From fd597472f15926336ff99b3661068c8e77be8878 Mon Sep 17 00:00:00 2001 From: Adam Magness Date: Thu, 8 Nov 2018 08:33:28 -0500 Subject: [PATCH 01/19] Split text.php to Strings class move functions to new strings class Split text.php to Strings class move functions to new Strings class --- include/text.php | 356 ------------------------------------- src/Util/Strings.php | 405 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 405 insertions(+), 356 deletions(-) create mode 100644 src/Util/Strings.php diff --git a/include/text.php b/include/text.php index 876cdbdb8..08858fe0f 100644 --- a/include/text.php +++ b/include/text.php @@ -31,139 +31,6 @@ use Friendica\Content\Text\HTML; require_once "include/conversation.php"; -/** - * @brief Generates a pseudo-random string of hexadecimal characters - * - * @param int $size - * @return string - */ -function random_string($size = 64) -{ - $byte_size = ceil($size / 2); - - $bytes = random_bytes($byte_size); - - $return = substr(bin2hex($bytes), 0, $size); - - return $return; -} - -/** - * This is our primary input filter. - * - * The high bit hack only involved some old IE browser, forget which (IE5/Mac?) - * that had an XSS attack vector due to stripping the high-bit on an 8-bit character - * after cleansing, and angle chars with the high bit set could get through as markup. - * - * This is now disabled because it was interfering with some legitimate unicode sequences - * and hopefully there aren't a lot of those browsers left. - * - * Use this on any text input where angle chars are not valid or permitted - * They will be replaced with safer brackets. This may be filtered further - * if these are not allowed either. - * - * @param string $string Input string - * @return string Filtered string - */ -function notags($string) { - return str_replace(["<", ">"], ['[', ']'], $string); - -// High-bit filter no longer used -// return str_replace(array("<",">","\xBA","\xBC","\xBE"), array('[',']','','',''), $string); -} - - -/** - * use this on "body" or "content" input where angle chars shouldn't be removed, - * and allow them to be safely displayed. - * @param string $string - * @return string - */ -function escape_tags($string) { - return htmlspecialchars($string, ENT_COMPAT, 'UTF-8', false); -} - - -/** - * generate a string that's random, but usually pronounceable. - * used to generate initial passwords - * @param int $len - * @return string - */ -function autoname($len) { - - if ($len <= 0) { - return ''; - } - - $vowels = ['a','a','ai','au','e','e','e','ee','ea','i','ie','o','ou','u']; - if (mt_rand(0, 5) == 4) { - $vowels[] = 'y'; - } - - $cons = [ - 'b','bl','br', - 'c','ch','cl','cr', - 'd','dr', - 'f','fl','fr', - 'g','gh','gl','gr', - 'h', - 'j', - 'k','kh','kl','kr', - 'l', - 'm', - 'n', - 'p','ph','pl','pr', - 'qu', - 'r','rh', - 's','sc','sh','sm','sp','st', - 't','th','tr', - 'v', - 'w','wh', - 'x', - 'z','zh' - ]; - - $midcons = ['ck','ct','gn','ld','lf','lm','lt','mb','mm', 'mn','mp', - 'nd','ng','nk','nt','rn','rp','rt']; - - $noend = ['bl', 'br', 'cl','cr','dr','fl','fr','gl','gr', - 'kh', 'kl','kr','mn','pl','pr','rh','tr','qu','wh','q']; - - $start = mt_rand(0,2); - if ($start == 0) { - $table = $vowels; - } else { - $table = $cons; - } - - $word = ''; - - for ($x = 0; $x < $len; $x ++) { - $r = mt_rand(0,count($table) - 1); - $word .