"]; $condition = ["`uid` = ? AND (`rel` = ? OR `rel` = ?) AND (`nurl` = ? OR `alias` = ? OR `alias` = ?)", - $uid, Contact::SHARING, Contact::FRIEND, normalise_link($url), - normalise_link($url), $url]; + $uid, Contact::SHARING, Contact::FRIEND, Strings::normaliseLink($url), + Strings::normaliseLink($url), $url]; $contact = DBA::selectFirst('contact', [], $condition); if (!DBA::isResult($contact)) { @@ -3790,9 +3791,9 @@ function api_direct_messages_box($type, $box, $verbose) foreach ($r as $item) { if ($box == "inbox" || $item['from-url'] != $profile_url) { $recipient = $user_info; - $sender = api_get_user($a, normalise_link($item['contact-url'])); + $sender = api_get_user($a, Strings::normaliseLink($item['contact-url'])); } elseif ($box == "sentbox" || $item['from-url'] == $profile_url) { - $recipient = api_get_user($a, normalise_link($item['contact-url'])); + $recipient = api_get_user($a, Strings::normaliseLink($item['contact-url'])); $sender = $user_info; } @@ -4499,7 +4500,7 @@ function save_media_to_database($mediatype, $media, $type, $album, $allow_cid, $ // check against max upload size within Friendica instance $maximagesize = Config::get('system', 'maximagesize'); if ($maximagesize && ($filesize > $maximagesize)) { - $formattedBytes = formatBytes($maximagesize); + $formattedBytes = Strings::formatBytes($maximagesize); throw new InternalServerErrorException("image size exceeds Friendica config setting (uploaded size: $formattedBytes)"); } @@ -4779,7 +4780,7 @@ function api_friendica_remoteauth() throw new BadRequestException("Wrong parameters."); } - $c_url = normalise_link($c_url); + $c_url = Strings::normaliseLink($c_url); // traditional DFRN @@ -4802,7 +4803,7 @@ function api_friendica_remoteauth() $dfrn_id = '0:' . $orig_id; } - $sec = random_string(); + $sec = Strings::getRandomHex(); $fields = ['uid' => api_user(), 'cid' => $cid, 'dfrn_id' => $dfrn_id, 'sec' => $sec, 'expire' => time() + 45]; @@ -4943,7 +4944,7 @@ function api_get_nick($profile) $r = q( "SELECT `nick` FROM `contact` WHERE `uid` = 0 AND `nurl` = '%s'", - DBA::escape(normalise_link($profile)) + DBA::escape(Strings::normaliseLink($profile)) ); if (DBA::isResult($r)) { @@ -4953,7 +4954,7 @@ function api_get_nick($profile) if (!$nick == "") { $r = q( "SELECT `nick` FROM `contact` WHERE `uid` = 0 AND `nurl` = '%s'", - DBA::escape(normalise_link($profile)) + DBA::escape(Strings::normaliseLink($profile)) ); if (DBA::isResult($r)) { @@ -5836,9 +5837,9 @@ function api_friendica_direct_messages_search($type, $box = "") foreach ($r as $item) { if ($box == "inbox" || $item['from-url'] != $profile_url) { $recipient = $user_info; - $sender = api_get_user($a, normalise_link($item['contact-url'])); + $sender = api_get_user($a, Strings::normaliseLink($item['contact-url'])); } elseif ($box == "sentbox" || $item['from-url'] == $profile_url) { - $recipient = api_get_user($a, normalise_link($item['contact-url'])); + $recipient = api_get_user($a, Strings::normaliseLink($item['contact-url'])); $sender = $user_info; } diff --git a/include/conversation.php b/include/conversation.php index e276fef13..ee286ca98 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -26,6 +26,7 @@ use Friendica\Object\Thread; use Friendica\Util\DateTimeFormat; use Friendica\Util\Proxy as ProxyUtils; use Friendica\Util\Temporal; +use Friendica\Util\Strings; use Friendica\Util\XML; use Friendica\Util\Crypto; @@ -482,7 +483,7 @@ function conversation(App $a, array $items, Pager $pager, $mode, $update, $previ if (!$update) { $tab = 'posts'; if (x($_GET, 'tab')) { - $tab = notags(trim($_GET['tab'])); + $tab = Strings::escapeTags(trim($_GET['tab'])); } if ($tab === 'posts') { /* @@ -842,7 +843,7 @@ function item_photo_menu($item) { $cid = 0; $network = ''; $rel = 0; - $condition = ['uid' => local_user(), 'nurl' => normalise_link($item['author-link'])]; + $condition = ['uid' => local_user(), 'nurl' => Strings::normaliseLink($item['author-link'])]; $contact = DBA::selectFirst('contact', ['id', 'network', 'rel'], $condition); if (DBA::isResult($contact)) { $cid = $contact['id']; diff --git a/include/enotify.php b/include/enotify.php index d6ca12327..a4b0fd14b 100644 --- a/include/enotify.php +++ b/include/enotify.php @@ -15,6 +15,7 @@ use Friendica\Model\Contact; use Friendica\Model\Item; use Friendica\Util\DateTimeFormat; use Friendica\Util\Emailer; +use Friendica\Util\Strings; /** * @brief Creates a notification entry and possibly sends a mail @@ -457,7 +458,7 @@ function notification($params) Logger::log("adding notification entry", Logger::DEBUG); do { $dups = false; - $hash = random_string(); + $hash = Strings::getRandomHex(); if (DBA::exists('notify', ['hash' => $hash])) { $dups = true; } @@ -703,11 +704,11 @@ function check_item_notification($itemid, $uid, $defaulttype = "") { // Check for invalid profile urls. 13 should be the shortest possible profile length: // http://a.bc/d // Additionally check for invalid urls that would return the normalised value "http:" - if ((strlen($profile) >= 13) && (normalise_link($profile) != "http:")) { + if ((strlen($profile) >= 13) && (Strings::normaliseLink($profile) != "http:")) { if (!in_array($profile, $profiles2)) $profiles2[] = $profile; - $profile = normalise_link($profile); + $profile = Strings::normaliseLink($profile); if (!in_array($profile, $profiles2)) $profiles2[] = $profile; @@ -761,7 +762,7 @@ function check_item_notification($itemid, $uid, $defaulttype = "") { if (DBA::isResult($tags)) { foreach ($tags AS $tag) { - $condition = ['nurl' => normalise_link($tag["url"]), 'uid' => $uid, 'notify_new_posts' => true]; + $condition = ['nurl' => Strings::normaliseLink($tag["url"]), 'uid' => $uid, 'notify_new_posts' => true]; $r = DBA::exists('contact', $condition); if ($r) { $send_notification = true; diff --git a/include/items.php b/include/items.php index 9929f535f..adc5bf013 100644 --- a/include/items.php +++ b/include/items.php @@ -21,6 +21,7 @@ use Friendica\Protocol\OStatus; use Friendica\Util\DateTimeFormat; use Friendica\Util\Network; use Friendica\Util\ParseUrl; +use Friendica\Util\Strings; use Friendica\Util\Temporal; require_once 'include/text.php'; @@ -308,7 +309,7 @@ function subscribe_to_hub($url, array $importer, array $contact, $hubmode = 'sub $push_url = System::baseUrl() . '/pubsub/' . $user['nickname'] . '/' . $contact['id']; // Use a single verify token, even if multiple hubs - $verify_token = ((strlen($contact['hub-verify'])) ? $contact['hub-verify'] : random_string()); + $verify_token = ((strlen($contact['hub-verify'])) ? $contact['hub-verify'] : Strings::getRandomHex()); $params= 'hub.mode=' . $hubmode . '&hub.callback=' . urlencode($push_url) . '&hub.topic=' . urlencode($contact['poll']) . '&hub.verify=async&hub.verify_token=' . $verify_token; diff --git a/include/text.php b/include/text.php index 876cdbdb8..ee83345c0 100644 --- a/include/text.php +++ b/include/text.php @@ -26,144 +26,12 @@ use Friendica\Util\Proxy as ProxyUtils; use Friendica\Core\Logger; use Friendica\Core\Renderer; use Friendica\Model\FileTag; +use Friendica\Util\Strings; use Friendica\Util\XML; use Friendica\Content\Text\HTML; require_once "include/conversation.php"; -/** - * @brief Generates a pseudo-random string of hexadecimal characters - * - * @param int $size - * @return string - */ -function random_string($size = 64) -{ - $byte_size = ceil($size / 2); - - $bytes = random_bytes($byte_size); - - $return = substr(bin2hex($bytes), 0, $size); - - return $return; -} - -/** - * This is our primary input filter. - * - * The high bit hack only involved some old IE browser, forget which (IE5/Mac?) - * that had an XSS attack vector due to stripping the high-bit on an 8-bit character - * after cleansing, and angle chars with the high bit set could get through as markup. - * - * This is now disabled because it was interfering with some legitimate unicode sequences - * and hopefully there aren't a lot of those browsers left. - * - * Use this on any text input where angle chars are not valid or permitted - * They will be replaced with safer brackets. This may be filtered further - * if these are not allowed either. - * - * @param string $string Input string - * @return string Filtered string - */ -function notags($string) { - return str_replace(["<", ">"], ['[', ']'], $string); - -// High-bit filter no longer used -// return str_replace(array("<",">","\xBA","\xBC","\xBE"), array('[',']','','',''), $string); -} - - -/** - * use this on "body" or "content" input where angle chars shouldn't be removed, - * and allow them to be safely displayed. - * @param string $string - * @return string - */ -function escape_tags($string) { - return htmlspecialchars($string, ENT_COMPAT, 'UTF-8', false); -} - - -/** - * generate a string that's random, but usually pronounceable. - * used to generate initial passwords - * @param int $len - * @return string - */ -function autoname($len) { - - if ($len <= 0) { - return ''; - } - - $vowels = ['a','a','ai','au','e','e','e','ee','ea','i','ie','o','ou','u']; - if (mt_rand(0, 5) == 4) { - $vowels[] = 'y'; - } - - $cons = [ - 'b','bl','br', - 'c','ch','cl','cr', - 'd','dr', - 'f','fl','fr', - 'g','gh','gl','gr', - 'h', - 'j', - 'k','kh','kl','kr', - 'l', - 'm', - 'n', - 'p','ph','pl','pr', - 'qu', - 'r','rh', - 's','sc','sh','sm','sp','st', - 't','th','tr', - 'v', - 'w','wh', - 'x', - 'z','zh' - ]; - - $midcons = ['ck','ct','gn','ld','lf','lm','lt','mb','mm', 'mn','mp', - 'nd','ng','nk','nt','rn','rp','rt']; - - $noend = ['bl', 'br', 'cl','cr','dr','fl','fr','gl','gr', - 'kh', 'kl','kr','mn','pl','pr','rh','tr','qu','wh','q']; - - $start = mt_rand(0,2); - if ($start == 0) { - $table = $vowels; - } else { - $table = $cons; - } - - $word = ''; - - for ($x = 0; $x < $len; $x ++) { - $r = mt_rand(0,count($table) - 1); - $word .= $table[$r]; - - if ($table == $vowels) { - $table = array_merge($cons,$midcons); - } else { - $table = $vowels; - } - - } - - $word = substr($word,0,$len); - - foreach ($noend as $noe) { - $noelen = strlen($noe); - if ((strlen($word) > $noelen) && (substr($word, -$noelen) == $noe)) { - $word = autoname($len); - break; - } - } - - return $word; -} - /** * Turn user/group ACLs stored as angle bracketed text into arrays * @@ -194,7 +62,7 @@ function expand_acl($s) { */ function sanitise_acl(&$item) { if (intval($item)) { - $item = '<' . intval(notags(trim($item))) . '>'; + $item = '<' . intval(Strings::escapeTags(trim($item))) . '>'; } else { unset($item); } @@ -255,78 +123,6 @@ function activity_match($haystack,$needle) { return (($haystack === $needle) || ((basename($needle) === $haystack) && strstr($needle, NAMESPACE_ACTIVITY_SCHEMA))); } - -/** - * @brief Pull out all #hashtags and @person tags from $string. - * - * We also get @person@domain.com - which would make - * the regex quite complicated as tags can also - * end a sentence. So we'll run through our results - * and strip the period from any tags which end with one. - * Returns array of tags found, or empty array. - * - * @param string $string Post content - * @return array List of tag and person names - */ -function get_tags($string) { - $ret = []; - - // Convert hashtag links to hashtags - $string = preg_replace('/#\[url\=([^\[\]]*)\](.*?)\[\/url\]/ism', '#$2', $string); - - // ignore anything in a code block - $string = preg_replace('/\[code\](.*?)\[\/code\]/sm', '', $string); - - // Force line feeds at bbtags - $string = str_replace(['[', ']'], ["\n[", "]\n"], $string); - - // ignore anything in a bbtag - $string = preg_replace('/\[(.*?)\]/sm', '', $string); - - // Match full names against @tags including the space between first and last - // We will look these up afterward to see if they are full names or not recognisable. - - if (preg_match_all('/(@[^ \x0D\x0A,:?]+ [^ \x0D\x0A@,:?]+)([ \x0D\x0A@,:?]|$)/', $string, $matches)) { - foreach ($matches[1] as $match) { - if (strstr($match, ']')) { - // we might be inside a bbcode color tag - leave it alone - continue; - } - if (substr($match, -1, 1) === '.') { - $ret[] = substr($match, 0, -1); - } else { - $ret[] = $match; - } - } - } - - // Otherwise pull out single word tags. These can be @nickname, @first_last - // and #hash tags. - - if (preg_match_all('/([!#@][^\^ \x0D\x0A,;:?]+)([ \x0D\x0A,;:?]|$)/', $string, $matches)) { - foreach ($matches[1] as $match) { - if (strstr($match, ']')) { - // we might be inside a bbcode color tag - leave it alone - continue; - } - if (substr($match, -1, 1) === '.') { - $match = substr($match,0,-1); - } - // ignore strictly numeric tags like #1 - if ((strpos($match, '#') === 0) && ctype_digit(substr($match, 1))) { - continue; - } - // try not to catch url fragments - if (strpos($string, $match) && preg_match('/[a-zA-z0-9\/]/', substr($string, strpos($string, $match) - 1, 1))) { - continue; - } - $ret[] = $match; - } - } - return $ret; -} - - /** * quick and dirty quoted_printable encoding * @@ -337,45 +133,6 @@ function qp($s) { return str_replace("%", "=", rawurlencode($s)); } -/** - * @brief Check for a valid email string - * - * @param string $email_address - * @return boolean - */ -function valid_email($email_address) -{ - return preg_match('/^[_a-zA-Z0-9\-\+]+(\.[_a-zA-Z0-9\-\+]+)*@[a-zA-Z0-9-]+(\.[a-zA-Z0-9-]+)+$/', $email_address); -} - -/** - * Normalize url - * - * @param string $url - * @return string - */ -function normalise_link($url) { - $ret = str_replace(['https:', '//www.'], ['http:', '//'], $url); - return rtrim($ret,'/'); -} - - -/** - * Compare two URLs to see if they are the same, but ignore - * slight but hopefully insignificant differences such as if one - * is https and the other isn't, or if one is www.something and - * the other isn't - and also ignore case differences. - * - * @param string $a first url - * @param string $b second url - * @return boolean True if the URLs match, otherwise False - * - */ -function link_compare($a, $b) { - return (strcasecmp(normalise_link($a), normalise_link($b)) === 0); -} - - /** * @brief Find any non-embedded images in private items and add redir links to them * @@ -507,53 +264,6 @@ function return_bytes($size_str) { } } -/** - * @param string $s - * @param boolean $strip_padding - * @return string - */ -function base64url_encode($s, $strip_padding = false) { - - $s = strtr(base64_encode($s), '+/', '-_'); - - if ($strip_padding) { - $s = str_replace('=','',$s); - } - - return $s; -} - -/** - * @param string $s - * @return string - */ -function base64url_decode($s) { - - if (is_array($s)) { - Logger::log('base64url_decode: illegal input: ' . print_r(debug_backtrace(), true)); - return $s; - } - -/* - * // Placeholder for new rev of salmon which strips base64 padding. - * // PHP base64_decode handles the un-padded input without requiring this step - * // Uncomment if you find you need it. - * - * $l = strlen($s); - * if (!strpos($s,'=')) { - * $m = $l % 4; - * if ($m == 2) - * $s .= '=='; - * if ($m == 3) - * $s .= '='; - * } - * - */ - - return base64_decode(strtr($s,'-_','+/')); -} - - function bb_translate_video($s) { $matches = null; @@ -570,11 +280,6 @@ function bb_translate_video($s) { return $s; } -function normalise_openid($s) { - return trim(str_replace(['http://', 'https://'], ['', ''], $s), '/'); -} - - function undo_post_tagging($s) { $matches = null; $cnt = preg_match_all('/([!#@])\[url=(.*?)\](.*?)\[\/url\]/ism', $s, $matches, PREG_SET_ORDER); @@ -590,10 +295,6 @@ function undo_post_tagging($s) { return $s; } -function protect_sprintf($s) { - return str_replace('%', '%%', $s); -} - /// @TODO Rewrite this function is_a_date_arg($s) { $i = intval($s); @@ -612,59 +313,3 @@ function is_a_date_arg($s) { return false; } - -/** - * remove intentation from a text - */ -function deindent($text, $chr = "[\t ]", $count = NULL) { - $lines = explode("\n", $text); - - if (is_null($count)) { - $m = []; - $k = 0; - while ($k < count($lines) && strlen($lines[$k]) == 0) { - $k++; - } - preg_match("|^" . $chr . "*|", $lines[$k], $m); - $count = strlen($m[0]); - } - - for ($k = 0; $k < count($lines); $k++) { - $lines[$k] = preg_replace("|^" . $chr . "{" . $count . "}|", "", $lines[$k]); - } - - return implode("\n", $lines); -} - -function formatBytes($bytes, $precision = 2) { - $units = ['B', 'KB', 'MB', 'GB', 'TB']; - - $bytes = max($bytes, 0); - $pow = floor(($bytes ? log($bytes) : 0) / log(1024)); - $pow = min($pow, count($units) - 1); - - $bytes /= pow(1024, $pow); - - return round($bytes, $precision) . ' ' . $units[$pow]; -} - -/** - * @brief translate and format the networkname of a contact - * - * @param string $network - * Networkname of the contact (e.g. dfrn, rss and so on) - * @param sting $url - * The contact url - * @return string - */ -function format_network_name($network, $url = 0) { - if ($network != "") { - if ($url != "") { - $network_name = ''.ContactSelector::networkToName($network, $url).""; - } else { - $network_name = ContactSelector::networkToName($network); - } - - return $network_name; - } -} diff --git a/mod/acl.php b/mod/acl.php index a63cd83ae..cb378dc27 100644 --- a/mod/acl.php +++ b/mod/acl.php @@ -12,6 +12,7 @@ use Friendica\Database\DBA; use Friendica\Model\Contact; use Friendica\Model\Item; use Friendica\Util\Proxy as ProxyUtils; +use Friendica\Util\Strings; require_once 'include/dba.php'; @@ -188,7 +189,7 @@ function acl_content(App $a) ); } elseif ($type == 'x') { // autocomplete for global contact search (e.g. navbar search) - $search = notags(trim($_REQUEST['search'])); + $search = Strings::escapeTags(trim($_REQUEST['search'])); $mode = $_REQUEST['smode']; $r = ACL::contactAutocomplete($search, $mode); diff --git a/mod/admin.php b/mod/admin.php index 272b97a88..5adc8e9c4 100644 --- a/mod/admin.php +++ b/mod/admin.php @@ -30,6 +30,7 @@ use Friendica\Module\Tos; use Friendica\Util\Arrays; use Friendica\Util\DateTimeFormat; use Friendica\Util\Network; +use Friendica\Util\Strings; use Friendica\Util\Temporal; require_once 'include/enotify.php'; @@ -416,8 +417,8 @@ function admin_page_blocklist_post(App $a) // Add new item to blocklist $blocklist = Config::get('system', 'blocklist'); $blocklist[] = [ - 'domain' => notags(trim($_POST['newentry_domain'])), - 'reason' => notags(trim($_POST['newentry_reason'])) + 'domain' => Strings::escapeTags(trim($_POST['newentry_domain'])), + 'reason' => Strings::escapeTags(trim($_POST['newentry_reason'])) ]; Config::set('system', 'blocklist', $blocklist); info(L10n::t('Server added to blocklist.') . EOL); @@ -426,8 +427,8 @@ function admin_page_blocklist_post(App $a) $blocklist = []; foreach ($_POST['domain'] as $id => $domain) { // Trimming whitespaces as well as any lingering slashes - $domain = notags(trim($domain, "\x00..\x1F/")); - $reason = notags(trim($_POST['reason'][$id])); + $domain = Strings::escapeTags(trim($domain, "\x00..\x1F/")); + $reason = Strings::escapeTags(trim($_POST['reason'][$id])); if (!x($_POST['delete'][$id])) { $blocklist[] = [ 'domain' => $domain, @@ -565,7 +566,7 @@ function admin_page_deleteitem_post(App $a) BaseModule::checkFormSecurityTokenRedirectOnError('/admin/deleteitem/', 'admin_deleteitem'); if (x($_POST['page_deleteitem_submit'])) { - $guid = trim(notags($_POST['deleteitemguid'])); + $guid = trim(Strings::escapeTags($_POST['deleteitemguid'])); // The GUID should not include a "/", so if there is one, we got an URL // and the last part of it is most likely the GUID. if (strpos($guid, '/')) { @@ -996,8 +997,8 @@ function admin_page_site_post(App $a) $old_url = $a->getBaseURL(true); // Generate host names for relocation the addresses in the format user@address.tld - $new_host = str_replace("http://", "@", normalise_link($new_url)); - $old_host = str_replace("http://", "@", normalise_link($old_url)); + $new_host = str_replace("http://", "@", Strings::normaliseLink($new_url)); + $old_host = str_replace("http://", "@", Strings::normaliseLink($old_url)); function update_table(App $a, $table_name, $fields, $old_url, $new_url) { @@ -1048,16 +1049,16 @@ function admin_page_site_post(App $a) } // end relocate - $sitename = ((x($_POST,'sitename')) ? notags(trim($_POST['sitename'])) : ''); - $hostname = ((x($_POST,'hostname')) ? notags(trim($_POST['hostname'])) : ''); - $sender_email = ((x($_POST,'sender_email')) ? notags(trim($_POST['sender_email'])) : ''); + $sitename = ((x($_POST,'sitename')) ? Strings::escapeTags(trim($_POST['sitename'])) : ''); + $hostname = ((x($_POST,'hostname')) ? Strings::escapeTags(trim($_POST['hostname'])) : ''); + $sender_email = ((x($_POST,'sender_email')) ? Strings::escapeTags(trim($_POST['sender_email'])) : ''); $banner = ((x($_POST,'banner')) ? trim($_POST['banner']) : false); - $shortcut_icon = ((x($_POST,'shortcut_icon')) ? notags(trim($_POST['shortcut_icon'])) : ''); - $touch_icon = ((x($_POST,'touch_icon')) ? notags(trim($_POST['touch_icon'])) : ''); + $shortcut_icon = ((x($_POST,'shortcut_icon')) ? Strings::escapeTags(trim($_POST['shortcut_icon'])) : ''); + $touch_icon = ((x($_POST,'touch_icon')) ? Strings::escapeTags(trim($_POST['touch_icon'])) : ''); $info = ((x($_POST,'info')) ? trim($_POST['info']) : false); - $language = ((x($_POST,'language')) ? notags(trim($_POST['language'])) : ''); - $theme = ((x($_POST,'theme')) ? notags(trim($_POST['theme'])) : ''); - $theme_mobile = ((x($_POST,'theme_mobile')) ? notags(trim($_POST['theme_mobile'])) : ''); + $language = ((x($_POST,'language')) ? Strings::escapeTags(trim($_POST['language'])) : ''); + $theme = ((x($_POST,'theme')) ? Strings::escapeTags(trim($_POST['theme'])) : ''); + $theme_mobile = ((x($_POST,'theme_mobile')) ? Strings::escapeTags(trim($_POST['theme_mobile'])) : ''); $maximagesize = ((x($_POST,'maximagesize')) ? intval(trim($_POST['maximagesize'])) : 0); $maximagelength = ((x($_POST,'maximagelength')) ? intval(trim($_POST['maximagelength'])) : MAX_IMAGE_LENGTH); $jpegimagequality = ((x($_POST,'jpegimagequality')) ? intval(trim($_POST['jpegimagequality'])) : JPEG_QUALITY); @@ -1069,14 +1070,14 @@ function admin_page_site_post(App $a) $register_text = ((x($_POST,'register_text')) ? strip_tags(trim($_POST['register_text'])) : ''); - $allowed_sites = ((x($_POST,'allowed_sites')) ? notags(trim($_POST['allowed_sites'])) : ''); - $allowed_email = ((x($_POST,'allowed_email')) ? notags(trim($_POST['allowed_email'])) : ''); - $forbidden_nicknames = ((x($_POST,'forbidden_nicknames')) ? strtolower(notags(trim($_POST['forbidden_nicknames']))) : ''); + $allowed_sites = ((x($_POST,'allowed_sites')) ? Strings::escapeTags(trim($_POST['allowed_sites'])) : ''); + $allowed_email = ((x($_POST,'allowed_email')) ? Strings::escapeTags(trim($_POST['allowed_email'])) : ''); + $forbidden_nicknames = ((x($_POST,'forbidden_nicknames')) ? strtolower(Strings::escapeTags(trim($_POST['forbidden_nicknames']))) : ''); $no_oembed_rich_content = x($_POST,'no_oembed_rich_content'); - $allowed_oembed = ((x($_POST,'allowed_oembed')) ? notags(trim($_POST['allowed_oembed'])) : ''); + $allowed_oembed = ((x($_POST,'allowed_oembed')) ? Strings::escapeTags(trim($_POST['allowed_oembed'])) : ''); $block_public = ((x($_POST,'block_public')) ? True : False); $force_publish = ((x($_POST,'publish_all')) ? True : False); - $global_directory = ((x($_POST,'directory')) ? notags(trim($_POST['directory'])) : ''); + $global_directory = ((x($_POST,'directory')) ? Strings::escapeTags(trim($_POST['directory'])) : ''); $newuser_private = ((x($_POST,'newuser_private')) ? True : False); $enotify_no_content = ((x($_POST,'enotify_no_content')) ? True : False); $private_addons = ((x($_POST,'private_addons')) ? True : False); @@ -1091,8 +1092,8 @@ function admin_page_site_post(App $a) $max_author_posts_community_page = ((x($_POST,'max_author_posts_community_page')) ? intval(trim($_POST['max_author_posts_community_page'])) : 0); $verifyssl = ((x($_POST,'verifyssl')) ? True : False); - $proxyuser = ((x($_POST,'proxyuser')) ? notags(trim($_POST['proxyuser'])) : ''); - $proxy = ((x($_POST,'proxy')) ? notags(trim($_POST['proxy'])) : ''); + $proxyuser = ((x($_POST,'proxyuser')) ? Strings::escapeTags(trim($_POST['proxyuser'])) : ''); + $proxy = ((x($_POST,'proxy')) ? Strings::escapeTags(trim($_POST['proxy'])) : ''); $timeout = ((x($_POST,'timeout')) ? intval(trim($_POST['timeout'])) : 60); $maxloadavg = ((x($_POST,'maxloadavg')) ? intval(trim($_POST['maxloadavg'])) : 50); $maxloadavg_frontend = ((x($_POST,'maxloadavg_frontend')) ? intval(trim($_POST['maxloadavg_frontend'])) : 50); @@ -1116,16 +1117,16 @@ function admin_page_site_post(App $a) $dbclean_expire_days = ((x($_POST,'dbclean_expire_days')) ? intval($_POST['dbclean_expire_days']) : 0); $dbclean_unclaimed = ((x($_POST,'dbclean_unclaimed')) ? intval($_POST['dbclean_unclaimed']) : 0); $suppress_tags = ((x($_POST,'suppress_tags')) ? True : False); - $itemcache = ((x($_POST,'itemcache')) ? notags(trim($_POST['itemcache'])) : ''); + $itemcache = ((x($_POST,'itemcache')) ? Strings::escapeTags(trim($_POST['itemcache'])) : ''); $itemcache_duration = ((x($_POST,'itemcache_duration')) ? intval($_POST['itemcache_duration']) : 0); $max_comments = ((x($_POST,'max_comments')) ? intval($_POST['max_comments']) : 0); - $temppath = ((x($_POST,'temppath')) ? notags(trim($_POST['temppath'])) : ''); - $basepath = ((x($_POST,'basepath')) ? notags(trim($_POST['basepath'])) : ''); - $singleuser = ((x($_POST,'singleuser')) ? notags(trim($_POST['singleuser'])) : ''); + $temppath = ((x($_POST,'temppath')) ? Strings::escapeTags(trim($_POST['temppath'])) : ''); + $basepath = ((x($_POST,'basepath')) ? Strings::escapeTags(trim($_POST['basepath'])) : ''); + $singleuser = ((x($_POST,'singleuser')) ? Strings::escapeTags(trim($_POST['singleuser'])) : ''); $proxy_disabled = ((x($_POST,'proxy_disabled')) ? True : False); $only_tag_search = ((x($_POST,'only_tag_search')) ? True : False); $rino = ((x($_POST,'rino')) ? intval($_POST['rino']) : 0); - $check_new_version_url = ((x($_POST, 'check_new_version_url')) ? notags(trim($_POST['check_new_version_url'])) : 'none'); + $check_new_version_url = ((x($_POST, 'check_new_version_url')) ? Strings::escapeTags(trim($_POST['check_new_version_url'])) : 'none'); $worker_queues = ((x($_POST,'worker_queues')) ? intval($_POST['worker_queues']) : 10); $worker_dont_fork = ((x($_POST,'worker_dont_fork')) ? True : False); @@ -1133,10 +1134,10 @@ function admin_page_site_post(App $a) $worker_frontend = ((x($_POST,'worker_frontend')) ? True : False); $relay_directly = ((x($_POST,'relay_directly')) ? True : False); - $relay_server = ((x($_POST,'relay_server')) ? notags(trim($_POST['relay_server'])) : ''); + $relay_server = ((x($_POST,'relay_server')) ? Strings::escapeTags(trim($_POST['relay_server'])) : ''); $relay_subscribe = ((x($_POST,'relay_subscribe')) ? True : False); - $relay_scope = ((x($_POST,'relay_scope')) ? notags(trim($_POST['relay_scope'])) : ''); - $relay_server_tags = ((x($_POST,'relay_server_tags')) ? notags(trim($_POST['relay_server_tags'])) : ''); + $relay_scope = ((x($_POST,'relay_scope')) ? Strings::escapeTags(trim($_POST['relay_scope'])) : ''); + $relay_server_tags = ((x($_POST,'relay_server_tags')) ? Strings::escapeTags(trim($_POST['relay_server_tags'])) : ''); $relay_user_tags = ((x($_POST,'relay_user_tags')) ? True : False); // Has the directory url changed? If yes, then resubmit the existing profiles there @@ -1695,10 +1696,10 @@ function admin_page_users_post(App $a) } $user = $result['user']; - $preamble = deindent(L10n::t(' + $preamble = Strings::deindent(L10n::t(' Dear %1$s, the administrator of %2$s has set up an account for you.')); - $body = deindent(L10n::t(' + $body = Strings::deindent(L10n::t(' The login details are as follows: Site Location: %1$s @@ -2370,7 +2371,7 @@ function admin_page_logs_post(App $a) if (x($_POST, "page_logs")) { BaseModule::checkFormSecurityTokenRedirectOnError('/admin/logs', 'admin_logs'); - $logfile = ((x($_POST,'logfile')) ? notags(trim($_POST['logfile'])) : ''); + $logfile = ((x($_POST,'logfile')) ? Strings::escapeTags(trim($_POST['logfile'])) : ''); $debugging = ((x($_POST,'debugging')) ? true : false); $loglevel = ((x($_POST,'loglevel')) ? intval(trim($_POST['loglevel'])) : 0); @@ -2477,9 +2478,9 @@ function admin_page_viewlogs(App $a) } $seek = fseek($fp, 0 - $size, SEEK_END); if ($seek === 0) { - $data = escape_tags(fread($fp, $size)); + $data = Strings::escapeHtml(fread($fp, $size)); while (!feof($fp)) { - $data .= escape_tags(fread($fp, 4096)); + $data .= Strings::escapeHtml(fread($fp, 4096)); } } } diff --git a/mod/bookmarklet.php b/mod/bookmarklet.php index e1ae9aa64..d9c2f52f8 100644 --- a/mod/bookmarklet.php +++ b/mod/bookmarklet.php @@ -9,6 +9,7 @@ use Friendica\Core\Config; use Friendica\Core\L10n; use Friendica\Core\System; use Friendica\Module\Login; +use Friendica\Util\Strings; require_once 'include/conversation.php'; require_once 'include/items.php'; @@ -26,8 +27,8 @@ function bookmarklet_content(App $a) return $o; } - $referer = normalise_link(defaults($_SERVER, 'HTTP_REFERER', '')); - $page = normalise_link(System::baseUrl() . "/bookmarklet"); + $referer = Strings::normaliseLink(defaults($_SERVER, 'HTTP_REFERER', '')); + $page = Strings::normaliseLink(System::baseUrl() . "/bookmarklet"); if (!strstr($referer, $page)) { if (empty($_REQUEST["url"])) { diff --git a/mod/common.php b/mod/common.php index 0f9bc096a..b335e296d 100644 --- a/mod/common.php +++ b/mod/common.php @@ -12,7 +12,7 @@ use Friendica\Database\DBA; use Friendica\Model; use Friendica\Module; use Friendica\Util\Proxy as ProxyUtils; - +use Friendica\Util\Strings; require_once 'include/dba.php'; @@ -67,11 +67,11 @@ function common_content(App $a) } if (!$cid && Model\Profile::getMyURL()) { - $contact = DBA::selectFirst('contact', ['id'], ['nurl' => normalise_link(Model\Profile::getMyURL()), 'uid' => $uid]); + $contact = DBA::selectFirst('contact', ['id'], ['nurl' => Strings::normaliseLink(Model\Profile::getMyURL()), 'uid' => $uid]); if (DBA::isResult($contact)) { $cid = $contact['id']; } else { - $gcontact = DBA::selectFirst('gcontact', ['id'], ['nurl' => normalise_link(Model\Profile::getMyURL())]); + $gcontact = DBA::selectFirst('gcontact', ['id'], ['nurl' => Strings::normaliseLink(Model\Profile::getMyURL())]); if (DBA::isResult($gcontact)) { $zcid = $gcontact['id']; } diff --git a/mod/crepair.php b/mod/crepair.php index 330831559..f9ba281d1 100644 --- a/mod/crepair.php +++ b/mod/crepair.php @@ -12,6 +12,7 @@ use Friendica\Core\Renderer; use Friendica\Database\DBA; use Friendica\Model; use Friendica\Module; +use Friendica\Util\Strings; function crepair_init(App $a) { @@ -61,7 +62,7 @@ function crepair_post(App $a) $attag = defaults($_POST, 'attag' , ''); $photo = defaults($_POST, 'photo' , ''); $remote_self = defaults($_POST, 'remote_self', false); - $nurl = normalise_link($url); + $nurl = Strings::normaliseLink($url); $r = q("UPDATE `contact` SET `name` = '%s', `nick` = '%s', `url` = '%s', `nurl` = '%s', `request` = '%s', `confirm` = '%s', `notify` = '%s', `poll` = '%s', `attag` = '%s' , `remote_self` = %d WHERE `id` = %d AND `uid` = %d", diff --git a/mod/delegate.php b/mod/delegate.php index 116245812..c8987ab57 100644 --- a/mod/delegate.php +++ b/mod/delegate.php @@ -12,6 +12,7 @@ use Friendica\Core\System; use Friendica\Database\DBA; use Friendica\Model\User; use Friendica\Util\Security; +use Friendica\Util\Strings; require_once 'mod/settings.php'; @@ -72,7 +73,7 @@ function delegate_content(App $a) if (DBA::isResult($user)) { $condition = [ 'uid' => local_user(), - 'nurl' => normalise_link(System::baseUrl() . '/profile/' . $user['nickname']) + 'nurl' => Strings::normaliseLink(System::baseUrl() . '/profile/' . $user['nickname']) ]; if (DBA::exists('contact', $condition)) { DBA::insert('manage', ['uid' => $user_id, 'mid' => local_user()]); @@ -114,7 +115,7 @@ function delegate_content(App $a) AND SUBSTRING_INDEX(`nurl`, '/', 3) = '%s' AND `uid` = %d AND `network` = '%s' ", - DBA::escape(normalise_link(System::baseUrl())), + DBA::escape(Strings::normaliseLink(System::baseUrl())), intval(local_user()), DBA::escape(Protocol::DFRN) ); diff --git a/mod/dfrn_confirm.php b/mod/dfrn_confirm.php index 0f001b11a..48c8e32e5 100644 --- a/mod/dfrn_confirm.php +++ b/mod/dfrn_confirm.php @@ -33,6 +33,7 @@ use Friendica\Protocol\ActivityPub; use Friendica\Util\Crypto; use Friendica\Util\DateTimeFormat; use Friendica\Util\Network; +use Friendica\Util\Strings; use Friendica\Util\XML; require_once 'include/enotify.php'; @@ -84,7 +85,7 @@ function dfrn_confirm_post(App $a, $handsfree = null) $cid = 0; $hidden = intval(defaults($handsfree, 'hidden' , 0)); } else { - $dfrn_id = notags(trim(defaults($_POST, 'dfrn_id' , ''))); + $dfrn_id = Strings::escapeTags(trim(defaults($_POST, 'dfrn_id' , ''))); $intro_id = intval(defaults($_POST, 'intro_id' , 0)); $duplex = intval(defaults($_POST, 'duplex' , 0)); $cid = intval(defaults($_POST, 'contact_id', 0)); @@ -263,7 +264,7 @@ function dfrn_confirm_post(App $a, $handsfree = null) break; case 1: // birthday paradox - generate new dfrn-id and fall through. - $new_dfrn_id = random_string(); + $new_dfrn_id = Strings::getRandomHex(); q("UPDATE contact SET `issued-id` = '%s' WHERE `id` = %d AND `uid` = %d", DBA::escape($new_dfrn_id), intval($contact_id), diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php index b14c71fb8..63f53e060 100644 --- a/mod/dfrn_notify.php +++ b/mod/dfrn_notify.php @@ -14,6 +14,7 @@ use Friendica\Database\DBA; use Friendica\Model\Contact; use Friendica\Protocol\DFRN; use Friendica\Protocol\Diaspora; +use Friendica\Util\Strings; require_once 'include/items.php'; @@ -38,15 +39,15 @@ function dfrn_notify_post(App $a) { } } - $dfrn_id = ((x($_POST,'dfrn_id')) ? notags(trim($_POST['dfrn_id'])) : ''); + $dfrn_id = ((x($_POST,'dfrn_id')) ? Strings::escapeTags(trim($_POST['dfrn_id'])) : ''); $dfrn_version = ((x($_POST,'dfrn_version')) ? (float) $_POST['dfrn_version'] : 2.0); - $challenge = ((x($_POST,'challenge')) ? notags(trim($_POST['challenge'])) : ''); + $challenge = ((x($_POST,'challenge')) ? Strings::escapeTags(trim($_POST['challenge'])) : ''); $data = ((x($_POST,'data')) ? $_POST['data'] : ''); $key = ((x($_POST,'key')) ? $_POST['key'] : ''); $rino_remote = ((x($_POST,'rino')) ? intval($_POST['rino']) : 0); $dissolve = ((x($_POST,'dissolve')) ? intval($_POST['dissolve']) : 0); - $perm = ((x($_POST,'perm')) ? notags(trim($_POST['perm'])) : 'r'); - $ssl_policy = ((x($_POST,'ssl_policy')) ? notags(trim($_POST['ssl_policy'])): 'none'); + $perm = ((x($_POST,'perm')) ? Strings::escapeTags(trim($_POST['perm'])) : 'r'); + $ssl_policy = ((x($_POST,'ssl_policy')) ? Strings::escapeTags(trim($_POST['ssl_policy'])): 'none'); $page = ((x($_POST,'page')) ? intval($_POST['page']) : 0); $forum = (($page == 1) ? 