= $table[$r]; - - if ($table == $vowels) { - $table = array_merge($cons,$midcons); - } else { - $table = $vowels; - } - - } - - $word = substr($word,0,$len); - - foreach ($noend as $noe) { - $noelen = strlen($noe); - if ((strlen($word) > $noelen) && (substr($word, -$noelen) == $noe)) { - $word = autoname($len); - break; - } - } - - return $word; -} - /** * Turn user/group ACLs stored as angle bracketed text into arrays * @@ -255,78 +122,6 @@ function activity_match($haystack,$needle) { return (($haystack === $needle) || ((basename($needle) === $haystack) && strstr($needle, NAMESPACE_ACTIVITY_SCHEMA))); } - -/** - * @brief Pull out all #hashtags and @person tags from $string. - * - * We also get @person@domain.com - which would make - * the regex quite complicated as tags can also - * end a sentence. So we'll run through our results - * and strip the period from any tags which end with one. - * Returns array of tags found, or empty array. - * - * @param string $string Post content - * @return array List of tag and person names - */ -function get_tags($string) { - $ret = []; - - // Convert hashtag links to hashtags - $string = preg_replace('/#\[url\=([^\[\]]*)\](.*?)\[\/url\]/ism', '#$2', $string); - - // ignore anything in a code block - $string = preg_replace('/\[code\](.*?)\[\/code\]/sm', '', $string); - - // Force line feeds at bbtags - $string = str_replace(['[', ']'], ["\n[", "]\n"], $string); - - // ignore anything in a bbtag - $string = preg_replace('/\[(.*?)\]/sm', '', $string); - - // Match full names against @tags including the space between first and last - // We will look these up afterward to see if they are full names or not recognisable. - - if (preg_match_all('/(@[^ \x0D\x0A,:?]+ [^ \x0D\x0A@,:?]+)([ \x0D\x0A@,:?]|$)/', $string, $matches)) { - foreach ($matches[1] as $match) { - if (strstr($match, ']')) { - // we might be inside a bbcode color tag - leave it alone - continue; - } - if (substr($match, -1, 1) === '.') { - $ret[] = substr($match, 0, -1); - } else { - $ret[] = $match; - } - } - } - - // Otherwise pull out single word tags. These can be @nickname, @first_last - // and #hash tags. - - if (preg_match_all('/([!#@][^\^ \x0D\x0A,;:?]+)([ \x0D\x0A,;:?]|$)/', $string, $matches)) { - foreach ($matches[1] as $match) { - if (strstr($match, ']')) { - // we might be inside a bbcode color tag - leave it alone - continue; - } - if (substr($match, -1, 1) === '.') { - $match = substr($match,0,-1); - } - // ignore strictly numeric tags like #1 - if ((strpos($match, '#') === 0) && ctype_digit(substr($match, 1))) { - continue; - } - // try not to catch url fragments - if (strpos($string, $match) && preg_match('/[a-zA-z0-9\/]/', substr($string, strpos($string, $match) - 1, 1))) { - continue; - } - $ret[] = $match; - } - } - return $ret; -} - - /** * quick and dirty quoted_printable encoding * @@ -337,45 +132,6 @@ function qp($s) { return str_replace("%", "=", rawurlencode($s)); } -/** - * @brief Check for a valid email string - * - * @param string $email_address - * @return boolean - */ -function valid_email($email_address) -{ - return preg_match('/^[_a-zA-Z0-9\-\+]+(\.[_a-zA-Z0-9\-\+]+)*@[a-zA-Z0-9-]+(\.[a-zA-Z0-9-]+)+$/', $email_address); -} - -/** - * Normalize url - * - * @param string $url - * @return string - */ -function normalise_link($url) { - $ret = str_replace(['https:', '//www.'], ['http:', '//'], $url); - return rtrim($ret,'/'); -} - - -/** - * Compare two URLs to see if they are the same, but ignore - * slight but hopefully insignificant differences such as if one - * is https and the other isn't, or if one is www.something and - * the other isn't - and also ignore case differences. - * - * @param string $a first url - * @param string $b second url - * @return boolean True if the URLs match, otherwise False - * - */ -function link_compare($a, $b) { - return (strcasecmp(normalise_link($a), normalise_link($b)) === 0); -} - - /** * @brief Find any non-embedded images in private items and add redir links to them * @@ -507,53 +263,6 @@ function return_bytes($size_str) { } } -/** - * @param string $s - * @param boolean $strip_padding - * @return string - */ -function base64url_encode($s, $strip_padding = false) { - - $s = strtr(base64_encode($s), '+/', '-_'); - - if ($strip_padding) { - $s = str_replace('=','',$s); - } - - return $s; -} - -/** - * @param string $s - * @return string - */ -function base64url_decode($s) { - - if (is_array($s)) { - Logger::log('base64url_decode: illegal input: ' . print_r(debug_backtrace(), true)); - return $s; - } - -/* - * // Placeholder for new rev of salmon which strips base64 padding. - * // PHP base64_decode handles the un-padded input without requiring this step - * // Uncomment if you find you need it. - * - * $l = strlen($s); - * if (!strpos($s,'=')) { - * $m = $l % 4; - * if ($m == 2) - * $s .= '=='; - * if ($m == 3) - * $s .= '='; - * } - * - */ - - return base64_decode(strtr($s,'-_','+/')); -} - - function bb_translate_video($s) { $matches = null; @@ -570,11 +279,6 @@ function bb_translate_video($s) { return $s; } -function normalise_openid($s) { - return trim(str_replace(['http://', 'https://'], ['', ''], $s), '/'); -} - - function undo_post_tagging($s) { $matches = null; $cnt = preg_match_all('/([!#@])\[url=(.*?)\](.*?)\[\/url\]/ism', $s, $matches, PREG_SET_ORDER); @@ -590,10 +294,6 @@ function undo_post_tagging($s) { return $s; } -function protect_sprintf($s) { - return str_replace('%', '%%', $s); -} - /// @TODO Rewrite this function is_a_date_arg($s) { $i = intval($s); @@ -612,59 +312,3 @@ function is_a_date_arg($s) { return false; } - -/** - * remove intentation from a text - */ -function deindent($text, $chr = "[\t ]", $count = NULL) { - $lines = explode("\n", $text); - - if (is_null($count)) { - $m = []; - $k = 0; - while ($k < count($lines) && strlen($lines[$k]) == 0) { - $k++; - } - preg_match("|^" . $chr . "*|", $lines[$k], $m); - $count = strlen($m[0]); - } - - for ($k = 0; $k < count($lines); $k++) { - $lines[$k] = preg_replace("|^" . $chr . "{" . $count . "}|", "", $lines[$k]); - } - - return implode("\n", $lines); -} - -function formatBytes($bytes, $precision = 2) { - $units = ['B', 'KB', 'MB', 'GB', 'TB']; - - $bytes = max($bytes, 0); - $pow = floor(($bytes ? log($bytes) : 0) / log(1024)); - $pow = min($pow, count($units) - 1); - - $bytes /= pow(1024, $pow); - - return round($bytes, $precision) . ' ' . $units[$pow]; -} - -/** - * @brief translate and format the networkname of a contact - * - * @param string $network - * Networkname of the contact (e.g. dfrn, rss and so on) - * @param sting $url - * The contact url - * @return string - */ -function format_network_name($network, $url = 0) { - if ($network != "") { - if ($url != "") { - $network_name = ''.ContactSelector::networkToName($network, $url).""; - } else { - $network_name = ContactSelector::networkToName($network); - } - - return $network_name; - } -} diff --git a/src/Util/Strings.php b/src/Util/Strings.php new file mode 100644 index 000000000..8df9f585d --- /dev/null +++ b/src/Util/Strings.php @@ -0,0 +1,405 @@ +"], ['[', ']'], $string); + } + + /** + * @brief Use this on "body" or "content" input where angle chars shouldn't be removed, + * and allow them to be safely displayed. + * @param string $string + * + * @return string + */ + public static function escapeTags($string) // escape_tags() + { + return htmlspecialchars($string, ENT_COMPAT, 'UTF-8', false); + } + + /** + * @brief Generate a string that's random, but usually pronounceable. Used to generate initial passwords + * + * @param int $len length + * + * @return string + */ + public static function getRandomName($len) // autoname() + { + if ($len <= 0) { + return ''; + } + + $vowels = ['a', 'a', 'ai', 'au', 'e', 'e', 'e', 'ee', 'ea', 'i', 'ie', 'o', 'ou', 'u']; + + if (mt_rand(0, 5) == 4) { + $vowels[] = 'y'; + } + + $cons = [ + 'b', 'bl', 'br', + 'c', 'ch', 'cl', 'cr', + 'd', 'dr', + 'f', 'fl', 'fr', + 'g', 'gh', 'gl', 'gr', + 'h', + 'j', + 