1 : 0); @@ -253,7 +254,7 @@ function dfrn_notify_content(App $a) { * If this is a duplex communication, ours will be the opposite. */ - $dfrn_id = notags(trim($_GET['dfrn_id'])); + $dfrn_id = Strings::escapeTags(trim($_GET['dfrn_id'])); $dfrn_version = (float) $_GET['dfrn_version']; $rino_remote = ((x($_GET,'rino')) ? intval($_GET['rino']) : 0); $type = ""; @@ -267,7 +268,7 @@ function dfrn_notify_content(App $a) { $dfrn_id = substr($dfrn_id,2); } - $hash = random_string(); + $hash = Strings::getRandomHex(); $status = 0; diff --git a/mod/dfrn_poll.php b/mod/dfrn_poll.php index a961506d1..9cd110917 100644 --- a/mod/dfrn_poll.php +++ b/mod/dfrn_poll.php @@ -14,6 +14,7 @@ use Friendica\Module\Login; use Friendica\Protocol\DFRN; use Friendica\Protocol\OStatus; use Friendica\Util\Network; +use Friendica\Util\Strings; use Friendica\Util\XML; require_once 'include/items.php'; @@ -415,7 +416,7 @@ function dfrn_poll_content(App $a) if ($dfrn_id != '') { // initial communication from external contact - $hash = random_string(); + $hash = Strings::getRandomHex(); $status = 0; diff --git a/mod/dfrn_request.php b/mod/dfrn_request.php index fdb1a42ee..26d7efda5 100644 --- a/mod/dfrn_request.php +++ b/mod/dfrn_request.php @@ -28,6 +28,7 @@ use Friendica\Module\Login; use Friendica\Network\Probe; use Friendica\Util\DateTimeFormat; use Friendica\Util\Network; +use Friendica\Util\Strings; require_once 'include/enotify.php'; @@ -75,7 +76,7 @@ function dfrn_request_post(App $a) if ((x($_POST, 'localconfirm')) && ($_POST['localconfirm'] == 1)) { // Ensure this is a valid request if (local_user() && ($a->user['nickname'] == $a->argv[1]) && (x($_POST, 'dfrn_url'))) { - $dfrn_url = notags(trim($_POST['dfrn_url'])); + $dfrn_url = Strings::escapeTags(trim($_POST['dfrn_url'])); $aes_allow = (((x($_POST, 'aes_allow')) && ($_POST['aes_allow'] == 1)) ? 1 : 0); $confirm_key = ((x($_POST, 'confirm_key')) ? $_POST['confirm_key'] : ""); $hidden = ((x($_POST, 'hidden-contact')) ? intval($_POST['hidden-contact']) : 0); @@ -87,7 +88,7 @@ function dfrn_request_post(App $a) // Lookup the contact based on their URL (which is the only unique thing we have at the moment) $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `nurl` = '%s' AND NOT `self` LIMIT 1", intval(local_user()), - DBA::escape(normalise_link($dfrn_url)) + DBA::escape(Strings::normaliseLink($dfrn_url)) ); if (DBA::isResult($r)) { @@ -141,7 +142,7 @@ function dfrn_request_post(App $a) intval(local_user()), DateTimeFormat::utcNow(), DBA::escape($dfrn_url), - DBA::escape(normalise_link($dfrn_url)), + DBA::escape(Strings::normaliseLink($dfrn_url)), $parms['addr'], $parms['fn'], $parms['nick'], @@ -269,7 +270,7 @@ function dfrn_request_post(App $a) } } - $real_name = x($_POST, 'realname') ? notags(trim($_POST['realname'])) : ''; + $real_name = x($_POST, 'realname') ? Strings::escapeTags(trim($_POST['realname'])) : ''; $url = trim($_POST['dfrn_url']); if (!strlen($url)) { @@ -320,7 +321,7 @@ function dfrn_request_post(App $a) } } - $issued_id = random_string(); + $issued_id = Strings::getRandomHex(); if (is_array($contact_record)) { // There is a contact record but no issued-id, so this @@ -380,7 +381,7 @@ function dfrn_request_post(App $a) intval($uid), DBA::escape(DateTimeFormat::utcNow()), $parms['url'], - DBA::escape(normalise_link($url)), + DBA::escape(Strings::normaliseLink($url)), $parms['addr'], $parms['fn'], $parms['nick'], @@ -415,7 +416,7 @@ function dfrn_request_post(App $a) return; } - $hash = random_string() . (string) time(); // Generate a confirm_key + $hash = Strings::getRandomHex() . (string) time(); // Generate a confirm_key if (is_array($contact_record)) { $ret = q("INSERT INTO `intro` ( `uid`, `contact-id`, `blocked`, `knowyou`, `note`, `hash`, `datetime`) @@ -423,7 +424,7 @@ function dfrn_request_post(App $a) intval($uid), intval($contact_record['id']), ((x($_POST,'knowyou') && ($_POST['knowyou'] == 1)) ? 1 : 0), - DBA::escape(notags(trim(defaults($_POST, 'dfrn-request-message', '')))), + DBA::escape(Strings::escapeTags(trim(defaults($_POST, 'dfrn-request-message', '')))), DBA::escape($hash), DBA::escape(DateTimeFormat::utcNow()) ); @@ -497,12 +498,12 @@ function dfrn_request_content(App $a) return Login::form(); } - $dfrn_url = notags(trim(hex2bin($_GET['dfrn_url']))); + $dfrn_url = Strings::escapeTags(trim(hex2bin($_GET['dfrn_url']))); $aes_allow = x($_GET, 'aes_allow') && $_GET['aes_allow'] == 1 ? 1 : 0; $confirm_key = x($_GET, 'confirm_key') ? $_GET['confirm_key'] : ""; // Checking fastlane for validity - if (x($_SESSION, "fastlane") && (normalise_link($_SESSION["fastlane"]) == normalise_link($dfrn_url))) { + if (x($_SESSION, "fastlane") && (Strings::normaliseLink($_SESSION["fastlane"]) == Strings::normaliseLink($dfrn_url))) { $_POST["dfrn_url"] = $dfrn_url; $_POST["confirm_key"] = $confirm_key; $_POST["localconfirm"] = 1; diff --git a/mod/directory.php b/mod/directory.php index 10eaa4492..e59cf7b82 100644 --- a/mod/directory.php +++ b/mod/directory.php @@ -15,6 +15,7 @@ use Friendica\Database\DBA; use Friendica\Model\Contact; use Friendica\Model\Profile; use Friendica\Util\Proxy as ProxyUtils; +use Friendica\Util\Strings; function directory_init(App $a) { @@ -47,9 +48,9 @@ function directory_content(App $a) Nav::setSelected('directory'); if (x($a->data, 'search')) { - $search = notags(trim($a->data['search'])); + $search = Strings::escapeTags(trim($a->data['search'])); } else { - $search = ((x($_GET, 'search')) ? notags(trim(rawurldecode($_GET['search']))) : ''); + $search = ((x($_GET, 'search')) ? Strings::escapeTags(trim(rawurldecode($_GET['search']))) : ''); } $gdirpath = ''; diff --git a/mod/dirfind.php b/mod/dirfind.php index 2451beb18..d3298b64d 100644 --- a/mod/dirfind.php +++ b/mod/dirfind.php @@ -20,6 +20,7 @@ use Friendica\Network\Probe; use Friendica\Protocol\PortableContact; use Friendica\Util\Network; use Friendica\Util\Proxy as ProxyUtils; +use Friendica\Util\Strings; function dirfind_init(App $a) { @@ -45,15 +46,15 @@ function dirfind_content(App $a, $prefix = "") { $local = Config::get('system','poco_local_search'); - $search = $prefix.notags(trim(defaults($_REQUEST, 'search', ''))); + $search = $prefix.Strings::escapeTags(trim(defaults($_REQUEST, 'search', ''))); $header = ''; if (strpos($search,'@') === 0) { $search = substr($search,1); $header = L10n::t('People Search - %s', $search); - if ((valid_email($search) && Network::isEmailDomainValid($search)) || - (substr(normalise_link($search), 0, 7) == "http://")) { + if ((filter_var($search, FILTER_VALIDATE_EMAIL) && Network::isEmailDomainValid($search)) || + (substr(Strings::normaliseLink($search), 0, 7) == "http://")) { $user_data = Probe::uri($search); $discover_user = (in_array($user_data["network"], [Protocol::ACTIVITYPUB, Protocol::DFRN, Protocol::OSTATUS, Protocol::DIASPORA])); } @@ -125,8 +126,8 @@ function dirfind_content(App $a, $prefix = "") { (`url` LIKE '%s' OR `name` LIKE '%s' OR `location` LIKE '%s' OR `addr` LIKE '%s' OR `about` LIKE '%s' OR `keywords` LIKE '%s') $extra_sql", DBA::escape(Protocol::DFRN), DBA::escape($ostatus), DBA::escape($diaspora), - DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)), - DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2))); + DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)), + DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2))); $results = q("SELECT `nurl` FROM `gcontact` @@ -137,8 +138,8 @@ function dirfind_content(App $a, $prefix = "") { GROUP BY `nurl` ORDER BY `updated` DESC LIMIT %d, %d", DBA::escape(Protocol::DFRN), DBA::escape($ostatus), DBA::escape($diaspora), - DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)), - DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)), DBA::escape(escape_tags($search2)), + DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)), + DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)), DBA::escape(Strings::escapeHtml($search2)), $pager->getStart(), $pager->getItemsPerPage()); $j = new stdClass(); $j->total = $count[0]["total"]; diff --git a/mod/display.php b/mod/display.php index ac345d541..39661cb76 100644 --- a/mod/display.php +++ b/mod/display.php @@ -21,6 +21,7 @@ use Friendica\Model\Item; use Friendica\Model\Profile; use Friendica\Protocol\ActivityPub; use Friendica\Protocol\DFRN; +use Friendica\Util\Strings; function display_init(App $a) { @@ -90,8 +91,8 @@ function display_init(App $a) $profiledata = display_fetchauthor($a, $item); - if (strstr(normalise_link($profiledata["url"]), normalise_link(System::baseUrl()))) { - $nickname = str_replace(normalise_link(System::baseUrl())."/profile/", "", normalise_link($profiledata["url"])); + if (strstr(Strings::normaliseLink($profiledata["url"]), Strings::normaliseLink(System::baseUrl()))) { + $nickname = str_replace(Strings::normaliseLink(System::baseUrl())."/profile/", "", Strings::normaliseLink($profiledata["url"])); if (($nickname != $a->user["nickname"])) { $profile = DBA::fetchFirst("SELECT `profile`.`uid` AS `profile_uid`, `profile`.* , `contact`.`avatar-date` AS picdate, `user`.* FROM `profile` diff --git a/mod/events.php b/mod/events.php index c9461a48e..f147e0054 100644 --- a/mod/events.php +++ b/mod/events.php @@ -19,6 +19,7 @@ use Friendica\Model\Item; use Friendica\Model\Profile; use Friendica\Module\Login; use Friendica\Util\DateTimeFormat; +use Friendica\Util\Strings; use Friendica\Util\Temporal; require_once 'include/items.php'; @@ -59,8 +60,8 @@ function events_post(App $a) $cid = !empty($_POST['cid']) ? intval($_POST['cid']) : 0; $uid = local_user(); - $start_text = escape_tags(defaults($_REQUEST, 'start_text', '')); - $finish_text = escape_tags(defaults($_REQUEST, 'finish_text', '')); + $start_text = Strings::escapeHtml(defaults($_REQUEST, 'start_text', '')); + $finish_text = Strings::escapeHtml(defaults($_REQUEST, 'finish_text', '')); $adjust = intval(defaults($_POST, 'adjust', 0)); $nofinish = intval(defaults($_POST, 'nofinish', 0)); @@ -96,9 +97,9 @@ function events_post(App $a) // and we'll waste a bunch of time responding to it. Time that // could've been spent doing something else. - $summary = escape_tags(trim(defaults($_POST, 'summary', ''))); - $desc = escape_tags(trim(defaults($_POST, 'desc', ''))); - $location = escape_tags(trim(defaults($_POST, 'location', ''))); + $summary = Strings::escapeHtml(trim(defaults($_POST, 'summary', ''))); + $desc = Strings::escapeHtml(trim(defaults($_POST, 'desc', ''))); + $location = Strings::escapeHtml(trim(defaults($_POST, 'location', ''))); $type = 'event'; $action = ($event_id == '') ? 'new' : "event/" . $event_id; diff --git a/mod/fetch.php b/mod/fetch.php index 4e7d8c751..9336c1404 100644 --- a/mod/fetch.php +++ b/mod/fetch.php @@ -10,6 +10,7 @@ use Friendica\Core\System; use Friendica\Protocol\Diaspora; use Friendica\Model\Item; use Friendica\Model\User; +use Friendica\Util\Strings; use Friendica\Util\XML; use Friendica\Database\DBA; @@ -35,7 +36,7 @@ function fetch_init(App $a) $parts = parse_url($item["author-link"]); $host = $parts["scheme"]."://".$parts["host"]; - if (normalise_link($host) != normalise_link(System::baseUrl())) { + if (Strings::normaliseLink($host) != Strings::normaliseLink(System::baseUrl())) { $location = $host."/fetch/".$a->argv[1]."/".urlencode($guid); header("HTTP/1.1 301 Moved Permanently"); diff --git a/mod/follow.php b/mod/follow.php index 5c6c6d9d3..08f664d39 100644 --- a/mod/follow.php +++ b/mod/follow.php @@ -13,6 +13,7 @@ use Friendica\Model\Profile; use Friendica\Network\Probe; use Friendica\Database\DBA; use Friendica\Util\Proxy as ProxyUtils; +use Friendica\Util\Strings; function follow_post(App $a) { @@ -25,7 +26,7 @@ function follow_post(App $a) } $uid = local_user(); - $url = notags(trim($_REQUEST['url'])); + $url = Strings::escapeTags(trim($_REQUEST['url'])); $return_path = 'contacts'; // Makes the connection request for friendica contacts easier @@ -60,7 +61,7 @@ function follow_content(App $a) } $uid = local_user(); - $url = notags(trim($_REQUEST['url'])); + $url = Strings::escapeTags(trim($_REQUEST['url'])); $submit = L10n::t('Submit Request'); @@ -68,8 +69,8 @@ function follow_content(App $a) $r = q("SELECT `pending` FROM `contact` WHERE `uid` = %d AND ((`rel` != %d) OR (`network` = '%s')) AND (`nurl` = '%s' OR `alias` = '%s' OR `alias` = '%s') AND `network` != '%s' LIMIT 1", - intval(local_user()), DBA::escape(Contact::FOLLOWER), DBA::escape(Protocol::DFRN), DBA::escape(normalise_link($url)), - DBA::escape(normalise_link($url)), DBA::escape($url), DBA::escape(Protocol::STATUSNET)); + intval(local_user()), DBA::escape(Contact::FOLLOWER), DBA::escape(Protocol::DFRN), DBA::escape(Strings::normaliseLink($url)), + DBA::escape(Strings::normaliseLink($url)), DBA::escape($url), DBA::escape(Protocol::STATUSNET)); if ($r) { if ($r[0]['pending']) { @@ -130,7 +131,7 @@ function follow_content(App $a) $_SESSION['fastlane'] = $ret['url']; $r = q("SELECT `id`, `location`, `about`, `keywords` FROM `gcontact` WHERE `nurl` = '%s'", - normalise_link($ret['url'])); + Strings::normaliseLink($ret['url'])); if (!$r) { $r = [['location' => '', 'about' => '', 'keywords' => '']]; diff --git a/mod/fsuggest.php b/mod/fsuggest.php index 35710bb33..2195f455a 100644 --- a/mod/fsuggest.php +++ b/mod/fsuggest.php @@ -9,6 +9,7 @@ use Friendica\Core\L10n; use Friendica\Core\Worker; use Friendica\Database\DBA; use Friendica\Util\DateTimeFormat; +use Friendica\Util\Strings; function fsuggest_post(App $a) { @@ -34,9 +35,9 @@ function fsuggest_post(App $a) $new_contact = intval($_POST['suggest']); - $hash = random_string(); + $hash = Strings::getRandomHex(); - $note = escape_tags(trim(defaults($_POST, 'note', ''))); + $note = Strings::escapeHtml(trim(defaults($_POST, 'note', ''))); if ($new_contact) { $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", diff --git a/mod/group.php b/mod/group.php index 8b2ce9ca1..51fa2493e 100644 --- a/mod/group.php +++ b/mod/group.php @@ -16,6 +16,7 @@ use Friendica\Database\DBA; use Friendica\Model; use Friendica\Module; use Friendica\Util\Security; +use Friendica\Util\Strings; function group_init(App $a) { if (local_user()) { @@ -33,7 +34,7 @@ function group_post(App $a) { if (($a->argc == 2) && ($a->argv[1] === 'new')) { BaseModule::checkFormSecurityTokenRedirectOnError('/group/new', 'group_edit'); - $name = notags(trim($_POST['groupname'])); + $name = Strings::escapeTags(trim($_POST['groupname'])); $r = Model\Group::create(local_user(), $name); if ($r) { info(L10n::t('Group created.') . EOL); @@ -61,7 +62,7 @@ function group_post(App $a) { return; // NOTREACHED } $group = $r[0]; - $groupname = notags(trim($_POST['groupname'])); + $groupname = Strings::escapeTags(trim($_POST['groupname'])); if (strlen($groupname) && ($groupname != $group['name'])) { $r = q("UPDATE `group` SET `name` = '%s' WHERE `uid` = %d AND `id` = %d", DBA::escape($groupname), diff --git a/mod/help.php b/mod/help.php index 2c8f68ff3..3a21695b0 100644 --- a/mod/help.php +++ b/mod/help.php @@ -10,6 +10,7 @@ use Friendica\Core\Config; use Friendica\Core\L10n; use Friendica\Core\Renderer; use Friendica\Core\System; +use Friendica\Util\Strings; function load_doc_file($s) { @@ -47,7 +48,7 @@ function help_content(App $a) $title = basename($path); $filename = $path; $text = load_doc_file('doc/' . $path . '.md'); - $a->page['title'] = L10n::t('Help:') . ' ' . str_replace('-', ' ', notags($title)); + $a->page['title'] = L10n::t('Help:') . ' ' . str_replace('-', ' ', Strings::escapeTags($title)); } $home = load_doc_file('doc/Home.md'); diff --git a/mod/hovercard.php b/mod/hovercard.php index 1e2e14afb..f5ad3ef02 100644 --- a/mod/hovercard.php +++ b/mod/hovercard.php @@ -16,6 +16,7 @@ use Friendica\Database\DBA; use Friendica\Model\Contact; use Friendica\Model\GContact; use Friendica\Util\Proxy as ProxyUtils; +use Friendica\Util\Strings; function hovercard_init(App $a) { @@ -55,7 +56,7 @@ function hovercard_content() $contact = []; // if it's the url containing https it should be converted to http - $nurl = normalise_link(GContact::cleanContactUrl($profileurl)); + $nurl = Strings::normaliseLink(GContact::cleanContactUrl($profileurl)); if (!