'k', 'kh', 'kl', 'kr', + 'l', + 'm', + 'n', + 'p', 'ph', 'pl', 'pr', + 'qu', + 'r', 'rh', + 's' ,'sc', 'sh', 'sm', 'sp', 'st', + 't', 'th', 'tr', + 'v', + 'w', 'wh', + 'x', + 'z', 'zh' + ]; + + $midcons = ['ck', 'ct', 'gn', 'ld', 'lf', 'lm', 'lt', 'mb', 'mm', 'mn', 'mp', + 'nd', 'ng', 'nk', 'nt', 'rn', 'rp', 'rt']; + + $noend = ['bl', 'br', 'cl', 'cr', 'dr', 'fl', 'fr', 'gl', 'gr', + 'kh', 'kl', 'kr', 'mn', 'pl', 'pr', 'rh', 'tr', 'qu', 'wh', 'q']; + + $start = mt_rand(0, 2); + if ($start == 0) { + $table = $vowels; + } else { + $table = $cons; + } + + $word = ''; + + for ($x = 0; $x < $len; $x ++) { + $r = mt_rand(0, count($table) - 1); + $word .= $table[$r]; + + if ($table == $vowels) { + $table = array_merge($cons, $midcons); + } else { + $table = $vowels; + } + + } + + $word = substr($word, 0, $len); + + foreach ($noend as $noe) { + $noelen = strlen($noe); + if ((strlen($word) > $noelen) && (substr($word, -$noelen) == $noe)) { + $word = self::getRandomName($len); + break; + } + } + + return $word; + } + + /** + * @brief translate and format the networkname of a contact + * + * @param string $network Networkname of the contact (e.g. dfrn, rss and so on) + * @param string $url The contact url + * + * @return string Formatted network name + */ + public static function formatNetworkName($network, $url = 0) // format_network_name() + { + if ($network != "") { + if ($url != "") { + $network_name = ''.ContactSelector::networkToName($network, $url).""; + } else { + $network_name = ContactSelector::networkToName($network); + } + + return $network_name; + } + } + + /** + * @brief Remove intentation from a text + * + * @param string $text String to be transformed. + * @param string $chr Optional. Indentation tag. Default tab (\t). + * @param int $count Optional. Default null. + * + * @return string Transformed string. + */ + public static function deindent($text, $chr = "[\t ]", $count = NULL) + { + $lines = explode("\n", $text); + + if (is_null($count)) { + $m = []; + $k = 0; + while ($k < count($lines) && strlen($lines[$k]) == 0) { + $k++; + } + preg_match("|^" . $chr . "*|", $lines[$k], $m); + $count = strlen($m[0]); + } + + for ($k = 0; $k < count($lines); $k++) { + $lines[$k] = preg_replace("|^" . $chr . "{" . $count . "}|", "", $lines[$k]); + } + + return implode("\n", $lines); + } + + /** + * @brief Get byte size returned in a Data Measurement (KB, MB, GB) + * + * @param int $bytes The number of bytes to be measured + * @param int $precision Optional. Default 2. + * + * @return string Size with measured units. + */ + public static function formatBytes($bytes, $precision = 2) + { + $units = ['B', 'KB', 'MB', 'GB', 'TB']; + $bytes = max($bytes, 0); + $pow = floor(($bytes ? log($bytes) : 0) / log(1024)); + $pow = min($pow, count($units) - 1); + $bytes /= pow(1024, $pow); + + return round($bytes, $precision) . ' ' . $units[$pow]; + } + + /** + * @brief Protect percent characters in sprintf calls + * + * @param string $s String to transform. + * + * @return string Transformed string. + */ + public static function protectSprintf($s) // protect_sprintf() + { + return str_replace('%', '%%', $s); + } + + /** + * @brief Base64 Encode URL and translate +/ to -_ Optionally strip padding. + * + * @param string $s URL to encode + * @param boolean $strip_padding Optional. Default false + * + * @return string Encoded URL + */ + public static function base64UrlEncode($s, $strip_padding = false) //base64url_encode() + { + $s = strtr(base64_encode($s), '+/', '-_'); + + if ($strip_padding) { + $s = str_replace('=', '', $s); + } + + return $s; + } + + /** + * @brief Decode Base64 Encoded URL and translate -_ to +/ + * @param string $s URL to decode + * + * @return string Decoded URL + */ + public static function base64url_decode($s) // base64url_decode() + { + if (is_array($s)) { + Logger::log('base64url_decode: illegal input: ' . print_r(debug_backtrace(), true)); + return $s; + } + + /* + * // Placeholder for new rev of salmon which strips base64 padding. + * // PHP base64_decode handles the un-padded input without requiring this step + * // Uncomment if you find you need it. + * + * $l = strlen($s); + * if (!strpos($s,'=')) { + * $m = $l % 4; + * if ($m == 2) + * $s .= '=='; + * if ($m == 3) + * $s .= '='; + * } + * + */ + + return base64_decode(strtr($s, '-_', '+/')); + } + + /** + * @brief Pull out all #hashtags and @person tags from $string. + * + * We also get @person@domain.com - which would make + * the regex quite complicated as tags can also + * end a sentence. So we'll run through our results + * and strip the period from any tags which end with one. + * Returns array of tags found, or empty array. + * + * @param string $string Post content + * + * @return array List of tag and person names + */ + public static function getTags($string) // get_tags() + { + $ret = []; + + // Convert hashtag links to hashtags + $string = preg_replace('/#\[url\=([^\[\]]*)\](.*?)\[\/url\]/ism', '#$2', $string); + + // ignore anything in a code block + $string = preg_replace('/\[code\](.*?)\[\/code\]/sm', '', $string); + + // Force line feeds at bbtags + $string = str_replace(['[', ']'], ["\n[", "]\n"], $string); + + // ignore anything in a bbtag + $string = preg_replace('/\[(.*?)\]/sm', '', $string); + + // Match full names against @tags including the space between first and last + // We will look these up afterward to see if they are full names or not recognisable. + + if (preg_match_all('/(@[^ \x0D\x0A,:?]+ [^ \x0D\x0A@,:?]+)([ \x0D\x0A@,:?]|$)/', $string, $matches)) { + foreach ($matches[1] as $match) { + if (strstr($match, ']')) { + // we might be inside a bbcode color tag - leave it alone + continue; + } + + if (substr($match, -1, 1) === '.') { + $ret[] = substr($match, 0, -1); + } else { + $ret[] = $match; + } + } + } + + // Otherwise pull out single word tags. These can be @nickname, @first_last + // and #hash tags. + + if (preg_match_all('/([!#@][^\^ \x0D\x0A,;:?]+)([ \x0D\x0A,;:?]|$)/', $string, $matches)) { + foreach ($matches[1] as $match) { + if (strstr($match, ']')) { + // we might be inside a bbcode color tag - leave it alone + continue; + } + if (substr($match, -1, 1) === '.') { + $match = substr($match,0,-1); + } + // ignore strictly numeric tags like #1 + if ((strpos($match, '#') === 0) && ctype_digit(substr($match, 1))) { + continue; + } + // try not to catch url fragments + if (strpos($string, $match) && preg_match('/[a-zA-z0-9\/]/', substr($string, strpos($string, $match) - 1, 1))) { + continue; + } + $ret[] = $match; + } + } + + return $ret; + } + + /** + * @brief Check for a valid email string + * + * @param string $email_address Email address to be evaluated. + * + * @return boolean Value indicating whether or not the string is a valid email address. + */ + public static function isValidEmail($email_address) // valid_email() + { + return preg_match('/^[_a-zA-Z0-9\-\+]+(\.[_a-zA-Z0-9\-\+]+)*@[a-zA-Z0-9-]+(\.[a-zA-Z0-9-]+)+$/', $email_address); + } + + /** + * @brief Normalize url + * + * @param string $url URL to be normalized. + * + * @return string Normalized URL. + */ + public static function normaliseLink($url) // normalise_link() + { + $ret = str_replace(['https:', '//www.'], ['http:', '//'], $url); + return rtrim($ret, '/'); + } + + /** + * @brief Normalize OpenID identity + * + * @param string $s OpenID Identity + * + * @return string normalized OpenId Identity + */ + function normaliseOpenID($s) // normalize_openid() + { + return trim(str_replace(['http://', 'https://'], ['', ''], $s), '/'); + } + + /** + * @brief