$nurl) { return; } @@ -73,12 +74,12 @@ function hovercard_content() // Feeds url could have been destroyed through "cleanContactUrl", so we now use the original url if (!count($contact) && local_user()) { - $nurl = normalise_link($profileurl); + $nurl = Strings::normaliseLink($profileurl); $contact = Contact::getDetailsByURL($nurl, local_user()); } if (!count($contact)) { - $nurl = normalise_link($profileurl); + $nurl = Strings::normaliseLink($profileurl); $contact = Contact::getDetailsByURL($nurl); } @@ -104,7 +105,7 @@ function hovercard_content() 'location' => $contact['location'], 'gender' => $contact['gender'], 'about' => $contact['about'], - 'network' => format_network_name($contact['network'], $contact['url']), + 'network' => Strings::formatNetworkName($contact['network'], $contact['url']), 'tags' => $contact['keywords'], 'bd' => $contact['birthday'] <= '0001-01-01' ? '' : $contact['birthday'], 'account_type' => Contact::getAccountType($contact), diff --git a/mod/invite.php b/mod/invite.php index 1e02ae9ca..460a3461d 100644 --- a/mod/invite.php +++ b/mod/invite.php @@ -17,6 +17,7 @@ use Friendica\Database\DBA; use Friendica\Protocol\Email; use Friendica\Util\DateTimeFormat; use Friendica\Util\Security; +use Friendica\Util\Strings; function invite_post(App $a) { @@ -40,7 +41,7 @@ function invite_post(App $a) $recipients = !empty($_POST['recipients']) ? explode("\n", $_POST['recipients']) : []; - $message = !empty($_POST['message']) ? notags(trim($_POST['message'])) : ''; + $message = !empty($_POST['message']) ? Strings::escapeTags(trim($_POST['message'])) : ''; $total = 0; @@ -55,7 +56,7 @@ function invite_post(App $a) foreach ($recipients as $recipient) { $recipient = trim($recipient); - if (! valid_email($recipient)) { + if (!filter_var($recipient, FILTER_VALIDATE_EMAIL)) { notice(L10n::t('%s : Not a valid email address.', $recipient) . EOL); continue; } diff --git a/mod/item.php b/mod/item.php index c86ed5e27..507185e7c 100644 --- a/mod/item.php +++ b/mod/item.php @@ -36,6 +36,7 @@ use Friendica\Protocol\Email; use Friendica\Util\DateTimeFormat; use Friendica\Util\Emailer; use Friendica\Util\Security; +use Friendica\Util\Strings; require_once 'include/enotify.php'; require_once 'include/text.php'; @@ -203,8 +204,8 @@ function item_post(App $a) { $objecttype = $orig_post['object-type']; $app = $orig_post['app']; $categories = $orig_post['file']; - $title = notags(trim($_REQUEST['title'])); - $body = escape_tags(trim($_REQUEST['body'])); + $title = Strings::escapeTags(trim($_REQUEST['title'])); + $body = Strings::escapeHtml(trim($_REQUEST['body'])); $private = $orig_post['private']; $pubmail_enabled = $orig_post['pubmail']; $network = $orig_post['network']; @@ -235,14 +236,14 @@ function item_post(App $a) { $str_contact_deny = perms2str(defaults($_REQUEST, 'contact_deny', '')); } - $title = notags(trim(defaults($_REQUEST, 'title' , ''))); - $location = notags(trim(defaults($_REQUEST, 'location', ''))); - $coord = notags(trim(defaults($_REQUEST, 'coord' , ''))); - $verb = notags(trim(defaults($_REQUEST, 'verb' , ''))); - $emailcc = notags(trim(defaults($_REQUEST, 'emailcc' , ''))); - $body = escape_tags(trim(defaults($_REQUEST, 'body' , ''))); - $network = notags(trim(defaults($_REQUEST, 'network' , Protocol::DFRN))); - $guid = System::createUUID(); + $title = Strings::escapeTags(trim(defaults($_REQUEST, 'title' , ''))); + $location = Strings::escapeTags(trim(defaults($_REQUEST, 'location', ''))); + $coord = Strings::escapeTags(trim(defaults($_REQUEST, 'coord' , ''))); + $verb = Strings::escapeTags(trim(defaults($_REQUEST, 'verb' , ''))); + $emailcc = Strings::escapeTags(trim(defaults($_REQUEST, 'emailcc' , ''))); + $body = Strings::escapeHtml(trim(defaults($_REQUEST, 'body' , ''))); + $network = Strings::escapeTags(trim(defaults($_REQUEST, 'network' , Protocol::DFRN))); + $guid = System::createUUID(); $postopts = defaults($_REQUEST, 'postopts', ''); @@ -347,7 +348,7 @@ function item_post(App $a) { $str_tags = ''; $inform = ''; - $tags = get_tags($body); + $tags = BBCode::getTags($body); // Add a tag if the parent contact is from ActivityPub or OStatus (This will notify them) if ($parent && in_array($thr_parent_contact['network'], [Protocol::OSTATUS, Protocol::ACTIVITYPUB])) { diff --git a/mod/like.php b/mod/like.php index 296e563bf..97eaca163 100644 --- a/mod/like.php +++ b/mod/like.php @@ -3,6 +3,7 @@ use Friendica\App; use Friendica\Core\System; use Friendica\Model\Item; +use Friendica\Util\Strings; require_once 'include/items.php'; @@ -12,13 +13,13 @@ function like_content(App $a) { } - $verb = notags(trim($_GET['verb'])); + $verb = Strings::escapeTags(trim($_GET['verb'])); if (!$verb) { $verb = 'like'; } - $item_id = (($a->argc > 1) ? notags(trim($a->argv[1])) : 0); + $item_id = (($a->argc > 1) ? Strings::escapeTags(trim($a->argv[1])) : 0); $r = Item::performLike($item_id, $verb); if (!$r) { diff --git a/mod/lostpass.php b/mod/lostpass.php index ae94fbbbe..42a1764bf 100644 --- a/mod/lostpass.php +++ b/mod/lostpass.php @@ -11,6 +11,7 @@ use Friendica\Core\System; use Friendica\Database\DBA; use Friendica\Model\User; use Friendica\Util\DateTimeFormat; +use Friendica\Util\Strings; require_once 'boot.php'; require_once 'include/enotify.php'; @@ -18,7 +19,7 @@ require_once 'include/text.php'; function lostpass_post(App $a) { - $loginame = notags(trim($_POST['login-name'])); + $loginame = Strings::escapeTags(trim($_POST['login-name'])); if (!$loginame) { $a->internalRedirect(); } @@ -30,7 +31,7 @@ function lostpass_post(App $a) $a->internalRedirect(); } - $pwdreset_token = autoname(12) . mt_rand(1000, 9999); + $pwdreset_token = Strings::getRandomName(12) . mt_rand(1000, 9999); $fields = [ 'pwdreset' => $pwdreset_token, @@ -44,7 +45,7 @@ function lostpass_post(App $a) $sitename = Config::get('config', 'sitename'); $resetlink = System::baseUrl() . '/lostpass/' . $pwdreset_token; - $preamble = deindent(L10n::t(' + $preamble = Strings::deindent(L10n::t(' Dear %1$s, A request was recently received at "%2$s" to reset your account password. In order to confirm this request, please select the verification link @@ -55,7 +56,7 @@ function lostpass_post(App $a) Your password will not be changed unless we can verify that you issued this request.', $user['username'], $sitename)); - $body = deindent(L10n::t(' + $body = Strings::deindent(L10n::t(' Follow this link soon to verify your identity: %1$s @@ -150,13 +151,13 @@ function lostpass_generate_password($user) info("Your password has been reset." . EOL); $sitename = Config::get('config', 'sitename'); - $preamble = deindent(L10n::t(' + $preamble = Strings::deindent(L10n::t(' Dear %1$s, Your password has been changed as requested. Please retain this information for your records ' . "\x28" . 'or change your password immediately to something that you will remember' . "\x29" . '. ', $user['username'])); - $body = deindent(L10n::t(' + $body = Strings::deindent(L10n::t(' Your login details are as follows: Site Location: %1$s diff --git a/mod/maintenance.php b/mod/maintenance.php index a1b032a61..8e0197b86 100644 --- a/mod/maintenance.php +++ b/mod/maintenance.php @@ -6,12 +6,13 @@ use Friendica\App; use Friendica\Core\Config; use Friendica\Core\L10n; use Friendica\Core\Renderer; +use Friendica\Util\Strings; function maintenance_content(App $a) { $reason = Config::get('system', 'maintenance_reason'); - if (substr(normalise_link($reason), 0, 7) == 'http://') { + if (substr(Strings::normaliseLink($reason), 0, 7) == 'http://') { header("HTTP/1.1 307 Temporary Redirect"); header("Location:".$reason); return; diff --git a/mod/match.php b/mod/match.php index e924722aa..0ec753466 100644 --- a/mod/match.php +++ b/mod/match.php @@ -14,6 +14,7 @@ use Friendica\Database\DBA; use Friendica\Model\Contact; use Friendica\Util\Network; use Friendica\Util\Proxy as ProxyUtils; +use Friendica\Util\Strings; require_once 'include/text.php'; @@ -76,7 +77,7 @@ function match_content(App $a) $id = 0; foreach ($j->results as $jj) { - $match_nurl = normalise_link($jj->url); + $match_nurl = Strings::normaliseLink($jj->url); $match = q( "SELECT `nurl` FROM `contact` WHERE `uid` = '%d' AND nurl='%s' LIMIT 1", intval(local_user()), diff --git a/mod/message.php b/mod/message.php index 23c08f5a3..7491cd1bc 100644 --- a/mod/message.php +++ b/mod/message.php @@ -18,6 +18,7 @@ use Friendica\Model\Mail; use Friendica\Module\Login; use Friendica\Util\DateTimeFormat; use Friendica\Util\Proxy as ProxyUtils; +use Friendica\Util\Strings; use Friendica\Util\Temporal; require_once 'include/conversation.php'; @@ -58,9 +59,9 @@ function message_post(App $a) return; } - $replyto = x($_REQUEST, 'replyto') ? notags(trim($_REQUEST['replyto'])) : ''; - $subject = x($_REQUEST, 'subject') ? notags(trim($_REQUEST['subject'])) : ''; - $body = x($_REQUEST, 'body') ? escape_tags(trim($_REQUEST['body'])) : ''; + $replyto = x($_REQUEST, 'replyto') ? Strings::escapeTags(trim($_REQUEST['replyto'])) : ''; + $subject = x($_REQUEST, 'subject') ? Strings::escapeTags(trim($_REQUEST['subject'])) : ''; + $body = x($_REQUEST, 'body') ? Strings::escapeHtml(trim($_REQUEST['body'])) : ''; $recipient = x($_REQUEST, 'messageto') ? intval($_REQUEST['messageto']) : 0; $ret = Mail::send($recipient, $body, $subject, $replyto); @@ -218,7 +219,7 @@ function message_content(App $a) if (!DBA::isResult($r)) { $r = q("SELECT `name`, `url`, `id` FROM `contact` WHERE `uid` = %d AND `nurl` = '%s' LIMIT 1", intval(local_user()), - DBA::escape(normalise_link(base64_decode($a->argv[2]))) + DBA::escape(Strings::normaliseLink(base64_decode($a->argv[2]))) ); } @@ -253,7 +254,7 @@ function message_content(App $a) '$preid' => $preid, '$subject' => L10n::t('Subject:'), '$subjtxt' => x($_REQUEST, 'subject') ? strip_tags($_REQUEST['subject']) : '', - '$text' => x($_REQUEST, 'body') ? escape_tags(htmlspecialchars($_REQUEST['body'])) : '', + '$text' => x($_REQUEST, 'body') ? Strings::escapeHtml(htmlspecialchars($_REQUEST['body'])) : '', '$readonly' => '', '$yourmessage' => L10n::t('Your message:'), '$select' => $select, @@ -462,7 +463,7 @@ function render_messages(array $msg, $t) foreach ($msg as $rr) { if ($rr['unknown']) { $participants = L10n::t("Unknown sender - %s", $rr['from-name']); - } elseif (link_compare($rr['from-url'], $myprofile)) { + } elseif (Strings::compareLink($rr['from-url'], $myprofile)) { $participants = L10n::t("You and %s", $rr['name']); } else { $participants = L10n::t("%s and You", $rr['from-name']); diff --git a/mod/network.php b/mod/network.php index 26458a7a0..81a2f2b2b 100644 --- a/mod/network.php +++ b/mod/network.php @@ -28,6 +28,7 @@ use Friendica\Model\Profile; use Friendica\Module\Login; use Friendica\Util\DateTimeFormat; use Friendica\Util\Proxy as ProxyUtils; +use Friendica\Util\Strings; require_once 'include/conversation.php'; require_once 'include/items.php'; @@ -41,7 +42,7 @@ function network_init(App $a) Hook::add('head', __FILE__, 'network_infinite_scroll_head'); - $search = (x($_GET, 'search') ? escape_tags($_GET['search']) : ''); + $search = (x($_GET, 'search') ? Strings::escapeHtml($_GET['search']) : ''); if (($search != '') && !empty($_GET['submit'])) { $a->internalRedirect('search?search=' . urlencode($search)); @@ -518,9 +519,9 @@ function networkThreadedView(App $a, $update, $parent) for ($x = 1; $x < $a->argc; $x ++) { if (is_a_date_arg($a->argv[$x])) { if ($datequery) { - $datequery2 = escape_tags($a->argv[$x]); + $datequery2 = Strings::escapeHtml($a->argv[$x]); } else { - $datequery = escape_tags($a->argv[$x]); + $datequery = Strings::escapeHtml($a->argv[$x]); $_GET['order'] = 'post'; } } elseif (intval($a->argv[$x])) { @@ -536,7 +537,7 @@ function networkThreadedView(App $a, $update, $parent) $star = intval(defaults($_GET, 'star' , 0)); $bmark = intval(defaults($_GET, 'bmark', 0)); $conv = intval(defaults($_GET, 'conv' , 0)); - $order = notags(defaults($_GET, 'order', 'comment')); + $order = Strings::escapeTags(defaults($_GET, 'order', 'comment')); $nets = defaults($_GET, 'nets' , ''); if ($cid) { @@ -649,7 +650,7 @@ function networkThreadedView(App $a, $update, $parent) $sql_post_table .= " INNER JOIN `item` AS `temp1` ON `temp1`.`id` = " . $sql_table . "." . $sql_parent; $sql_extra3 .= " AND (`thread`.`contact-id` IN ($contact_str) "; - $sql_extra3 .= " OR (`thread`.`contact-id` = '$contact_str_self' AND `temp1`.`allow_gid` LIKE '" . protect_sprintf('%<' . intval($gid) . '>%') . "' AND `temp1`.`private`))"; + $sql_extra3 .= " OR (`thread`.`contact-id` = '$contact_str_self' AND `temp1`.`allow_gid` LIKE '" . Strings::protectSprintf('%<' . intval($gid) . '>%') . "' AND `temp1`.`private`))"; } else { $sql_extra3 .= " AND false "; info(L10n::t('Group is empty')); @@ -697,11 +698,11 @@ function networkThreadedView(App $a, $update, $parent) } if ($datequery) { - $sql_extra3 .= protect_sprintf(sprintf(" AND $sql_table.created <= '%s' ", + $sql_extra3 .= Strings::protectSprintf(sprintf(" AND $sql_table.created <= '%s' ", DBA::escape(DateTimeFormat::convert($datequery, 'UTC', date_default_timezone_get())))); } if ($datequery2) { - $sql_extra3 .= protect_sprintf(sprintf(" AND $sql_table.created >= '%s' ", + $sql_extra3 .= Strings::protectSprintf(sprintf(" AND $sql_table.created >= '%s' ", DBA::escape(DateTimeFormat::convert($datequery2, 'UTC', date_default_timezone_get())))); } @@ -882,7 +883,7 @@ function networkThreadedView(App $a, $update, $parent) foreach ($data as $item) { // Don't show hash tag posts from blocked or ignored contacts $condition = ["`nurl` = ? AND `uid` = ? AND (`blocked` OR `readonly`)", - normalise_link($item['author-link']), local_user()]; + Strings::normaliseLink($item['author-link']), local_user()]; if (!DBA::exists('contact', $condition)) { $s[$item['uri']] = $item; } diff --git a/mod/oexchange.php b/mod/oexchange.php index 296869aac..62d0bba07 100644 --- a/mod/oexchange.php +++ b/mod/oexchange.php @@ -8,6 +8,7 @@ use Friendica\Core\Renderer; use Friendica\Core\System; use Friendica\Module\Login; use Friendica\Util\Network; +use Friendica\Util\Strings; function oexchange_init(App $a) { @@ -33,13 +34,13 @@ function oexchange_content(App $a) { } $url = ((x($_REQUEST,'url') && strlen($_REQUEST['url'])) - ? urlencode(notags(trim($_REQUEST['url']))) : ''); + ? urlencode(Strings::escapeTags(trim($_REQUEST['url']))) : ''); $title = ((x($_REQUEST,'title') && strlen($_REQUEST['title'])) - ? '&title=' . urlencode(notags(trim($_REQUEST['title']))) : ''); + ? '&title=' . urlencode(Strings::escapeTags(trim($_REQUEST['title']))) : ''); $description = ((x($_REQUEST,'description') && strlen($_REQUEST['description'])) - ? '&description=' . urlencode(notags(trim($_REQUEST['description']))) : ''); + ? '&description=' . urlencode(Strings::escapeTags(trim($_REQUEST['description']))) : ''); $tags = ((x($_REQUEST,'tags') && strlen($_REQUEST['tags'])) - ? '&tags=' . urlencode(notags(trim($_REQUEST['tags']))) : ''); + ? '&tags=' . urlencode(Strings::escapeTags(trim($_REQUEST['tags']))) : ''); $s = Network::fetchUrl(System::baseUrl() . '/parse_url?f=&url=' . $url . $title . $description . $tags); diff --git a/mod/openid.php b/mod/openid.php index d1404ba80..209960ee5 100644 --- a/mod/openid.php +++ b/mod/openid.php @@ -10,6 +10,7 @@ use Friendica\Core\L10n; use Friendica\Core\Logger; use Friendica\Core\System; use Friendica\Database\DBA; +use Friendica\Util\Strings; function openid_content(App $a) { @@ -43,7 +44,7 @@ function openid_content(App $a) { AND `blocked` = 0 AND `account_expired` = 0 AND `account_removed` = 0 AND `verified` = 1 LIMIT 1", - DBA::escape($authid), DBA::escape(normalise_openid($authid)) + DBA::escape($authid), DBA::escape(Strings::normaliseOpenID($authid)) ); if (DBA::isResult($r)) { @@ -74,16 +75,16 @@ function openid_content(App $a) { if (is_array($attr) && count($attr)) { foreach ($attr as $k => $v) { if ($k === 'namePerson/friendly') { - $nick = notags(trim($v)); + $nick = Strings::escapeTags(trim($v)); } if($k === 'namePerson/first') { - $first = notags(trim($v)); + $first = Strings::escapeTags(trim($v)); } if($k === 'namePerson') { - $args .= '&username=' . urlencode(notags(trim($v))); + $args .= '&username=' . urlencode(Strings::escapeTags(trim($v))); } if ($k === 'contact/email') { - $args .= '&email=' . urlencode(notags(trim($v))); + $args .= '&email=' . urlencode(Strings::escapeTags(trim($v))); } if ($k === 'media/image/aspect11') { $photosq = bin2hex(trim($v)); @@ -107,7 +108,7 @@ function openid_content(App $a) { $args .= '&photo=' . urlencode($photo); } - $args .= '&openid_url=' . urlencode(notags(trim($authid))); + $args .= '&openid_url=' . urlencode(Strings::escapeTags(trim($authid))); $a->internalRedirect('register?' . $args); diff --git a/mod/photos.php b/mod/photos.php index 7a49f061a..f07815c25 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -31,6 +31,7 @@ use Friendica\Util\DateTimeFormat; use Friendica\Util\Map; use Friendica\Util\Security; use Friendica\Util\Temporal; +use Friendica\Util\Strings; use Friendica\Util\XML; require_once 'include/items.php'; @@ -222,7 +223,7 @@ function photos_post(App $a) } // RENAME photo album - $newalbum = notags(trim($_POST['albumname'])); + $newalbum = Strings::escapeTags(trim($_POST['albumname'])); if ($newalbum != $album) { q("UPDATE `photo` SET `album` = '%s' WHERE `album` = '%s' AND `uid` = %d", DBA::escape($newalbum), @@ -365,11 +366,11 @@ function photos_post(App $a) } if ($a->argc > 2 && (!empty($_POST['desc']) || !empty($_POST['newtag']) || !empty($_POST['albname']) !== false)) { - $desc = !empty($_POST['desc']) ? notags(trim($_POST['desc'])) : ''; - $rawtags = !empty($_POST['newtag']) ? notags(trim($_POST['newtag'])) : ''; + $desc = !empty($_POST['desc']) ? Strings::escapeTags(trim($_POST['desc'])) : ''; + $rawtags = !empty($_POST['newtag']) ? Strings::escapeTags(trim($_POST['newtag'])) : ''; $item_id = !empty($_POST['item_id']) ? intval($_POST['item_id']) : 0; - $albname = !empty($_POST['albname']) ? notags(trim($_POST['albname'])) : ''; - $origaname = !empty($_POST['origaname']) ? notags(trim($_POST['origaname'])) : ''; + $albname = !empty($_POST['albname']) ? Strings::escapeTags(trim($_POST['albname'])) : ''; + $origaname = !empty($_POST['origaname']) ? Strings::escapeTags(trim($_POST['origaname'])) : ''; $str_group_allow = !empty($_POST['group_allow']) ? perms2str($_POST['group_allow']) : ''; $str_contact_allow = !empty($_POST['contact_allow']) ? perms2str($_POST['contact_allow']) : ''; @@ -524,7 +525,7 @@ function photos_post(App $a) } $taginfo = []; - $tags = get_tags($rawtags); + $tags = BBCode::getTags($rawtags); if (count($tags)) { foreach ($tags as $tag) { @@ -707,8 +708,8 @@ function photos_post(App $a) Addon::callHooks('photo_post_init', $_POST); // Determine the album to use - $album = !empty($_REQUEST['album']) ? notags(trim($_REQUEST['album'])) : ''; - $newalbum = !empty($_REQUEST['newalbum']) ? notags(trim($_REQUEST['newalbum'])) : ''; + $album = !empty($_REQUEST['album']) ? Strings::escapeTags(trim($_REQUEST['album'])) : ''; + $newalbum = !empty($_REQUEST['newalbum']) ? Strings::escapeTags(trim($_REQUEST['newalbum'])) : ''; Logger::log('mod/photos.php: photos_post(): album= ' . $album . ' newalbum= ' . $newalbum , Logger::DEBUG); @@ -779,7 +780,7 @@ function photos_post(App $a) notice(L10n::t('Image exceeds size limit of %s', ini_get('upload_max_filesize')) . EOL); break; case UPLOAD_ERR_FORM_SIZE: - notice(L10n::t('Image exceeds size limit of %s', formatBytes(defaults($_REQUEST, 'MAX_FILE_SIZE', 0))) . EOL); + notice(L10n::t('Image exceeds size limit of %s', Strings::formatBytes(defaults($_REQUEST, 'MAX_FILE_SIZE', 0))) . EOL); break; case UPLOAD_ERR_PARTIAL: notice(L10n::t('Image upload didn\'t complete, please try again') . EOL); @@ -808,7 +809,7 @@ function photos_post(App $a) $maximagesize = Config::get('system', 'maximagesize'); if ($maximagesize && ($filesize > $maximagesize)) { - notice(L10n::t('Image exceeds size limit of %s', formatBytes($maximagesize)) . EOL); + notice(L10n::t('Image exceeds size limit of %s', Strings::formatBytes($maximagesize)) . EOL); @unlink($src); $foo = 0; Addon::callHooks('photo_post_end', $foo); diff --git a/mod/poco.php b/mod/poco.php index 08677ef8d..cc2493c08 100644 --- a/mod/poco.php +++ b/mod/poco.php @@ -15,6 +15,7 @@ use Friendica\Core\System; use Friendica\Database\DBA; use Friendica\Protocol\PortableContact; use Friendica\Util\DateTimeFormat; +use Friendica\Util\Strings; use Friendica\Util\XML; function poco_init(App $a) { @@ -25,7 +26,7 @@ function poco_init(App $a) { } if ($a->argc > 1) { - $user = notags(trim($a->argv[1])); + $user = Strings::escapeTags(trim($a->argv[1])); } if (empty($user)) { $c = q("SELECT * FROM `pconfig` WHERE `cat` = 'system' AND `k` = 'suggestme' AND `v` = 1"); diff --git a/mod/poke.php b/mod/poke.php index e8c43213a..6f09b348c 100644 --- a/mod/poke.php +++ b/mod/poke.php @@ -22,6 +22,7 @@ use Friendica\Core\System; use Friendica\Core\Worker; use Friendica\Database\DBA; use Friendica\Model\Item; +use Friendica\Util\Strings; use Friendica\Util\XML; require_once 'include/items.php'; @@ -38,7 +39,7 @@ function poke_init(App $a) return; } - $verb = notags(trim($_GET['verb'])); + $verb = Strings::escapeTags(trim($_GET['verb'])); $verbs = L10n::getPokeVerbs(); diff --git a/mod/profile.php b/mod/profile.php index cfbe07dad..59f3bb5ae 100644 --- a/mod/profile.php +++ b/mod/profile.php @@ -24,6 +24,7 @@ use Friendica\Protocol\ActivityPub; use Friendica\Protocol\DFRN; use Friendica\Util\DateTimeFormat; use Friendica\Util\Security; +use Friendica\Util\Strings; use Friendica\Util\XML; function profile_init(App $a) @@ -114,9 +115,9 @@ function profile_content(App $a, $update = 0) for ($x = 2; $x < $a->argc; $x ++) { if (is_a_date_arg($a->argv[$x])) { if ($datequery) { - $datequery2 = escape_tags($a->argv[$x]); + $datequery2 = Strings::escapeHtml($a->argv[$x]); } else { - $datequery = escape_tags($a->argv[$x]); + $datequery = Strings::escapeHtml($a->argv[$x]); } } else { $category = $a->argv[$x]; @@ -193,7 +194,7 @@ function profile_content(App $a, $update = 0) if (!$update) { $tab = false; if (!empty($_GET['tab'])) { - $tab = notags(trim($_GET['tab'])); + $tab = Strings::escapeTags(trim($_GET['tab'])); } $o .= Profile::getTabs($a, $is_owner, $a->profile['nickname']); @@ -272,19 +273,19 @@ function profile_content(App $a, $update = 0) if (!empty($category)) { $sql_post_table = sprintf("INNER JOIN (SELECT `oid` FROM `term` WHERE `term` = '%s' AND `otype` = %d AND `type` = %d AND `uid` = %d ORDER BY `tid` DESC) AS `term` ON `item`.`id` = `term`.`oid` ", - DBA::escape(protect_sprintf($category)), intval(TERM_OBJ_POST), intval(TERM_CATEGORY), intval($a->profile['profile_uid'])); + DBA::escape(Strings::protectSprintf($category)), intval(TERM_OBJ_POST), intval(TERM_CATEGORY), intval($a->profile['profile_uid'])); } if (!empty($hashtags)) { $sql_post_table .= sprintf("INNER JOIN (SELECT `oid` FROM `term` WHERE `term` = '%s' AND `otype` = %d AND `type` = %d AND `uid` = %d ORDER BY `tid` DESC) AS `term` ON `item`.`id` = `term`.`oid` ", - DBA::escape(protect_sprintf($hashtags)), intval(TERM_OBJ_POST), intval(TERM_HASHTAG), intval($a->profile['profile_uid'])); + DBA::escape(Strings::protectSprintf($hashtags)), intval(TERM_OBJ_POST), intval(TERM_HASHTAG), intval($a->profile['profile_uid'])); } if (!empty($datequery)) { - $sql_extra2 .= protect_sprintf(sprintf(" AND `thread`.`created` <= '%s' ", DBA::escape(DateTimeFormat::convert($datequery, 'UTC', date_default_timezone_get())))); + $sql_extra2 .= Strings::protectSprintf(sprintf(" AND `thread`.`created` <= '%s' ", DBA::escape(DateTimeFormat::convert($datequery, 'UTC', date_default_timezone_get())))); } if (!empty($datequery2)) { - $sql_extra2 .= protect_sprintf(sprintf(" AND `thread`.`created` >= '%s' ", DBA::escape(DateTimeFormat::convert($datequery2, 'UTC', date_default_timezone_get())))); + $sql_extra2 .= Strings::protectSprintf(sprintf(" AND `thread`.`created` >= '%s' ", DBA::escape(DateTimeFormat::convert($datequery2, 'UTC', date_default_timezone_get())))); } // Does the profile page belong to a forum? diff --git a/mod/profile_photo.php b/mod/profile_photo.php index 3304e3cab..d8e236a73 100644 --- a/mod/profile_photo.php +++ b/mod/profile_photo.php @@ -16,6 +16,7 @@ use Friendica\Model\Photo; use Friendica\Model\Profile; use Friendica\Object\Image; use Friendica\Util\Security; +use Friendica\Util\Strings; function profile_photo_init(App $a) { @@ -151,7 +152,7 @@ function profile_photo_post(App $a) $maximagesize = Config::get('system', 'maximagesize'); if (($maximagesize) && ($filesize > $maximagesize)) { - notice(L10n::t('Image exceeds size limit of %s', formatBytes($maximagesize)) . EOL); + notice(L10n::t('Image exceeds size limit of %s', Strings::formatBytes($maximagesize)) . EOL); @unlink($src); return; } diff --git a/mod/profiles.php b/mod/profiles.php index a535f2fc2..459a1c5e7 100644 --- a/mod/profiles.php +++ b/mod/profiles.php @@ -22,6 +22,7 @@ use Friendica\Model\Profile; use Friendica\Module\Login; use Friendica\Network\Probe; use Friendica\Util\DateTimeFormat; +use Friendica\Util\Strings; use Friendica\Util\Temporal; function profiles_init(App $a) { @@ -201,13 +202,13 @@ function profiles_post(App $a) { $is_default = (($orig[0]['is-default']) ? 1 : 0); - $profile_name = notags(trim($_POST['profile_name'])); + $profile_name = Strings::escapeTags(trim($_POST['profile_name'])); if (! strlen($profile_name)) { notice(L10n::t('Profile Name is required.') . EOL); return; } - $dob = $_POST['dob'] ? escape_tags(trim($_POST['dob'])) : '0000-00-00'; + $dob = $_POST['dob'] ? Strings::escapeHtml(trim($_POST['dob'])) : '0000-00-00'; $y = substr($dob, 0, 4); if ((! ctype_digit($y)) || ($y < 1900)) { @@ -228,7 +229,7 @@ function profiles_post(App $a) { } } - $name = notags(trim($_POST['name'])); + $name = Strings::escapeTags(trim($_POST['name'])); if (! strlen($name)) { $name = '[No Name]'; @@ -238,19 +239,19 @@ function profiles_post(App $a) { $namechanged = true; } - $pdesc = notags(trim($_POST['pdesc'])); - $gender = notags(trim($_POST['gender'])); - $address = notags(trim($_POST['address'])); - $locality = notags(trim($_POST['locality'])); - $region = notags(trim($_POST['region'])); - $postal_code = notags(trim($_POST['postal_code'])); - $country_name = notags(trim($_POST['country_name'])); - $pub_keywords = profile_clean_keywords(notags(trim($_POST['pub_keywords']))); - $prv_keywords = profile_clean_keywords(notags(trim($_POST['prv_keywords']))); - $marital = notags(trim($_POST['marital'])); - $howlong = notags(trim($_POST['howlong'])); + $pdesc = Strings::escapeTags(trim($_POST['pdesc'])); + $gender = Strings::escapeTags(trim($_POST['gender'])); + $address = Strings::escapeTags(trim($_POST['address'])); + $locality = Strings::escapeTags(trim($_POST['locality'])); + $region = Strings::escapeTags(trim($_POST['region'])); + $postal_code = Strings::escapeTags(trim($_POST['postal_code'])); + $country_name = Strings::escapeTags(trim($_POST['country_name'])); + $pub_keywords = profile_clean_keywords(Strings::escapeTags(trim($_POST['pub_keywords']))); + $prv_keywords = profile_clean_keywords(Strings::escapeTags(trim($_POST['prv_keywords']))); + $marital = Strings::escapeTags(trim($_POST['marital'])); + $howlong = Strings::escapeTags(trim($_POST['howlong'])); - $with = ((x($_POST,'with')) ? notags(trim($_POST['with'])) : ''); + $with = ((x($_POST,'with')) ? Strings::escapeTags(trim($_POST['with'])) : ''); if (! strlen($howlong)) { $howlong = DBA::NULL_DATETIME; @@ -311,30 +312,30 @@ function profiles_post(App $a) { } /// @TODO Not flexible enough for later expansion, let's have more OOP here - $sexual = notags(trim($_POST['sexual'])); - $xmpp = notags(trim($_POST['xmpp'])); - $homepage = notags(trim($_POST['homepage'])); + $sexual = Strings::escapeTags(trim($_POST['sexual'])); + $xmpp = Strings::escapeTags(trim($_POST['xmpp'])); + $homepage = Strings::escapeTags(trim($_POST['homepage'])); if ((strpos($homepage, 'http') !== 0) && (strlen($homepage))) { // neither http nor https in URL, add them $homepage = 'http://'.$homepage; } - $hometown = notags(trim($_POST['hometown'])); - $politic = notags(trim($_POST['politic'])); - $religion = notags(trim($_POST['religion'])); + $hometown = Strings::escapeTags(trim($_POST['hometown'])); + $politic = Strings::escapeTags(trim($_POST['politic'])); + $religion = Strings::escapeTags(trim($_POST['religion'])); - $likes = escape_tags(trim($_POST['likes'])); - $dislikes = escape_tags(trim($_POST['dislikes'])); + $likes = Strings::escapeHtml(trim($_POST['likes'])); + $dislikes = Strings::escapeHtml(trim($_POST['dislikes'])); - $about = escape_tags(trim($_POST['about'])); - $interest = escape_tags(trim($_POST['interest'])); - $contact = escape_tags(trim($_POST['contact'])); - $music = escape_tags(trim($_POST['music'])); - $book = escape_tags(trim($_POST['book'])); - $tv = escape_tags(trim($_POST['tv'])); - $film = escape_tags(trim($_POST['film'])); - $romance = escape_tags(trim($_POST['romance'])); - $work = escape_tags(trim($_POST['work'])); - $education = escape_tags(trim($_POST['education'])); + $about = Strings::escapeHtml(trim($_POST['about'])); + $interest = Strings::escapeHtml(trim($_POST['interest'])); + $contact = Strings::escapeHtml(trim($_POST['contact'])); + $music = Strings::escapeHtml(trim($_POST['music'])); + $book = Strings::escapeHtml(trim($_POST['book'])); + $tv = Strings::escapeHtml(trim($_POST['tv'])); + $film = Strings::escapeHtml(trim($_POST['film'])); + $romance = Strings::escapeHtml(trim($_POST['romance'])); + $work = Strings::escapeHtml(trim($_POST['work'])); + $education = Strings::escapeHtml(trim($_POST['education'])); $hide_friends = (($_POST['hide-friends'] == 1) ? 1: 0); diff --git a/mod/pubsub.php b/mod/pubsub.php index e14d50086..f0a8d463c 100644 --- a/mod/pubsub.php +++ b/mod/pubsub.php @@ -6,6 +6,7 @@ use Friendica\Core\Protocol; use Friendica\Database\DBA; use Friendica\Model\Contact; use Friendica\Protocol\OStatus; +use Friendica\Util\Strings; require_once 'include/items.php'; @@ -30,15 +31,15 @@ function hub_post_return() function pubsub_init(App $a) { - $nick = (($a->argc > 1) ? notags(trim($a->argv[1])) : ''); + $nick = (($a->argc > 1) ? Strings::escapeTags(trim($a->argv[1])) : ''); $contact_id = (($a->argc > 2) ? intval($a->argv[2]) : 0 ); if ($_SERVER['REQUEST_METHOD'] === 'GET') { - $hub_mode = notags(trim(defaults($_GET, 'hub_mode', ''))); - $hub_topic = notags(trim(defaults($_GET, 'hub_topic', ''))); - $hub_challenge = notags(trim(defaults($_GET, 'hub_challenge', ''))); - $hub_lease = notags(trim(defaults($_GET, 'hub_lease_seconds', ''))); - $hub_verify = notags(trim(defaults($_GET, 'hub_verify_token', ''))); + $hub_mode = Strings::escapeTags(trim(defaults($_GET, 'hub_mode', ''))); + $hub_topic = Strings::escapeTags(trim(defaults($_GET, 'hub_topic', ''))); + $hub_challenge = Strings::escapeTags(trim(defaults($_GET, 'hub_challenge', ''))); + $hub_lease = Strings::escapeTags(trim(defaults($_GET, 'hub_lease_seconds', ''))); + $hub_verify = Strings::escapeTags(trim(defaults($_GET, 'hub_verify_token', ''))); Logger::log('Subscription from ' . $_SERVER['REMOTE_ADDR'] . ' Mode: ' . $hub_mode . ' Nick: ' . $nick); Logger::log('Data: ' . print_r($_GET,true), Logger::DATA); @@ -63,7 +64,7 @@ function pubsub_init(App $a) hub_return(false, ''); } - if (!empty($hub_topic) && !link_compare($hub_topic, $contact['poll'])) { + if (!empty($hub_topic) && !Strings::compareLink($hub_topic, $contact['poll'])) { Logger::log('Hub topic ' . $hub_topic . ' != ' . $contact['poll']); hub_return(false, ''); } @@ -91,7 +92,7 @@ function pubsub_post(App $a) Logger::log('Feed arrived from ' . $_SERVER['REMOTE_ADDR'] . ' for ' . $a->cmd . ' with user-agent: ' . $_SERVER['HTTP_USER_AGENT']); Logger::log('Data: ' . $xml, Logger::DATA); - $nick = (($a->argc > 1) ? notags(trim($a->argv[1])) : ''); + $nick = (($a->argc > 1) ? Strings::escapeTags(trim($a->argv[1])) : ''); $contact_id = (($a->argc > 2) ? intval($a->argv[2]) : 0 ); $importer = DBA::selectFirst('user', [], ['nickname' => $nick, 'account_expired' => false, 'account_removed' => false]); diff --git a/mod/pubsubhubbub.php b/mod/pubsubhubbub.php index ea27f0482..d38cbe227 100644 --- a/mod/pubsubhubbub.php +++ b/mod/pubsubhubbub.php @@ -7,9 +7,10 @@ use Friendica\Core\System; use Friendica\Database\DBA; use Friendica\Model\PushSubscriber; use Friendica\Util\Network; +use Friendica\Util\Strings; function post_var($name) { - return (x($_POST, $name)) ? notags(trim($_POST[$name])) : ''; + return (x($_POST, $name)) ? Strings::escapeTags(trim($_POST[$name])) : ''; } function pubsubhubbub_init(App $a) { @@ -87,13 +88,13 @@ function pubsubhubbub_init(App $a) { // sanity check that topic URLs are the same $hub_topic2 = str_replace('/feed/', '/dfrn_poll/', $hub_topic); - if (!link_compare($hub_topic, $contact['poll']) && !link_compare($hub_topic2, $contact['poll'])) { + if (!Strings::compareLink($hub_topic, $contact['poll']) && !Strings::compareLink($hub_topic2, $contact['poll'])) { Logger::log('Hub topic ' . $hub_topic . ' != ' . $contact['poll']); System::httpExit(404); } // do subscriber verification according to the PuSH protocol - $hub_challenge = random_string(40); + $hub_challenge = Strings::getRandomHex(40); $params = 'hub.mode=' . ($subscribe == 1 ? 'subscribe' : 'unsubscribe') . '&hub.topic=' . urlencode($hub_topic) . diff --git a/mod/redir.php b/mod/redir.php index 088a5f55e..f22af545f 100644 --- a/mod/redir.php +++ b/mod/redir.php @@ -8,6 +8,7 @@ use Friendica\Core\System; use Friendica\Database\DBA; use Friendica\Model\Contact; use Friendica\Model\Profile; +use Friendica\Util\Strings; function redir_init(App $a) { @@ -93,7 +94,7 @@ function redir_init(App $a) { $dfrn_id = '0:' . $orig_id; } - $sec = random_string(); + $sec = Strings::getRandomHex(); $fields = ['uid' => local_user(), 'cid' => $cid, 'dfrn_id' => $dfrn_id, 'sec' => $sec, 'expire' => time() + 45]; @@ -115,7 +116,7 @@ function redir_init(App $a) { if (!empty($url)) { $my_profile = Profile::getMyURL(); - if (!empty($my_profile) && !link_compare($my_profile, $url)) { + if (!empty($my_profile) && !Strings::compareLink($my_profile, $url)) { $separator = strpos($url, '?') ? '&' : '?'; $url .= $separator . 'zrl=' . urlencode($my_profile); diff --git a/mod/register.php b/mod/register.php index d8231bd21..2b0d87ca9 100644 --- a/mod/register.php +++ b/mod/register.php @@ -16,6 +16,7 @@ use Friendica\Core\System; use Friendica\Core\Worker; use Friendica\Model; use Friendica\Module\Tos; +use Friendica\Util\Strings; require_once 'include/enotify.php'; @@ -83,7 +84,7 @@ function register_post(App $a) $using_invites = Config::get('system', 'invitation_only'); $num_invites = Config::get('system', 'number_invites'); - $invite_id = ((x($_POST, 'invite_id')) ? notags(trim($_POST['invite_id'])) : ''); + $invite_id = ((x($_POST, 'invite_id')) ? Strings::escapeTags(trim($_POST['invite_id'])) : ''); if (intval(Config::get('config', 'register_policy')) === REGISTER_OPEN) { if ($using_invites && $invite_id) { diff --git a/mod/removeme.php b/mod/removeme.php index c2ceb7d4c..44671ef07 100644 --- a/mod/removeme.php +++ b/mod/removeme.php @@ -68,7 +68,7 @@ function removeme_content(App $a) $a->internalRedirect(); } - $hash = random_string(); + $hash = Strings::getRandomHex(); require_once("mod/settings.php"); settings_init($a); diff --git a/mod/salmon.php b/mod/salmon.php index 23e4e8884..02339c777 100644 --- a/mod/salmon.php +++ b/mod/salmon.php @@ -12,6 +12,7 @@ use Friendica\Model\Contact; use Friendica\Protocol\OStatus; use Friendica\Protocol\Salmon; use Friendica\Util\Crypto; +use Friendica\Util\Strings; require_once 'include/items.php'; @@ -23,7 +24,7 @@ function salmon_post(App $a, $xml = '') { Logger::log('new salmon ' . $xml, Logger::DATA); - $nick = (($a->argc > 1) ? notags(trim($a->argv[1])) : ''); + $nick = (($a->argc > 1) ? Strings::escapeTags(trim($a->argv[1])) : ''); $mentions = (($a->argc > 2 && $a->argv[2] === 'mention') ? true : false); $r = q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `account_expired` = 0 AND `account_removed` = 0 LIMIT 1", @@ -57,7 +58,7 @@ function salmon_post(App $a, $xml = '') { // Stash the signature away for now. We have to find their key or it won't be good for anything. - $signature = base64url_decode($base->sig); + $signature = Strings::base64UrlDecode($base->sig); // unpack the data @@ -76,13 +77,13 @@ function salmon_post(App $a, $xml = '') { $stnet_signed_data = $data; - $signed_data = $data . '.' . base64url_encode($type) . '.' . base64url_encode($encoding) . '.' . base64url_encode($alg); + $signed_data = $data . '.' . Strings::base64UrlEncode($type) . '.' . Strings::base64UrlEncode($encoding) . '.' . Strings::base64UrlEncode($alg); $compliant_format = str_replace('=', '', $signed_data); // decode the data - $data = base64url_decode($data); + $data = Strings::base64UrlDecode($data); $author = OStatus::salmonAuthor($data, $importer); $author_link = $author["author-link"]; @@ -105,8 +106,8 @@ function salmon_post(App $a, $xml = '') { $key_info = explode('.',$key); - $m = base64url_decode($key_info[1]); - $e = base64url_decode($key_info[2]); + $m = Strings::base64UrlDecode($key_info[1]); + $e = Strings::base64UrlDecode($key_info[2]); Logger::log('key details: ' . print_r($key_info,true), Logger::DEBUG); @@ -149,9 +150,9 @@ function salmon_post(App $a, $xml = '') { AND `uid` = %d LIMIT 1", DBA::escape(Protocol::OSTATUS), DBA::escape(Protocol::DFRN), - DBA::escape(normalise_link($author_link)), + DBA::escape(Strings::normaliseLink($author_link)), DBA::escape($author_link), - DBA::escape(normalise_link($author_link)), + DBA::escape(Strings::normaliseLink($author_link)), intval($importer['uid']) ); diff --git a/mod/search.php b/mod/search.php index 809a6f7e8..f552ad43c 100644 --- a/mod/search.php +++ b/mod/search.php @@ -16,6 +16,7 @@ use Friendica\Core\Renderer; use Friendica\Core\System; use Friendica\Database\DBA; use Friendica\Model\Item; +use Friendica\Util\Strings; require_once 'include/conversation.php'; require_once 'mod/dirfind.php'; @@ -23,7 +24,7 @@ require_once 'mod/dirfind.php'; function search_saved_searches() { $o = ''; - $search = ((x($_GET,'search')) ? notags(trim(rawurldecode($_GET['search']))) : ''); + $search = ((x($_GET,'search')) ? Strings::escapeTags(trim(rawurldecode($_GET['search']))) : ''); if (!Feature::isEnabled(local_user(),'savedsearch')) return $o; @@ -62,7 +63,7 @@ function search_saved_searches() { function search_init(App $a) { - $search = ((x($_GET,'search')) ? notags(trim(rawurldecode($_GET['search']))) : ''); + $search = ((x($_GET,'search')) ? Strings::escapeTags(trim(rawurldecode($_GET['search']))) : ''); if (local_user()) { if (x($_GET,'save') && $search) { @@ -149,14 +150,14 @@ function search_content(App $a) { $search = ''; if (x($a->data,'search')) - $search = notags(trim($a->data['search'])); + $search = Strings::escapeTags(trim($a->data['search'])); else - $search = ((x($_GET,'search')) ? notags(trim(rawurldecode($_GET['search']))) : ''); + $search = ((x($_GET,'search')) ? Strings::escapeTags(trim(rawurldecode($_GET['search']))) : ''); $tag = false; if (x($_GET,'tag')) { $tag = true; - $search = (x($_GET,'tag') ? '#' . notags(trim(rawurldecode($_GET['tag']))) : ''); + $search = (x($_GET,'tag') ? '#' . Strings::escapeTags(trim(rawurldecode($_GET['tag']))) : ''); } // contruct a wrapper for the search header diff --git a/mod/settings.php b/mod/settings.php index d88628840..857012048 100644 --- a/mod/settings.php +++ b/mod/settings.php @@ -25,6 +25,7 @@ use Friendica\Model\User; use Friendica\Module\Login; use Friendica\Protocol\Email; use Friendica\Util\Network; +use Friendica\Util\Strings; use Friendica\Util\Temporal; function get_theme_config_file($theme) @@ -314,8 +315,8 @@ function settings_post(App $a) if (($a->argc > 1) && ($a->argv[1] === 'display')) { BaseModule::checkFormSecurityTokenRedirectOnError('/settings/display', 'settings_display'); - $theme = x($_POST, 'theme') ? notags(trim($_POST['theme'])) : $a->user['theme']; - $mobile_theme = x($_POST, 'mobile_theme') ? notags(trim($_POST['mobile_theme'])) : ''; + $theme = x($_POST, 'theme') ? Strings::escapeTags(trim($_POST['theme'])) : $a->user['theme']; + $mobile_theme = x($_POST, 'mobile_theme') ? Strings::escapeTags(trim($_POST['mobile_theme'])) : ''; $nosmile = x($_POST, 'nosmile') ? intval($_POST['nosmile']) : 0; $first_day_of_week = x($_POST, 'first_day_of_week') ? intval($_POST['first_day_of_week']) : 0; $noinfo = x($_POST, 'noinfo') ? intval($_POST['noinfo']) : 0; @@ -422,13 +423,13 @@ function settings_post(App $a) } } - $username = ((x($_POST, 'username')) ? notags(trim($_POST['username'])) : ''); - $email = ((x($_POST, 'email')) ? notags(trim($_POST['email'])) : ''); - $timezone = ((x($_POST, 'timezone')) ? notags(trim($_POST['timezone'])) : ''); - $language = ((x($_POST, 'language')) ? notags(trim($_POST['language'])) : ''); + $username = ((x($_POST, 'username')) ? Strings::escapeTags(trim($_POST['username'])) : ''); + $email = ((x($_POST, 'email')) ? Strings::escapeTags(trim($_POST['email'])) : ''); + $timezone = ((x($_POST, 'timezone')) ? Strings::escapeTags(trim($_POST['timezone'])) : ''); + $language = ((x($_POST, 'language')) ? Strings::escapeTags(trim($_POST['language'])) : ''); - $defloc = ((x($_POST, 'defloc')) ? notags(trim($_POST['defloc'])) : ''); - $openid = ((x($_POST, 'openid_url')) ? notags(trim($_POST['openid_url'])) : ''); + $defloc = ((x($_POST, 'defloc')) ? Strings::escapeTags(trim($_POST['defloc'])) : ''); + $openid = ((x($_POST, 'openid_url')) ? Strings::escapeTags(trim($_POST['openid_url'])) : ''); $maxreq = ((x($_POST, 'maxreq')) ? intval($_POST['maxreq']) : 0); $expire = ((x($_POST, 'expire')) ? intval($_POST['expire']) : 0); $def_gid = ((x($_POST, 'group-selection')) ? intval($_POST['group-selection']) : 0); @@ -516,7 +517,7 @@ function settings_post(App $a) $email = $a->user['email']; } // check the email is valid - if (!valid_email($email)) { + if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $err .= L10n::t('Invalid email.'); } // ensure new email is not the admin mail @@ -544,7 +545,7 @@ function settings_post(App $a) $str_contact_deny = !empty($_POST['contact_deny']) ? perms2str($_POST['contact_deny']) : ''; $openidserver = $a->user['openidserver']; - //$openid = normalise_openid($openid); + //$openid = Strings::normaliseOpenID($openid); // If openid has changed or if there's an openid but no openidserver, try and discover it. if ($openid != $a->user['openid'] || (strlen($openid) && (!strlen($openidserver)))) { diff --git a/mod/subthread.php b/mod/subthread.php index 425306b6f..b287957b2 100644 --- a/mod/subthread.php +++ b/mod/subthread.php @@ -10,6 +10,7 @@ use Friendica\Core\System; use Friendica\Database\DBA; use Friendica\Model\Item; use Friendica\Util\Security; +use Friendica\Util\Strings; use Friendica\Util\XML; require_once 'include/items.php'; @@ -22,7 +23,7 @@ function subthread_content(App $a) { $activity = ACTIVITY_FOLLOW; - $item_id = (($a->argc > 1) ? notags(trim($a->argv[1])) : 0); + $item_id = (($a->argc > 1) ? Strings::escapeTags(trim($a->argv[1])) : 0); $condition = ["`parent` = ? OR `parent-uri` = ? AND `parent` = `id`", $item_id, $item_id]; $item = Item::selectFirst([], $condition); diff --git a/mod/tagger.php b/mod/tagger.php index dd859e61c..6c3c6157a 100644 --- a/mod/tagger.php +++ b/mod/tagger.php @@ -10,6 +10,7 @@ use Friendica\Core\System; use Friendica\Core\Worker; use Friendica\Database\DBA; use Friendica\Model\Item; +use Friendica\Util\Strings; use Friendica\Util\XML; require_once 'include/items.php'; @@ -20,7 +21,7 @@ function tagger_content(App $a) { return; } - $term = notags(trim($_GET['term'])); + $term = Strings::escapeTags(trim($_GET['term'])); // no commas allowed $term = str_replace([',',' '],['','_'],$term); @@ -28,7 +29,7 @@ function tagger_content(App $a) { return; } - $item_id = (($a->argc > 1) ? notags(trim($a->argv[1])) : 0); + $item_id = (($a->argc > 1) ? Strings::escapeTags(trim($a->argv[1])) : 0); Logger::log('tagger: tag ' . $term . ' item ' . $item_id); diff --git a/mod/tagrm.php b/mod/tagrm.php index 2678748de..3785d8750 100644 --- a/mod/tagrm.php +++ b/mod/tagrm.php @@ -9,6 +9,7 @@ use Friendica\Core\L10n; use Friendica\Database\DBA; use Friendica\Model\Item; use Friendica\Model\Term; +use Friendica\Util\Strings; function tagrm_post(App $a) { @@ -22,7 +23,7 @@ function tagrm_post(App $a) $tags = []; foreach (defaults($_POST, 'tag', []) as $tag) { - $tags[] = hex2bin(notags(trim($tag))); + $tags[] = hex2bin(Strings::escapeTags(trim($tag))); } $item_id = defaults($_POST,'item', 0); @@ -73,7 +74,7 @@ function tagrm_content(App $a) } if ($a->argc == 3) { - update_tags($a->argv[1], [notags(trim(hex2bin($a->argv[2])))]); + update_tags($a->argv[1], [Strings::escapeTags(trim(hex2bin($a->argv[2])))]); $a->internalRedirect($_SESSION['photo_return']); } diff --git a/mod/unfollow.php b/mod/unfollow.php index 372364810..9b1049286 100644 --- a/mod/unfollow.php +++ b/mod/unfollow.php @@ -12,6 +12,7 @@ use Friendica\Database\DBA; use Friendica\Model\Contact; use Friendica\Model\Profile; use Friendica\Model\User; +use Friendica\Util\Strings; function unfollow_post(App $a) { @@ -24,11 +25,11 @@ function unfollow_post(App $a) } $uid = local_user(); - $url = notags(trim(defaults($_REQUEST, 'url', ''))); + $url = Strings::escapeTags(trim(defaults($_REQUEST, 'url', ''))); $condition = ["`uid` = ? AND (`rel` = ? OR `rel` = ?) AND (`nurl` = ? OR `alias` = ? OR `alias` = ?)", - $uid, Contact::SHARING, Contact::FRIEND, normalise_link($url), - normalise_link($url), $url]; + $uid, Contact::SHARING, Contact::FRIEND, Strings::normaliseLink($url), + Strings::normaliseLink($url), $url]; $contact = DBA::selectFirst('contact', [], $condition); if (!DBA::isResult($contact)) { @@ -79,11 +80,11 @@ function unfollow_content(App $a) } $uid = local_user(); - $url = notags(trim($_REQUEST['url'])); + $url = Strings::escapeTags(trim($_REQUEST['url'])); $condition = ["`uid` = ? AND (`rel` = ? OR `rel` = ?) AND (`nurl` = ? OR `alias` = ? OR `alias` = ?)", - local_user(), Contact::SHARING, Contact::FRIEND, normalise_link($url), - normalise_link($url), $url]; + local_user(), Contact::SHARING, Contact::FRIEND, Strings::normaliseLink($url), + Strings::normaliseLink($url), $url]; $contact = DBA::selectFirst('contact', ['url', 'network', 'addr', 'name'], $condition); diff --git a/mod/wall_attach.php b/mod/wall_attach.php index 2a3038e8f..b4254ba64 100644 --- a/mod/wall_attach.php +++ b/mod/wall_attach.php @@ -11,6 +11,7 @@ use Friendica\Database\DBA; use Friendica\Model\Contact; use Friendica\Util\DateTimeFormat; use Friendica\Util\Mimetype; +use Friendica\Util\Strings; function wall_attach_post(App $a) { @@ -115,7 +116,7 @@ function wall_attach_post(App $a) { } if ($maxfilesize && $filesize > $maxfilesize) { - $msg = L10n::t('File exceeds size limit of %s', formatBytes($maxfilesize)); + $msg = L10n::t('File exceeds size limit of %s', Strings::formatBytes($maxfilesize)); if ($r_json) { echo json_encode(['error' => $msg]); } else { diff --git a/mod/wall_upload.php b/mod/wall_upload.php index 84e40d3b5..3358433da 100644 --- a/mod/wall_upload.php +++ b/mod/wall_upload.php @@ -17,13 +17,14 @@ use Friendica\Database\DBA; use Friendica\Model\Contact; use Friendica\Model\Photo; use Friendica\Object\Image; +use Friendica\Util\Strings; function wall_upload_post(App $a, $desktopmode = true) { Logger::log("wall upload: starting new upload", Logger::DEBUG); $r_json = (x($_GET, 'response') && $_GET['response'] == 'json'); - $album = (x($_GET, 'album') ? notags(trim($_GET['album'])) : ''); + $album = (x($_GET, 'album') ? Strings::escapeTags(trim($_GET['album'])) : ''); if ($a->argc > 1) { if (!x($_FILES, 'media')) { @@ -193,7 +194,7 @@ function wall_upload_post(App $a, $desktopmode = true) $maximagesize = Config::get('system', 'maximagesize'); if (($maximagesize) && ($filesize > $maximagesize)) { - $msg = L10n::t('Image exceeds size limit of %s', formatBytes($maximagesize)); + $msg = L10n::t('Image exceeds size limit of %s', Strings::formatBytes($maximagesize)); if ($r_json) { echo json_encode(['error' => $msg]); } else { diff --git a/mod/wallmessage.php b/mod/wallmessage.php index 78cdd5a55..b7a62b3ad 100644 --- a/mod/wallmessage.php +++ b/mod/wallmessage.php @@ -10,6 +10,7 @@ use Friendica\Core\System; use Friendica\Database\DBA; use Friendica\Model\Mail; use Friendica\Model\Profile; +use Friendica\Util\Strings; function wallmessage_post(App $a) { @@ -19,10 +20,10 @@ function wallmessage_post(App $a) { return; } - $subject = ((x($_REQUEST,'subject')) ? notags(trim($_REQUEST['subject'])) : ''); - $body = ((x($_REQUEST,'body')) ? escape_tags(trim($_REQUEST['body'])) : ''); + $subject = ((x($_REQUEST,'subject')) ? Strings::escapeTags(trim($_REQUEST['subject'])) : ''); + $body = ((x($_REQUEST,'body')) ? Strings::escapeHtml(trim($_REQUEST['body'])) : ''); - $recipient = (($a->argc > 1) ? notags($a->argv[1]) : ''); + $recipient = (($a->argc > 1) ? Strings::escapeTags($a->argv[1]) : ''); if ((! $recipient) || (! $body)) { return; } @@ -131,7 +132,7 @@ function wallmessage_content(App $a) { '$recipname' => $user['username'], '$nickname' => $user['nickname'], '$subjtxt' => ((x($_REQUEST, 'subject')) ? strip_tags($_REQUEST['subject']) : ''), - '$text' => ((x($_REQUEST, 'body')) ? escape_tags(htmlspecialchars($_REQUEST['body'])) : ''), + '$text' => ((x($_REQUEST, 'body')) ? Strings::escapeHtml(htmlspecialchars($_REQUEST['body'])) : ''), '$readonly' => '', '$yourmessage' => L10n::t('Your message:'), '$parent' => '', diff --git a/mod/xrd.php b/mod/xrd.php index 83f069d14..4b9b0ee8f 100644 --- a/mod/xrd.php +++ b/mod/xrd.php @@ -9,6 +9,7 @@ use Friendica\Core\Renderer; use Friendica\Core\System; use Friendica\Database\DBA; use Friendica\Protocol\Salmon; +use Friendica\Util\Strings; function xrd_init(App $a) { @@ -17,7 +18,7 @@ function xrd_init(App $a) System::httpExit(404); } - $uri = urldecode(notags(trim($_GET['uri']))); + $uri = urldecode(Strings::escapeTags(trim($_GET['uri']))); if (defaults($_SERVER, 'HTTP_ACCEPT', '') == 'application/jrd+json') { $mode = 'json'; } else { @@ -28,7 +29,7 @@ function xrd_init(App $a) System::httpExit(404); } - $uri = urldecode(notags(trim($_GET['resource']))); + $uri = urldecode(Strings::escapeTags(trim($_GET['resource']))); if (defaults($_SERVER, 'HTTP_ACCEPT', '') == 'application/xrd+xml') { $mode = 'xml'; } else { diff --git a/spec/dfrn2_contact_request.svg b/spec/dfrn2_contact_request.svg index cc78be55c..34de340f3 100644 --- a/spec/dfrn2_contact_request.svg +++ b/spec/dfrn2_contact_request.svg @@ -38,7 +38,7 @@ text { font:12px Dialog; } where self = 0 to look if this contact is already there (if issued-id or rel is already available return here because it seems that we are already connected) -- create a issued-id with $issued_id = random_string(); +- create a issued-id with $issued_id = Strings::getRandomHex(); - if we already found a contact record above update the issued-id with the one we have created - otherwise if Bob is not already in the contact table scrape diff --git a/spec/zot-2012.txt b/spec/zot-2012.txt index 2e1f3c3c4..3d939bab7 100644 --- a/spec/zot-2012.txt +++ b/spec/zot-2012.txt @@ -11,12 +11,12 @@ First create a global unique userid Site userid: https://macgirvin.com/1 -$guuid = base64url_encode(hash('whirlpool','https://macgirvin.com/1.' . mt_rand(1000000,9999999),1); +$guuid = Strings::base64UrlEncode(hash('whirlpool','https://macgirvin.com/1.' . mt_rand(1000000,9999999),1); Then create a hashed site destination. -$gduid = base64url_encode(hash('whirlpool', $guuid . 'https://macgirvin.com',1); +$gduid = Strings::base64UrlEncode(hash('whirlpool', $guuid . 'https://macgirvin.com',1); These two keys will identify you as a person+site pair in the future. You will also obtain a password upon introducing yourself to a site. diff --git a/src/App.php b/src/App.php index cf8fc7abe..12f302f06 100644 --- a/src/App.php +++ b/src/App.php @@ -816,12 +816,12 @@ class App public function removeBaseURL($origURL) { // Remove the hostname from the url if it is an internal link - $nurl = normalise_link($origURL); - $base = normalise_link($this->getBaseURL()); + $nurl = Util\Strings::normaliseLink($origURL); + $base = Util\Strings::normaliseLink($this->getBaseURL()); $url = str_replace($base . '/', '', $nurl); // if it is an external link return the orignal value - if ($url == normalise_link($origURL)) { + if ($url == Util\Strings::normaliseLink($origURL)) { return $origURL; } else { return $url; @@ -1443,7 +1443,7 @@ class App // and www.example.com vs example.com. // We will only change the url to an ip address if there is no existing setting - if (empty($url) || (!link_compare($url, $this->getBaseURL())) && (!preg_match("/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/", $this->getHostName()))) { + if (empty($url) || (!Util\Strings::compareLink($url, $this->getBaseURL())) && (!preg_match("/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/", $this->getHostName()))) { Core\Config::set('system', 'url', $this->getBaseURL()); } } diff --git a/src/Content/ContactSelector.php b/src/Content/ContactSelector.php index 298f2512e..a23acecc5 100644 --- a/src/Content/ContactSelector.php +++ b/src/Content/ContactSelector.php @@ -10,6 +10,7 @@ use Friendica\Core\Protocol; use Friendica\Core\System; use Friendica\Database\DBA; use Friendica\Util\Network; +use Friendica\Util\Strings; /** * @brief ContactSelector class @@ -106,12 +107,12 @@ class ContactSelector // Create the server url out of the profile url $parts = parse_url($profile); unset($parts['path']); - $server_url = [normalise_link(Network::unparseURL($parts))]; + $server_url = [Strings::normaliseLink(Network::unparseURL($parts))]; // Fetch the server url - $gcontact = DBA::selectFirst('gcontact', ['server_url'], ['nurl' => normalise_link($profile)]); + $gcontact = DBA::selectFirst('gcontact', ['server_url'], ['nurl' => Strings::normaliseLink($profile)]); if (!empty($gcontact) && !empty($gcontact['server_url'])) { - $server_url[] = normalise_link($gcontact['server_url']); + $server_url[] = Strings::normaliseLink($gcontact['server_url']); } // Now query the GServer for the platform name diff --git a/src/Content/OEmbed.php b/src/Content/OEmbed.php index 943b91e1f..c77db3827 100644 --- a/src/Content/OEmbed.php +++ b/src/Content/OEmbed.php @@ -21,6 +21,7 @@ use Friendica\Util\DateTimeFormat; use Friendica\Util\Network; use Friendica\Util\ParseUrl; use Friendica\Util\Proxy as ProxyUtils; +use Friendica\Util\Strings; require_once 'include/dba.php'; @@ -61,7 +62,7 @@ class OEmbed $cache_key = 'oembed:' . $a->videowidth . ':' . $embedurl; - $condition = ['url' => normalise_link($embedurl), 'maxwidth' => $a->videowidth]; + $condition = ['url' => Strings::normaliseLink($embedurl), 'maxwidth' => $a->videowidth]; $oembed_record = DBA::selectFirst('oembed', ['content'], $condition); if (DBA::isResult($oembed_record)) { $json_string = $oembed_record['content']; @@ -116,7 +117,7 @@ class OEmbed if (!empty($oembed->type) && $oembed->type != 'error') { DBA::insert('oembed', [ - 'url' => normalise_link($embedurl), + 'url' => Strings::normaliseLink($embedurl), 'maxwidth' => $a->videowidth, 'content' => $json_string, 'created' => DateTimeFormat::utcNow() @@ -373,7 +374,7 @@ class OEmbed } $width = '100%'; - $src = System::baseUrl() . '/oembed/' . base64url_encode($src); + $src = System::baseUrl() . '/oembed/' . Strings::base64UrlEncode($src); return ''; } diff --git a/src/Content/Smilies.php b/src/Content/Smilies.php index 39de3c20e..292841361 100644 --- a/src/Content/Smilies.php +++ b/src/Content/Smilies.php @@ -19,6 +19,7 @@ use Friendica\Core\Addon; use Friendica\Core\Config; use Friendica\Core\PConfig; use Friendica\Core\System; +use Friendica\Util\Strings; /** * This class contains functions to handle smiles @@ -241,7 +242,7 @@ class Smilies */ private static function encode($m) { - return(str_replace($m[1], base64url_encode($m[1]), $m[0])); + return(str_replace($m[1], Strings::base64UrlEncode($m[1]), $m[0])); } /** @@ -251,7 +252,7 @@ class Smilies */ private static function decode($m) { - return(str_replace($m[1], base64url_decode($m[1]), $m[0])); + return(str_replace($m[1], Strings::base64UrlDecode($m[1]), $m[0])); } diff --git a/src/Content/Text/BBCode.php b/src/Content/Text/BBCode.php index f37400f83..9c9adec0f 100644 --- a/src/Content/Text/BBCode.php +++ b/src/Content/Text/BBCode.php @@ -27,6 +27,7 @@ use Friendica\Util\Map; use Friendica\Util\Network; use Friendica\Util\ParseUrl; use Friendica\Util\Proxy as ProxyUtils; +use Friendica\Util\Strings; class BBCode extends BaseObject { @@ -943,7 +944,7 @@ class BBCode extends BaseObject case 3: // Diaspora $headline = '