Compare two URLs to see if they are the same, but ignore + * slight but hopefully insignificant differences such as if one + * is https and the other isn't, or if one is www.something and + * the other isn't - and also ignore case differences. + * + * @param string $a first url + * @param string $b second url + * @return boolean True if the URLs match, otherwise False + * + */ + public static function compareLink($a, $b) // link_compare() + { + return (strcasecmp(normalise_link($a), normalise_link($b)) === 0); + } +} From 991f259ecb58720c0993718bc944bc60e83226b4 Mon Sep 17 00:00:00 2001 From: Adam Magness Date: Thu, 8 Nov 2018 08:45:46 -0500 Subject: [PATCH 02/19] random_string calls implement getRandomHex function --- include/api.php | 3 ++- include/enotify.php | 3 ++- include/items.php | 3 ++- mod/dfrn_confirm.php | 3 ++- mod/dfrn_notify.php | 3 ++- mod/dfrn_poll.php | 3 ++- mod/dfrn_request.php | 5 +++-- mod/fsuggest.php | 3 ++- mod/pubsubhubbub.php | 2 +- mod/redir.php | 3 ++- mod/removeme.php | 2 +- spec/dfrn2_contact_request.svg | 2 +- src/Content/Text/HTML.php | 5 +++-- src/Model/Contact.php | 3 ++- src/Model/Item.php | 5 +++-- src/Model/Register.php | 3 ++- src/Module/Magic.php | 3 ++- src/Module/Owa.php | 3 ++- src/Network/Probe.php | 5 +++-- src/Protocol/DFRN.php | 5 +++-- src/Protocol/Diaspora.php | 5 +++-- src/Util/LDSignature.php | 2 +- src/Util/Strings.php | 2 +- 23 files changed, 47 insertions(+), 29 deletions(-) diff --git a/include/api.php b/include/api.php index 0f7fa85bd..10ee29287 100644 --- a/include/api.php +++ b/include/api.php @@ -43,6 +43,7 @@ use Friendica\Protocol\Diaspora; use Friendica\Util\DateTimeFormat; use Friendica\Util\Network; use Friendica\Util\Proxy as ProxyUtils; +use Friendica\Util\Strings; use Friendica\Util\XML; require_once 'include/conversation.php'; @@ -4802,7 +4803,7 @@ function api_friendica_remoteauth() $dfrn_id = '0:' . $orig_id; } - $sec = random_string(); + $sec = Strings::getRandomHex(); $fields = ['uid' => api_user(), 'cid' => $cid, 'dfrn_id' => $dfrn_id, 'sec' => $sec, 'expire' => time() + 45]; diff --git a/include/enotify.php b/include/enotify.php index d6ca12327..2033027e3 100644 --- a/include/enotify.php +++ b/include/enotify.php @@ -15,6 +15,7 @@ use Friendica\Model\Contact; use Friendica\Model\Item; use Friendica\Util\DateTimeFormat; use Friendica\Util\Emailer; +use Friendica\Util\Strings; /** * @brief Creates a notification entry and possibly sends a mail @@ -457,7 +458,7 @@ function notification($params) Logger::log("adding notification entry", Logger::DEBUG); do { $dups = false; - $hash = random_string(); + $hash = Strings::getRandomHex(); if (DBA::exists('notify', ['hash' => $hash])) { $dups = true; } diff --git a/include/items.php b/include/items.php index 9929f535f..adc5bf013 100644 --- a/include/items.php +++ b/include/items.php @@ -21,6 +21,7 @@ use Friendica\Protocol\OStatus; use Friendica\Util\DateTimeFormat; use Friendica\Util\Network; use Friendica\Util\ParseUrl; +use Friendica\Util\Strings; use Friendica\Util\Temporal; require_once 'include/text.php'; @@ -308,7 +309,7 @@ function subscribe_to_hub($url, array $importer, array $contact, $hubmode = 'sub $push_url = System::baseUrl() . '/pubsub/' . $user['nickname'] . '/' . $contact['id']; // Use a single verify token, even if multiple hubs - $verify_token = ((strlen($contact['hub-verify'])) ? $contact['hub-verify'] : random_string()); + $verify_token = ((strlen($contact['hub-verify'])) ? $contact['hub-verify'] : Strings::getRandomHex()); $params= 'hub.mode=' . $hubmode . '&hub.callback=' . urlencode($push_url) . '&hub.topic=' . urlencode($contact['poll']) . '&hub.verify=async&hub.verify_token=' . $verify_token; diff --git a/mod/dfrn_confirm.php b/mod/dfrn_confirm.php index 0f001b11a..8d4594c15 