' . html_entity_decode('♲ ', ENT_QUOTES, 'UTF-8') . $mention . ':

' . "\n"; - if (stripos(normalise_link($attributes['link']), 'http://twitter.com/') === 0) { + if (stripos(Strings::normaliseLink($attributes['link']), 'http://twitter.com/') === 0) { $text = ($is_quote_share? '
' : '') . '

' . $attributes['link'] . '

' . "\n"; } else { $text = ($is_quote_share? '
' : '') . $headline . '
' . trim($content) . '
' . "\n"; @@ -978,7 +979,7 @@ class BBCode extends BaseObject break; default: // Transforms quoted tweets in rich attachments to avoid nested tweets - if (stripos(normalise_link($attributes['link']), 'http://twitter.com/') === 0 && OEmbed::isAllowedURL($attributes['link'])) { + if (stripos(Strings::normaliseLink($attributes['link']), 'http://twitter.com/') === 0 && OEmbed::isAllowedURL($attributes['link'])) { try { $text = ($is_quote_share? '
' : '') . OEmbed::getHTML($attributes['link']); } catch (Exception $e) { @@ -1910,4 +1911,78 @@ class BBCode extends BaseObject return $text; } + + /** + * @brief Pull out all #hashtags and @person tags from $string. + * + * We also get @person@domain.com - which would make + * the regex quite complicated as tags can also + * end a sentence. So we'll run through our results + * and strip the period from any tags which end with one. + * Returns array of tags found, or empty array. + * + * @param string $string Post content + * + * @return array List of tag and person names + */ + public static function getTags($string) + { + $ret = []; + + // Convert hashtag links to hashtags + $string = preg_replace('/#\[url\=([^\[\]]*)\](.*?)\[\/url\]/ism', '#$2', $string); + + // ignore anything in a code block + $string = preg_replace('/\[code\](.*?)\[\/code\]/sm', '', $string); + + // Force line feeds at bbtags + $string = str_replace(['[', ']'], ["\n[", "]\n"], $string); + + // ignore anything in a bbtag + $string = preg_replace('/\[(.*?)\]/sm', '', $string); + + // Match full names against @tags including the space between first and last + // We will look these up afterward to see if they are full names or not recognisable. + + if (preg_match_all('/(@[^ \x0D\x0A,:?]+ [^ \x0D\x0A@,:?]+)([ \x0D\x0A@,:?]|$)/', $string, $matches)) { + foreach ($matches[1] as $match) { + if (strstr($match, ']')) { + // we might be inside a bbcode color tag - leave it alone + continue; + } + + if (substr($match, -1, 1) === '.') { + $ret[] = substr($match, 0, -1); + } else { + $ret[] = $match; + } + } + } + + // Otherwise pull out single word tags. These can be @nickname, @first_last + // and #hash tags. + + if (preg_match_all('/([!#@][^\^ \x0D\x0A,;:?]+)([ \x0D\x0A,;:?]|$)/', $string, $matches)) { + foreach ($matches[1] as $match) { + if (strstr($match, ']')) { + // we might be inside a bbcode color tag - leave it alone + continue; + } + if (substr($match, -1, 1) === '.') { + $match = substr($match,0,-1); + } + // ignore strictly numeric tags like #1 + if ((strpos($match, '#') === 0) && ctype_digit(substr($match, 1))) { + continue; + } + // try not to catch url fragments + if (strpos($string, $match) && preg_match('/[a-zA-z0-9\/]/', substr($string, strpos($string, $match) - 1, 1))) { + continue; + } + $ret[] = $match; + } + } + + return $ret; + } } diff --git a/src/Content/Text/HTML.php b/src/Content/Text/HTML.php index cdfd41c11..9b73da56d 100644 --- a/src/Content/Text/HTML.php +++ b/src/Content/Text/HTML.php @@ -7,6 +7,7 @@ namespace Friendica\Content\Text; use DOMDocument; use DOMXPath; +use Friendica\Content\Feature; use Friendica\Core\Addon; use Friendica\Core\L10n; use Friendica\Core\Config; @@ -17,9 +18,9 @@ use Friendica\Database\DBA; use Friendica\Model\Contact; use Friendica\Util\Network; use Friendica\Util\Proxy as ProxyUtils; +use Friendica\Util\Strings; use Friendica\Util\XML; use League\HTMLToMarkdown\HtmlConverter; -use Friendica\Content\Feature; class HTML { @@ -1011,7 +1012,7 @@ class HTML $tpl = Renderer::getMarkupTemplate('wall/content_filter.tpl'); $html = Renderer::replaceMacros($tpl, [ '$reasons' => $reasons, - '$rnd' => random_string(8), + '$rnd' => Strings::getRandomHex(8), '$openclose' => L10n::t('Click to open/close'), '$html' => $html ]); diff --git a/src/Content/Widget.php b/src/Content/Widget.php index 397a1863d..0ea539dec 100644 --- a/src/Content/Widget.php +++ b/src/Content/Widget.php @@ -18,6 +18,7 @@ use Friendica\Model\Contact; use Friendica\Model\FileTag; use Friendica\Model\GContact; use Friendica\Model\Profile; +use Friendica\Util\Strings; use Friendica\Util\XML; require_once 'boot.php'; @@ -270,11 +271,11 @@ class Widget if (!$cid) { if (Profile::getMyURL()) { $contact = DBA::selectFirst('contact', ['id'], - ['nurl' => normalise_link(Profile::getMyURL()), 'uid' => $profile_uid]); + ['nurl' => Strings::normaliseLink(Profile::getMyURL()), 'uid' => $profile_uid]); if (DBA::isResult($contact)) { $cid = $contact['id']; } else { - $gcontact = DBA::selectFirst('gcontact', ['id'], ['nurl' => normalise_link(Profile::getMyURL())]); + $gcontact = DBA::selectFirst('gcontact', ['id'], ['nurl' => Strings::normaliseLink(Profile::getMyURL())]); if (DBA::isResult($gcontact)) { $zcid = $gcontact['id']; } diff --git a/src/Core/Console/ArchiveContact.php b/src/Core/Console/ArchiveContact.php index 481037a5f..ffcd5a165 100644 --- a/src/Core/Console/ArchiveContact.php +++ b/src/Core/Console/ArchiveContact.php @@ -5,6 +5,7 @@ namespace Friendica\Core\Console; use Friendica\App; use Friendica\Core\L10n; use Friendica\Database\DBA; +use Friendica\Util\Strings; use RuntimeException; /** @@ -60,7 +61,7 @@ HELP; throw new RuntimeException('Friendica isn\'t properly installed yet.'); } - $nurl = normalise_link($this->getArgument(0)); + $nurl = Strings::normaliseLink($this->getArgument(0)); if (!DBA::exists('contact', ['nurl' => $nurl, 'archive' => false])) { throw new RuntimeException(L10n::t('Could not find any unarchived contact entry for this URL (%s)', $nurl)); } diff --git a/src/Core/Console/GlobalCommunitySilence.php b/src/Core/Console/GlobalCommunitySilence.php index 3ea6b4155..01413cab1 100644 --- a/src/Core/Console/GlobalCommunitySilence.php +++ b/src/Core/Console/GlobalCommunitySilence.php @@ -5,6 +5,7 @@ namespace Friendica\Core\Console; use Friendica\Core\Protocol; use Friendica\Database\DBA; use Friendica\Network\Probe; +use Friendica\Util\Strings; use RuntimeException; require_once 'include/text.php'; @@ -79,7 +80,7 @@ HELP; throw new RuntimeException('This account seems not to exist.'); } - $nurl = normalise_link($net['url']); + $nurl = Strings::normaliseLink($net['url']); $contact = DBA::selectFirst("contact", ["id"], ["nurl" => $nurl, "uid" => 0]); if (DBA::isResult($contact)) { DBA::update("contact", ["hidden" => true], ["id" => $contact["id"]]); diff --git a/src/Core/Installer.php b/src/Core/Installer.php index d2b5c4f05..f7190b2f8 100644 --- a/src/Core/Installer.php +++ b/src/Core/Installer.php @@ -11,6 +11,7 @@ use Friendica\Database\DBA; use Friendica\Database\DBStructure; use Friendica\Object\Image; use Friendica\Util\Network; +use Friendica\Util\Strings; /** * Contains methods for installation purpose of Friendica @@ -264,7 +265,7 @@ class Installer } if ($passed2) { - $str = autoname(8); + $str = Strings::getRandomName(8); $cmd = "$phppath util/testargs.php $str"; $result = trim(shell_exec($cmd)); $passed3 = $result == $str; @@ -510,7 +511,7 @@ class Installer if (function_exists('curl_init')) { $fetchResult = Network::fetchUrlFull($baseurl . "/install/testrewrite"); - $url = normalise_link($baseurl . "/install/testrewrite"); + $url = Strings::normaliseLink($baseurl . "/install/testrewrite"); if ($fetchResult->getReturnCode() != 204) { $fetchResult = Network::fetchUrlFull($url); } diff --git a/src/Core/Update.php b/src/Core/Update.php index 139688335..252ea8ef3 100644 --- a/src/Core/Update.php +++ b/src/Core/Update.php @@ -4,6 +4,7 @@ namespace Friendica\Core; use Friendica\Database\DBA; use Friendica\Database\DBStructure; +use Friendica\Util\Strings; class Update { @@ -209,7 +210,7 @@ class Update $lang = (($admin['language'])?$admin['language']:'en'); L10n::pushLang($lang); - $preamble = deindent(L10n::t(" + $preamble = Strings::deindent(L10n::t(" The friendica developers released update %s recently, but when I tried to install it, something went terribly wrong. This needs to be fixed soon and I can't do it alone. Please contact a @@ -244,7 +245,7 @@ class Update $lang = (($admin['language']) ? $admin['language'] : 'en'); L10n::pushLang($lang); - $preamble = deindent(L10n::t(" + $preamble = Strings::deindent(L10n::t(" The friendica database was successfully updated from %s to %s.", $from_build, $to_build)); diff --git a/src/Core/UserImport.php b/src/Core/UserImport.php index 7ccb6f80c..5488fe43f 100644 --- a/src/Core/UserImport.php +++ b/src/Core/UserImport.php @@ -10,6 +10,7 @@ use Friendica\Core\Protocol; use Friendica\Database\DBA; use Friendica\Model\Photo; use Friendica\Object\Image; +use Friendica\Util\Strings; require_once "include/dba.php"; @@ -119,8 +120,8 @@ class UserImport $oldbaseurl = $account['baseurl']; $newbaseurl = System::baseUrl(); - $oldaddr = str_replace('http://', '@', normalise_link($oldbaseurl)); - $newaddr = str_replace('http://', '@', normalise_link($newbaseurl)); + $oldaddr = str_replace('http://', '@', Strings::normaliseLink($oldbaseurl)); + $newaddr = str_replace('http://', '@', Strings::normaliseLink($newbaseurl)); if (!empty($account['profile']['addr'])) { $old_handle = $account['profile']['addr']; diff --git a/src/Model/APContact.php b/src/Model/APContact.php index 917e0895d..c306b3e00 100644 --- a/src/Model/APContact.php +++ b/src/Model/APContact.php @@ -7,13 +7,14 @@ namespace Friendica\Model; use Friendica\BaseObject; +use Friendica\Content\Text\HTML; use Friendica\Core\Logger; use Friendica\Database\DBA; use Friendica\Protocol\ActivityPub; use Friendica\Util\Network; use Friendica\Util\JsonLD; use Friendica\Util\DateTimeFormat; -use Friendica\Content\Text\HTML; +use Friendica\Util\Strings; require_once 'boot.php'; @@ -186,16 +187,16 @@ class APContact extends BaseObject // Update some data in the contact table with various ways to catch them all $contact_fields = ['name' => $apcontact['name'], 'about' => $apcontact['about']]; - DBA::update('contact', $contact_fields, ['nurl' => normalise_link($url)]); + DBA::update('contact', $contact_fields, ['nurl' => Strings::normaliseLink($url)]); - $contacts = DBA::select('contact', ['uid', 'id'], ['nurl' => normalise_link($url)]); + $contacts = DBA::select('contact', ['uid', 'id'], ['nurl' => Strings::normaliseLink($url)]); while ($contact = DBA::fetch($contacts)) { Contact::updateAvatar($apcontact['photo'], $contact['uid'], $contact['id']); } DBA::close($contacts); // Update the gcontact table - DBA::update('gcontact', $contact_fields, ['nurl' => normalise_link($url)]); + DBA::update('gcontact', $contact_fields, ['nurl' => Strings::normaliseLink($url)]); Logger::log('Updated profile for ' . $url, Logger::DEBUG); diff --git a/src/Model/Contact.php b/src/Model/Contact.php index 5d571e30e..8e150b506 100644 --- a/src/Model/Contact.php +++ b/src/Model/Contact.php @@ -25,6 +25,7 @@ use Friendica\Protocol\PortableContact; use Friendica\Protocol\Salmon; use Friendica\Util\DateTimeFormat; use Friendica\Util\Network; +use Friendica\Util\Strings; require_once 'boot.php'; require_once 'include/dba.php'; @@ -392,7 +393,7 @@ class Contact extends BaseObject 'blocked' => 0, 'pending' => 0, 'url' => System::baseUrl() . '/profile/' . $user['nickname'], - 'nurl' => normalise_link(System::baseUrl() . '/profile/' . $user['nickname']), + 'nurl' => Strings::normaliseLink(System::baseUrl() . '/profile/' . $user['nickname']), 'addr' => $user['nickname'] . '@' . substr(System::baseUrl(), strpos(System::baseUrl(), '://') + 3), 'request' => System::baseUrl() . '/dfrn_request/' . $user['nickname'], 'notify' => System::baseUrl() . '/dfrn_notify/' . $user['nickname'], @@ -477,7 +478,7 @@ class Contact extends BaseObject // it seems as if ported accounts can have wrong values, so we make sure that now everything is fine. $fields['url'] = System::baseUrl() . '/profile/' . $user['nickname']; - $fields['nurl'] = normalise_link($fields['url']); + $fields['nurl'] = Strings::normaliseLink($fields['url']); $fields['addr'] = $user['nickname'] . '@' . substr(System::baseUrl(), strpos(System::baseUrl(), '://') + 3); $fields['request'] = System::baseUrl() . '/dfrn_request/' . $user['nickname']; $fields['notify'] = System::baseUrl() . '/dfrn_notify/' . $user['nickname']; @@ -597,7 +598,7 @@ class Contact extends BaseObject if ($contact['term-date'] <= DBA::NULL_DATETIME) { DBA::update('contact', ['term-date' => DateTimeFormat::utcNow()], ['id' => $contact['id']]); - DBA::update('contact', ['term-date' => DateTimeFormat::utcNow()], ['`nurl` = ? AND `term-date` <= ? AND NOT `self`', normalise_link($contact['url']), DBA::NULL_DATETIME]); + DBA::update('contact', ['term-date' => DateTimeFormat::utcNow()], ['`nurl` = ? AND `term-date` <= ? AND NOT `self`', Strings::normaliseLink($contact['url']), DBA::NULL_DATETIME]); } else { /* @todo * We really should send a notification to the owner after 2-3 weeks @@ -615,7 +616,7 @@ class Contact extends BaseObject * the whole process over again. */ DBA::update('contact', ['archive' => 1], ['id' => $contact['id']]); - DBA::update('contact', ['archive' => 1], ['nurl' => normalise_link($contact['url']), 'self' => false]); + DBA::update('contact', ['archive' => 1], ['nurl' => Strings::normaliseLink($contact['url']), 'self' => false]); } } } @@ -649,7 +650,7 @@ class Contact extends BaseObject // It's a miracle. Our dead contact has inexplicably come back to life. $fields = ['term-date' => DBA::NULL_DATETIME, 'archive' => false]; DBA::update('contact', $fields, ['id' => $contact['id']]); - DBA::update('contact', $fields, ['nurl' => normalise_link($contact['url'])]); + DBA::update('contact', $fields, ['nurl' => Strings::normaliseLink($contact['url'])]); if (!empty($contact['batch'])) { $condition = ['batch' => $contact['batch'], 'contact-type' => self::ACCOUNT_TYPE_RELAY]; @@ -690,14 +691,14 @@ class Contact extends BaseObject // Fetch contact data from the contact table for the given user $s = DBA::p("SELECT `id`, `id` AS `cid`, 0 AS `gid`, 0 AS `zid`, `uid`, `url`, `nurl`, `alias`, `network`, `name`, `nick`, `addr`, `location`, `about`, `xmpp`, `keywords`, `gender`, `photo`, `thumb`, `micro`, `forum`, `prv`, (`forum` | `prv`) AS `community`, `contact-type`, `bd` AS `birthday`, `self` - FROM `contact` WHERE `nurl` = ? AND `uid` = ?", normalise_link($url), $uid); + FROM `contact` WHERE `nurl` = ? AND `uid` = ?", Strings::normaliseLink($url), $uid); $r = DBA::toArray($s); // Fetch contact data from the contact table for the given user, checking with the alias if (!DBA::isResult($r)) { $s = DBA::p("SELECT `id`, `id` AS `cid`, 0 AS `gid`, 0 AS `zid`, `uid`, `url`, `nurl`, `alias`, `network`, `name`, `nick`, `addr`, `location`, `about`, `xmpp`, `keywords`, `gender`, `photo`, `thumb`, `micro`, `forum`, `prv`, (`forum` | `prv`) AS `community`, `contact-type`, `bd` AS `birthday`, `self` - FROM `contact` WHERE `alias` IN (?, ?, ?) AND `uid` = ?", normalise_link($url), $url, $ssl_url, $uid); + FROM `contact` WHERE `alias` IN (?, ?, ?) AND `uid` = ?", Strings::normaliseLink($url), $url, $ssl_url, $uid); $r = DBA::toArray($s); } @@ -705,7 +706,7 @@ class Contact extends BaseObject if (!DBA::isResult($r)) { $s = DBA::p("SELECT `id`, 0 AS `cid`, `id` AS `zid`, 0 AS `gid`, `uid`, `url`, `nurl`, `alias`, `network`, `name`, `nick`, `addr`, `location`, `about`, `xmpp`, `keywords`, `gender`, `photo`, `thumb`, `micro`, `forum`, `prv`, (`forum` | `prv`) AS `community`, `contact-type`, `bd` AS `birthday`, 0 AS `self` - FROM `contact` WHERE `nurl` = ? AND `uid` = 