100644 --- a/mod/dfrn_confirm.php +++ b/mod/dfrn_confirm.php @@ -33,6 +33,7 @@ use Friendica\Protocol\ActivityPub; use Friendica\Util\Crypto; use Friendica\Util\DateTimeFormat; use Friendica\Util\Network; +use Friendica\Util\Strings; use Friendica\Util\XML; require_once 'include/enotify.php'; @@ -263,7 +264,7 @@ function dfrn_confirm_post(App $a, $handsfree = null) break; case 1: // birthday paradox - generate new dfrn-id and fall through. - $new_dfrn_id = random_string(); + $new_dfrn_id = Strings::getRandomHex(); q("UPDATE contact SET `issued-id` = '%s' WHERE `id` = %d AND `uid` = %d", DBA::escape($new_dfrn_id), intval($contact_id), diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php index b14c71fb8..ba2332bcb 100644 --- a/mod/dfrn_notify.php +++ b/mod/dfrn_notify.php @@ -14,6 +14,7 @@ use Friendica\Database\DBA; use Friendica\Model\Contact; use Friendica\Protocol\DFRN; use Friendica\Protocol\Diaspora; +use Friendica\Util\Strings; require_once 'include/items.php'; @@ -267,7 +268,7 @@ function dfrn_notify_content(App $a) { $dfrn_id = substr($dfrn_id,2); } - $hash = random_string(); + $hash = Strings::getRandomHex(); $status = 0; diff --git a/mod/dfrn_poll.php b/mod/dfrn_poll.php index a961506d1..9cd110917 100644 --- a/mod/dfrn_poll.php +++ b/mod/dfrn_poll.php @@ -14,6 +14,7 @@ use Friendica\Module\Login; use Friendica\Protocol\DFRN; use Friendica\Protocol\OStatus; use Friendica\Util\Network; +use Friendica\Util\Strings; use Friendica\Util\XML; require_once 'include/items.php'; @@ -415,7 +416,7 @@ function dfrn_poll_content(App $a) if ($dfrn_id != '') { // initial communication from external contact - $hash = random_string(); + $hash = Strings::getRandomHex(); $status = 0; diff --git a/mod/dfrn_request.php b/mod/dfrn_request.php index fdb1a42ee..e5d5a3fe2 100644 --- a/mod/dfrn_request.php +++ b/mod/dfrn_request.php @@ -28,6 +28,7 @@ use Friendica\Module\Login; use Friendica\Network\Probe; use Friendica\Util\DateTimeFormat; use Friendica\Util\Network; +use Friendica\Util\Strings; require_once 'include/enotify.php'; @@ -320,7 +321,7 @@ function dfrn_request_post(App $a) } } - $issued_id = random_string(); + $issued_id = Strings::getRandomHex(); if (is_array($contact_record)) { // There is a contact record but no issued-id, so this @@ -415,7 +416,7 @@ function dfrn_request_post(App $a) return; } - $hash = random_string() . (string) time(); // Generate a confirm_key + $hash = Strings::getRandomHex() . (string) time(); // Generate a confirm_key if (is_array($contact_record)) { $ret = q("INSERT INTO `intro` ( `uid`, `contact-id`, `blocked`, `knowyou`, `note`, `hash`, `datetime`) diff --git a/mod/fsuggest.php b/mod/fsuggest.php index 35710bb33..f87046f6c 100644 --- a/mod/fsuggest.php +++ b/mod/fsuggest.php @@ -9,6 +9,7 @@ use Friendica\Core\L10n; use Friendica\Core\Worker; use Friendica\Database\DBA; use Friendica\Util\DateTimeFormat; +use Friendica\Util\Strings; function fsuggest_post(App $a) { @@ -34,7 +35,7 @@ function fsuggest_post(App $a) $new_contact = intval($_POST['suggest']); - $hash = random_string(); + $hash = Strings::getRandomHex(); $note = escape_tags(trim(defaults($_POST, 'note', ''))); diff --git a/mod/pubsubhubbub.php b/mod/pubsubhubbub.php index ea27f0482..26a157e2f 100644 --- a/mod/pubsubhubbub.php +++ b/mod/pubsubhubbub.php @@ -93,7 +93,7 @@ function pubsubhubbub_init(App $a) { } // do subscriber verification according to the PuSH protocol - $hub_challenge = random_string(40); + $hub_challenge = Strings::getRandomHex(40); $params = 'hub.mode=' . ($subscribe == 1 ? 'subscribe' : 'unsubscribe') . '&hub.topic=' . urlencode($hub_topic) . diff --git a/mod/redir.php b/mod/redir.php index 088a5f55e..6077a26f9 100644 --- a/mod/redir.php +++ b/mod/redir.php @@ -8,6 +8,7 @@ use Friendica\Core\System; use Friendica\Database\DBA; use Friendica\Model\Contact; use Friendica\Model\Profile; +use Friendica\Util\Strings; function redir_init(App $a) { @@ -93,7 +94,7 @@ function redir_init(App $a) { $dfrn_id = '0:' . $orig_id; } - $sec = random_string(); + $sec = Strings::getRandomHex(); $fields = ['uid' => local_user(), 'cid' => $cid, 'dfrn_id' => $dfrn_id, 'sec' => $sec, 'expire' => time() + 45]; diff --git a/mod/removeme.php b/mod/removeme.php index c2ceb7d4c..44671ef07 100644 --- a/mod/removeme.php +++ b/mod/removeme.php @@ -68,7 +68,7 @@ function removeme_content(App $a) $a->internalRedirect(); } - $hash = random_string(); + $hash = Strings::getRandomHex(); require_once("mod/settings.php"); settings_init($a); diff --git a/spec/dfrn2_contact_request.svg b/spec/dfrn2_contact_request.svg index cc78be55c..34de340f3 100644 --- a/spec/dfrn2_contact_request.svg +++ b/spec/dfrn2_contact_request.svg @@ -38,7 +38,7 @@ text { font:12px Dialog; } where self = 0 to look if this contact is already there (if issued-id or rel is already available return here because it seems that we are already connected) -- create a issued-id with $issued_id = random_string(); +- create a issued-id with $issued_id = Strings::getRandomHex(); - if we already found a contact record above update the issued-id with the one we have created - otherwise if Bob is not already in the contact table scrape diff --git a/src/Content/Text/HTML.php b/src/Content/Text/HTML.php index cdfd41c11..9b73da56d 100644 --- a/src/Content/Text/HTML.php +++ b/src/Content/Text/HTML.php @@ -7,6 +7,7 @@ namespace Friendica\Content\Text; use DOMDocument; use DOMXPath; +use Friendica\Content\Feature; use Friendica\Core\Addon; use Friendica\Core\L10n; use Friendica\Core\Config; @@ -17,9 +18,9 @@ use Friendica\Database\DBA; use Friendica\Model\Contact; use Friendica\Util\Network; use Friendica\Util\Proxy as ProxyUtils; +use Friendica\Util\Strings; use Friendica\Util\XML; use League\HTMLToMarkdown\HtmlConverter; -use Friendica\Content\Feature; class HTML { @@ -1011,7 +1012,7 @@ class HTML $tpl = Renderer::getMarkupTemplate('wall/content_filter.tpl'); $html = Renderer::replaceMacros($tpl, [ '$reasons' => $reasons, - '$rnd' => random_string(8), + '$rnd' => Strings::getRandomHex(8), '$openclose' => L10n::t('Click to open/close'), '$html' => $html ]); diff --git a/src/Model/Contact.php b/src/Model/Contact.php index 5d571e30e..1a6349d9c 100644 --- a/src/Model/Contact.php +++ b/src/Model/Contact.php @@ -25,6 +25,7 @@ use Friendica\Protocol\PortableContact; use Friendica\Protocol\Salmon; use Friendica\Util\DateTimeFormat; use Friendica\Util\Network; +use Friendica\Util\Strings; require_once 'boot.php'; require_once 'include/dba.php'; @@ -1889,7 +1890,7 @@ class Contact extends BaseObject $user = DBA::selectFirst('user', $fields, ['uid' => $importer['uid']]); if (DBA::isResult($user) && !in_array($user['page-flags'], [self::PAGE_SOAPBOX, self::PAGE_FREELOVE, self::PAGE_COMMUNITY])) { // create notification - $hash = random_string(); + $hash = Strings::getRandomHex(); if (is_array($contact_record)) { DBA::insert('intro', ['uid' => $importer['uid'], 'contact-id' => $contact_record['id'], diff --git a/src/Model/Item.php b/src/Model/Item.php index 1eb96609f..35dfb7264 100644 --- a/src/Model/Item.php +++ b/src/Model/Item.php @@ -33,6 +33,7 @@ use Friendica\Util\DateTimeFormat; use Friendica\Util\Map; use Friendica\Util\XML; use Friendica\Util\Security; +use Friendica\Util\Strings; use Text_LanguageDetect; require_once 'boot.php'; @@ -3479,7 +3480,7 @@ class Item extends BaseObject while ((strpos($s, $spoilersearch) !== false)) { $pos = strpos($s, $spoilersearch); - $rnd = random_string(8); + $rnd = Strings::getRandomHex(8); $spoilerreplace = '
' . L10n::t('Click to open/close') . ''. '