0", normalise_link($url)); + FROM `contact` WHERE `nurl` = ? AND `uid` = 0", Strings::normaliseLink($url)); $r = DBA::toArray($s); } @@ -713,7 +714,7 @@ class Contact extends BaseObject if (!DBA::isResult($r)) { $s = DBA::p("SELECT `id`, 0 AS `cid`, `id` AS `zid`, 0 AS `gid`, `uid`, `url`, `nurl`, `alias`, `network`, `name`, `nick`, `addr`, `location`, `about`, `xmpp`, `keywords`, `gender`, `photo`, `thumb`, `micro`, `forum`, `prv`, (`forum` | `prv`) AS `community`, `contact-type`, `bd` AS `birthday`, 0 AS `self` - FROM `contact` WHERE `alias` IN (?, ?, ?) AND `uid` = 0", normalise_link($url), $url, $ssl_url); + FROM `contact` WHERE `alias` IN (?, ?, ?) AND `uid` = 0", Strings::normaliseLink($url), $url, $ssl_url); $r = DBA::toArray($s); } @@ -721,7 +722,7 @@ class Contact extends BaseObject if (!DBA::isResult($r)) { $s = DBA::p("SELECT 0 AS `id`, 0 AS `cid`, `id` AS `gid`, 0 AS `zid`, 0 AS `uid`, `url`, `nurl`, `alias`, `network`, `name`, `nick`, `addr`, `location`, `about`, '' AS `xmpp`, `keywords`, `gender`, `photo`, `photo` AS `thumb`, `photo` AS `micro`, 0 AS `forum`, 0 AS `prv`, `community`, `contact-type`, `birthday`, 0 AS `self` - FROM `gcontact` WHERE `nurl` = ?", normalise_link($url)); + FROM `gcontact` WHERE `nurl` = ?", Strings::normaliseLink($url)); $r = DBA::toArray($s); } @@ -1038,7 +1039,7 @@ class Contact extends BaseObject /// @todo Verify if we can't use Contact::getDetailsByUrl instead of the following // We first try the nurl (http://server.tld/nick), most common case - $contact = DBA::selectFirst('contact', ['id', 'avatar', 'avatar-date'], ['nurl' => normalise_link($url), 'uid' => $uid, 'deleted' => false]); + $contact = DBA::selectFirst('contact', ['id', 'avatar', 'avatar-date'], ['nurl' => Strings::normaliseLink($url), 'uid' => $uid, 'deleted' => false]); // Then the addr (nick@server.tld) if (!DBA::isResult($contact)) { @@ -1049,7 +1050,7 @@ class Contact extends BaseObject if (!DBA::isResult($contact)) { // The link could be provided as http although we stored it as https $ssl_url = str_replace('http://', 'https://', $url); - $condition = ['`alias` IN (?, ?, ?) AND `uid` = ? AND NOT `deleted`', $url, normalise_link($url), $ssl_url, $uid]; + $condition = ['`alias` IN (?, ?, ?) AND `uid` = ? AND NOT `deleted`', $url, Strings::normaliseLink($url), $ssl_url, $uid]; $contact = DBA::selectFirst('contact', ['id', 'avatar', 'avatar-date'], $condition); } @@ -1076,7 +1077,7 @@ class Contact extends BaseObject $fields = ['url', 'addr', 'alias', 'notify', 'poll', 'name', 'nick', 'photo', 'keywords', 'location', 'about', 'network', 'priority', 'batch', 'request', 'confirm', 'poco']; - $data = DBA::selectFirst('contact', $fields, ['nurl' => normalise_link($url)]); + $data = DBA::selectFirst('contact', $fields, ['nurl' => Strings::normaliseLink($url)]); if (DBA::isResult($data)) { // For security reasons we don't fetch key data from our users @@ -1103,9 +1104,9 @@ class Contact extends BaseObject // Get data from the gcontact table $fields = ['name', 'nick', 'url', 'photo', 'addr', 'alias', 'network']; - $contact = DBA::selectFirst('gcontact', $fields, ['nurl' => normalise_link($url)]); + $contact = DBA::selectFirst('gcontact', $fields, ['nurl' => Strings::normaliseLink($url)]); if (!DBA::isResult($contact)) { - $contact = DBA::selectFirst('contact', $fields, ['nurl' => normalise_link($url)]); + $contact = DBA::selectFirst('contact', $fields, ['nurl' => Strings::normaliseLink($url)]); } if (!DBA::isResult($contact)) { @@ -1118,14 +1119,14 @@ class Contact extends BaseObject if (!DBA::isResult($contact)) { // The link could be provided as http although we stored it as https $ssl_url = str_replace('http://', 'https://', $url); - $condition = ['alias' => [$url, normalise_link($url), $ssl_url]]; + $condition = ['alias' => [$url, Strings::normaliseLink($url), $ssl_url]]; $contact = DBA::selectFirst('contact', $fields, $condition); } if (!DBA::isResult($contact)) { $fields = ['url', 'addr', 'alias', 'notify', 'poll', 'name', 'nick', 'photo', 'network', 'priority', 'batch', 'request', 'confirm']; - $condition = ['url' => [$url, normalise_link($url), $ssl_url]]; + $condition = ['url' => [$url, Strings::normaliseLink($url), $ssl_url]]; $contact = DBA::selectFirst('fcontact', $fields, $condition); } @@ -1150,7 +1151,7 @@ class Contact extends BaseObject 'uid' => $uid, 'created' => DateTimeFormat::utcNow(), 'url' => $data["url"], - 'nurl' => normalise_link($data["url"]), + 'nurl' => Strings::normaliseLink($data["url"]), 'addr' => $data["addr"], 'alias' => $data["alias"], 'notify' => $data["notify"], @@ -1178,7 +1179,7 @@ class Contact extends BaseObject 'pending' => 0] ); - $s = DBA::select('contact', ['id'], ['nurl' => normalise_link($data["url"]), 'uid' => $uid], ['order' => ['id'], 'limit' => 2]); + $s = DBA::select('contact', ['id'], ['nurl' => Strings::normaliseLink($data["url"]), 'uid' => $uid], ['order' => ['id'], 'limit' => 2]); $contacts = DBA::toArray($s); if (!DBA::isResult($contacts)) { return 0; @@ -1187,7 +1188,7 @@ class Contact extends BaseObject $contact_id = $contacts[0]["id"]; // Update the newly created contact from data in the gcontact table - $gcontact = DBA::selectFirst('gcontact', ['location', 'about', 'keywords', 'gender'], ['nurl' => normalise_link($data["url"])]); + $gcontact = DBA::selectFirst('gcontact', ['location', 'about', 'keywords', 'gender'], ['nurl' => Strings::normaliseLink($data["url"])]); if (DBA::isResult($gcontact)) { // Only use the information when the probing hadn't fetched these values if ($data['keywords'] != '') { @@ -1204,7 +1205,7 @@ class Contact extends BaseObject if (count($contacts) > 1 && $uid == 0 && $contact_id != 0 && $data["url"] != "") { DBA::delete('contact', ["`nurl` = ? AND `uid` = 0 AND `id` != ? AND NOT `self`", - normalise_link($data["url"]), $contact_id]); + Strings::normaliseLink($data["url"]), $contact_id]); } } @@ -1221,7 +1222,7 @@ class Contact extends BaseObject $updated = ['addr' => $data['addr'], 'alias' => $data['alias'], 'url' => $data['url'], - 'nurl' => normalise_link($data['url']), + 'nurl' => Strings::normaliseLink($data['url']), 'name' => $data['name'], 'nick' => $data['nick']]; @@ -1543,7 +1544,7 @@ class Contact extends BaseObject DBA::update( 'contact', [ 'url' => $ret['url'], - 'nurl' => normalise_link($ret['url']), + 'nurl' => Strings::normaliseLink($ret['url']), 'network' => $ret['network'], 'addr' => $ret['addr'], 'alias' => $ret['alias'], @@ -1627,10 +1628,10 @@ class Contact extends BaseObject // the poll url is more reliable than the profile url, as we may have // indirect links or webfinger links - $condition = ['uid' => $uid, 'poll' => [$ret['poll'], normalise_link($ret['poll'])], 'network' => $ret['network'], 'pending' => false]; + $condition = ['uid' => $uid, 'poll' => [$ret['poll'], Strings::normaliseLink($ret['poll'])], 'network' => $ret['network'], 'pending' => false]; $contact = DBA::selectFirst('contact', ['id', 'rel'], $condition); if (!DBA::isResult($contact)) { - $condition = ['uid' => $uid, 'nurl' => normalise_link($url), 'network' => $ret['network'], 'pending' => false]; + $condition = ['uid' => $uid, 'nurl' => Strings::normaliseLink($url), 'network' => $ret['network'], 'pending' => false]; $contact = DBA::selectFirst('contact', ['id', 'rel'], $condition); } @@ -1710,7 +1711,7 @@ class Contact extends BaseObject 'uid' => $uid, 'created' => DateTimeFormat::utcNow(), 'url' => $ret['url'], - 'nurl' => normalise_link($ret['url']), + 'nurl' => Strings::normaliseLink($ret['url']), 'addr' => $ret['addr'], 'alias' => $ret['alias'], 'batch' => $ret['batch'], @@ -1855,7 +1856,7 @@ class Contact extends BaseObject // send email notification to owner? } else { - if (DBA::exists('contact', ['nurl' => normalise_link($url), 'uid' => $importer['uid'], 'pending' => true])) { + if (DBA::exists('contact', ['nurl' => Strings::normaliseLink($url), 'uid' => $importer['uid'], 'pending' => true])) { Logger::log('ignoring duplicated connection request from pending contact ' . $url); return; } @@ -1866,7 +1867,7 @@ class Contact extends BaseObject intval($importer['uid']), DBA::escape(DateTimeFormat::utcNow()), DBA::escape($url), - DBA::escape(normalise_link($url)), + DBA::escape(Strings::normaliseLink($url)), DBA::escape($name), DBA::escape($nick), DBA::escape($photo), @@ -1889,7 +1890,7 @@ class Contact extends BaseObject $user = DBA::selectFirst('user', $fields, ['uid' => $importer['uid']]); if (DBA::isResult($user) && !in_array($user['page-flags'], [self::PAGE_SOAPBOX, self::PAGE_FREELOVE, self::PAGE_COMMUNITY])) { // create notification - $hash = random_string(); + $hash = Strings::getRandomHex(); if (is_array($contact_record)) { DBA::insert('intro', ['uid' => $importer['uid'], 'contact-id' => $contact_record['id'], diff --git a/src/Model/GContact.php b/src/Model/GContact.php index 398fc7758..6e2e520c8 100644 --- a/src/Model/GContact.php +++ b/src/Model/GContact.php @@ -17,6 +17,7 @@ use Friendica\Network\Probe; use Friendica\Protocol\PortableContact; use Friendica\Util\DateTimeFormat; use Friendica\Util\Network; +use Friendica\Util\Strings; require_once 'include/dba.php'; @@ -146,13 +147,13 @@ class GContact $alternate = PortableContact::alternateOStatusUrl($gcontact['url']); // The global contacts should contain the original picture, not the cached one - if (($gcontact['generation'] != 1) && stristr(normalise_link($gcontact['photo']), normalise_link(System::baseUrl()."/photo/"))) { + if (($gcontact['generation'] != 1) && stristr(Strings::normaliseLink($gcontact['photo']), Strings::normaliseLink(System::baseUrl()."/photo/"))) { $gcontact['photo'] = ""; } if (!isset($gcontact['network'])) { $condition = ["`uid` = 0 AND `nurl` = ? AND `network` != '' AND `network` != ?", - normalise_link($gcontact['url']), Protocol::STATUSNET]; + Strings::normaliseLink($gcontact['url']), Protocol::STATUSNET]; $contact = DBA::selectFirst('contact', ['network'], $condition); if (DBA::isResult($contact)) { $gcontact['network'] = $contact["network"]; @@ -160,7 +161,7 @@ class GContact if (($gcontact['network'] == "") || ($gcontact['network'] == Protocol::OSTATUS)) { $condition = ["`uid` = 0 AND `alias` IN (?, ?) AND `network` != '' AND `network` != ?", - $gcontact['url'], normalise_link($gcontact['url']), Protocol::STATUSNET]; + $gcontact['url'], Strings::normaliseLink($gcontact['url']), Protocol::STATUSNET]; $contact = DBA::selectFirst('contact', ['network'], $condition); if (DBA::isResult($contact)) { $gcontact['network'] = $contact["network"]; @@ -172,7 +173,7 @@ class GContact $gcontact['network'] = ''; $fields = ['network', 'updated', 'server_url', 'url', 'addr']; - $gcnt = DBA::selectFirst('gcontact', $fields, ['nurl' => normalise_link($gcontact['url'])]); + $gcnt = DBA::selectFirst('gcontact', $fields, ['nurl' => Strings::normaliseLink($gcontact['url'])]); if (DBA::isResult($gcnt)) { if (!isset($gcontact['network']) && ($gcnt["network"] != Protocol::STATUSNET)) { $gcontact['network'] = $gcnt["network"]; @@ -180,7 +181,7 @@ class GContact if ($gcontact['updated'] <= DBA::NULL_DATETIME) { $gcontact['updated'] = $gcnt["updated"]; } - if (!isset($gcontact['server_url']) && (normalise_link($gcnt["server_url"]) != normalise_link($gcnt["url"]))) { + if (!isset($gcontact['server_url']) && (Strings::normaliseLink($gcnt["server_url"]) != Strings::normaliseLink($gcnt["url"]))) { $gcontact['server_url'] = $gcnt["server_url"]; } if (!isset($gcontact['addr'])) { @@ -205,8 +206,8 @@ class GContact if ($alternate && ($gcontact['network'] == Protocol::OSTATUS)) { // Delete the old entry - if it exists - if (DBA::exists('gcontact', ['nurl' => normalise_link($orig_profile)])) { - DBA::delete('gcontact', ['nurl' => normalise_link($orig_profile)]); + if (DBA::exists('gcontact', ['nurl' => Strings::normaliseLink($orig_profile)])) { + DBA::delete('gcontact', ['nurl' => Strings::normaliseLink($orig_profile)]); } } } @@ -658,7 +659,7 @@ class GContact DBA::lock('gcontact'); $fields = ['id', 'last_contact', 'last_failure', 'network']; - $gcnt = DBA::selectFirst('gcontact', $fields, ['nurl' => normalise_link($contact["url"])]); + $gcnt = DBA::selectFirst('gcontact', $fields, ['nurl' => Strings::normaliseLink($contact["url"])]); if (DBA::isResult($gcnt)) { $gcontact_id = $gcnt["id"]; @@ -683,7 +684,7 @@ class GContact DBA::escape($contact["addr"]), DBA::escape($contact["network"]), DBA::escape($contact["url"]), - DBA::escape(normalise_link($contact["url"])), + DBA::escape(Strings::normaliseLink($contact["url"])), DBA::escape($contact["photo"]), DBA::escape(DateTimeFormat::utcNow()), DBA::escape(DateTimeFormat::utcNow()), @@ -693,7 +694,7 @@ class GContact intval($contact["generation"]) ); - $condition = ['nurl' => normalise_link($contact["url"])]; + $condition = ['nurl' => Strings::normaliseLink($contact["url"])]; $cnt = DBA::selectFirst('gcontact', ['id', 'network'], $condition, ['order' => ['id']]); if (DBA::isResult($cnt)) { $gcontact_id = $cnt["id"]; @@ -793,7 +794,7 @@ class GContact $contact["server_url"] = $data['baseurl']; } } else { - $contact["server_url"] = normalise_link($contact["server_url"]); + $contact["server_url"] = Strings::normaliseLink($contact["server_url"]); } if (($contact["addr"] == "") && ($contact["server_url"] != "") && ($contact["nick"] != "")) { @@ -822,7 +823,7 @@ class GContact if ($update) { Logger::log("Update gcontact for ".$contact["url"], Logger::DEBUG); $condition = ['`nurl` = ? AND (`generation` = 0 OR `generation` >= ?)', - normalise_link($contact["url"]), $contact["generation"]]; + Strings::normaliseLink($contact["url"]), $contact["generation"]]; $contact["updated"] = DateTimeFormat::utc($contact["updated"]); $updated = ['photo' => $contact['photo'], 'name' => $contact['name'], @@ -842,7 +843,7 @@ class GContact // This is used for the shadow copies of public items. /// @todo Check if we really should do this. // The quality of the gcontact table is mostly lower than the public contact - $public_contact = DBA::selectFirst('contact', ['id'], ['nurl' => normalise_link($contact["url"]), 'uid' => 0]); + $public_contact = DBA::selectFirst('contact', ['id'], ['nurl' => Strings::normaliseLink($contact["url"]), 'uid' => 0]); if (DBA::isResult($public_contact)) { Logger::log("Update public contact ".$public_contact["id"], Logger::DEBUG); diff --git a/src/Model/Item.php b/src/Model/Item.php index 1eb96609f..30c29e151 100644 --- a/src/Model/Item.php +++ b/src/Model/Item.php @@ -33,6 +33,7 @@ use Friendica\Util\DateTimeFormat; use Friendica\Util\Map; use Friendica\Util\XML; use Friendica\Util\Security; +use Friendica\Util\Strings; use Text_LanguageDetect; require_once 'boot.php'; @@ -1149,7 +1150,7 @@ class Item extends BaseObject private static function guid($item, $notify) { if (!empty($item['guid'])) { - return notags(trim($item['guid'])); + return Strings::escapeTags(trim($item['guid'])); } if ($notify) { @@ -1264,7 +1265,7 @@ class Item extends BaseObject } $item['guid'] = self::guid($item, $notify); - $item['uri'] = notags(trim(defaults($item, 'uri', self::newURI($item['uid'], $item['guid'])))); + $item['uri'] = Strings::escapeTags(trim(defaults($item, 'uri', self::newURI($item['uid'], $item['guid'])))); // Store URI data $item['uri-id'] = ItemURI::insert(['uri' => $item['uri'], 'guid' => $item['guid']]); @@ -1534,7 +1535,7 @@ class Item extends BaseObject Logger::log("Checking if parent ".$parent_id." has to be tagged as mention for user ".$item['uid'], Logger::DEBUG); $user = DBA::selectFirst('user', ['nickname'], ['uid' => $item['uid']]); if (DBA::isResult($user)) { - $self = normalise_link(System::baseUrl() . '/profile/' . $user['nickname']); + $self = Strings::normaliseLink(System::baseUrl() . '/profile/' . $user['nickname']); $self_id = Contact::getIdForURL($self, 0, true); Logger::log("'myself' is ".$self_id." for parent ".$parent_id." checking against ".$item['author-id']." and ".$item['owner-id'], Logger::DEBUG); if (($item['author-id'] == $self_id) || ($item['owner-id'] == $self_id)) { @@ -2402,7 +2403,7 @@ class Item extends BaseObject public static function setHashtags(&$item) { - $tags = get_tags($item["body"]); + $tags = BBCode::getTags($item["body"]); // No hashtags? if (!count($tags)) { @@ -2544,18 +2545,18 @@ class Item extends BaseObject return; } - $link = normalise_link(System::baseUrl() . '/profile/' . $user['nickname']); + $link = Strings::normaliseLink(System::baseUrl() . '/profile/' . $user['nickname']); /* * Diaspora uses their own hardwired link URL in @-tags * instead of the one we supply with webfinger */ - $dlink = normalise_link(System::baseUrl() . '/u/' . $user['nickname']); + $dlink = Strings::normaliseLink(System::baseUrl() . '/u/' . $user['nickname']); $cnt = preg_match_all('/[\@\!]\[url\=(.*?)\](.*?)\[\/url\]/ism', $item['body'], $matches, PREG_SET_ORDER); if ($cnt) { foreach ($matches as $mtch) { - if (link_compare($link, $mtch[1]) || link_compare($dlink, $mtch[1])) { + if (Strings::compareLink($link, $mtch[1]) || Strings::compareLink($dlink, $mtch[1])) { $mention = true; Logger::log('mention found: ' . $mtch[2]); } @@ -3446,7 +3447,7 @@ class Item extends BaseObject $filesubtype = 'unkn'; } - $title = escape_tags(trim(!empty($mtch[4]) ? $mtch[4] : $mtch[1])); + $title = Strings::escapeHtml(trim(!empty($mtch[4]) ? $mtch[4] : $mtch[1])); $title .= ' ' . $mtch[2] . ' ' . L10n::t('bytes'); $icon = '
'; @@ -3479,7 +3480,7 @@ class Item extends BaseObject while ((strpos($s, $spoilersearch) !== false)) { $pos = strpos($s, $spoilersearch); - $rnd = random_string(8); + $rnd = Strings::getRandomHex(8); $spoilerreplace = '
' . L10n::t('Click to open/close') . ''. '