util.php 82 KB
Newer Older
1
<?php
Evan Prodromou's avatar
Evan Prodromou committed
2
/*
3
 * StatusNet - the distributed open-source microblogging tool
4
 * Copyright (C) 2008-2011, StatusNet, Inc.
Evan Prodromou's avatar
Evan Prodromou committed
5
 *
6 7 8 9
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
Evan Prodromou's avatar
Evan Prodromou committed
10
 *
11 12 13 14
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
Evan Prodromou's avatar
Evan Prodromou committed
15
 *
16 17 18 19
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

20
/* XXX: break up into separate modules (HTTP, user, files) */
21

22 23 24
/**
 * Show a server error.
 */
25 26
function common_server_error($msg, $code=500)
{
27 28
    $err = new ServerErrorAction($msg, $code);
    $err->showPage();
29 30
}

31 32 33
/**
 * Show a user error.
 */
34 35
function common_user_error($msg, $code=400)
{
36 37
    $err = new ClientErrorAction($msg, $code);
    $err->showPage();
38 39
}

40 41 42
/**
 * This should only be used at setup; processes switching languages
 * to send text to other users should use common_switch_locale().
43
 *
44 45 46 47
 * @param string $language Locale language code (optional; empty uses
 *                         current user's preference or site default)
 * @return mixed success
 */
48 49
function common_init_locale($language=null)
{
50 51 52 53 54
    if(!$language) {
        $language = common_language();
    }
    putenv('LANGUAGE='.$language);
    putenv('LANG='.$language);
55
    $ok =  setlocale(LC_ALL, $language . ".utf8",
56 57 58 59
                     $language . ".UTF8",
                     $language . ".utf-8",
                     $language . ".UTF-8",
                     $language);
60 61

    return $ok;
62 63
}

64 65 66
/**
 * Initialize locale and charset settings and gettext with our message catalog,
 * using the current user's language preference or the site default.
67
 *
68 69
 * This should generally only be run at framework initialization; code switching
 * languages at runtime should call common_switch_language().
70
 *
71 72
 * @access private
 */
73 74
function common_init_language()
{
75
    mb_internal_encoding('UTF-8');
76

77 78
    // Note that this setlocale() call may "fail" but this is harmless;
    // gettext will still select the right language.
79 80
    $language = common_language();
    $locale_set = common_init_locale($language);
Evan Prodromou's avatar
Evan Prodromou committed
81

82 83 84 85 86 87 88 89 90 91 92 93
    if (!$locale_set) {
        // The requested locale doesn't exist on the system.
        //
        // gettext seems very picky... We first need to setlocale()
        // to a locale which _does_ exist on the system, and _then_
        // we can set in another locale that may not be set up
        // (say, ga_ES for Galego/Galician) it seems to take it.
        //
        // For some reason C and POSIX which are guaranteed to work
        // don't do the job. en_US.UTF-8 should be there most of the
        // time, but not guaranteed.
        $ok = common_init_locale("en_US");
94 95
        if (!$ok && strtolower(substr(PHP_OS, 0, 3)) != 'win') {
            // Try to find a complete, working locale on Unix/Linux...
96 97 98 99 100 101 102 103 104 105 106
            // @fixme shelling out feels awfully inefficient
            // but I don't think there's a more standard way.
            $all = `locale -a`;
            foreach (explode("\n", $all) as $locale) {
                if (preg_match('/\.utf[-_]?8$/i', $locale)) {
                    $ok = setlocale(LC_ALL, $locale);
                    if ($ok) {
                        break;
                    }
                }
            }
107 108 109
        }
        if (!$ok) {
            common_log(LOG_ERR, "Unable to find a UTF-8 locale on this system; UI translations may not work.");
110 111 112 113
        }
        $locale_set = common_init_locale($language);
    }

114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139
    common_init_gettext();
}

/**
 * @access private
 */
function common_init_gettext()
{
    setlocale(LC_CTYPE, 'C');
    // So we do not have to make people install the gettext locales
    $path = common_config('site','locale_path');
    bindtextdomain("statusnet", $path);
    bind_textdomain_codeset("statusnet", "UTF-8");
    textdomain("statusnet");
}

/**
 * Switch locale during runtime, and poke gettext until it cries uncle.
 * Otherwise, sometimes it doesn't actually switch away from the old language.
 *
 * @param string $language code for locale ('en', 'fr', 'pt_BR' etc)
 */
function common_switch_locale($language=null)
{
    common_init_locale($language);

140
    setlocale(LC_CTYPE, 'C');
Siebrand Mazeland's avatar
Siebrand Mazeland committed
141
    // So we do not have to make people install the gettext locales
142 143
    $path = common_config('site','locale_path');
    bindtextdomain("statusnet", $path);
144 145
    bind_textdomain_codeset("statusnet", "UTF-8");
    textdomain("statusnet");
146 147
}

148 149
function common_timezone()
{
150 151 152 153 154 155
    if (common_logged_in()) {
        $user = common_current_user();
        if ($user->timezone) {
            return $user->timezone;
        }
    }
156

157
    return common_config('site', 'timezone');
158 159
}

160 161 162 163 164 165 166 167 168 169 170 171 172 173
function common_valid_language($lang)
{
    if ($lang) {
        // Validate -- we don't want to end up with a bogus code
        // left over from some old junk.
        foreach (common_config('site', 'languages') as $code => $info) {
            if ($info['lang'] == $lang) {
                return true;
            }
        }
    }
    return false;
}

174 175
function common_language()
{
176 177 178 179 180 181 182 183
    // Allow ?uselang=xx override, very useful for debugging
    // and helping translators check usage and context.
    if (isset($_GET['uselang'])) {
        $uselang = strval($_GET['uselang']);
        if (common_valid_language($uselang)) {
            return $uselang;
        }
    }
184

185 186
    // If there is a user logged in and they've set a language preference
    // then return that one...
187
    if (_have_config() && common_logged_in()) {
188
        $user = common_current_user();
189 190 191

        if (common_valid_language($user->language)) {
            return $user->language;
192
        }
193
    }
194

195 196
    // Otherwise, find the best match for the languages requested by the
    // user's browser...
Brion Vibber's avatar
Brion Vibber committed
197 198 199 200 201 202 203
    if (common_config('site', 'langdetect')) {
        $httplang = isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? $_SERVER['HTTP_ACCEPT_LANGUAGE'] : null;
        if (!empty($httplang)) {
            $language = client_prefered_language($httplang);
            if ($language)
              return $language;
        }
204
    }
205

206 207
    // Finally, if none of the above worked, use the site's default...
    return common_config('site', 'language');
208
}
209

210 211 212
/**
 * Salted, hashed passwords are stored in the DB.
 */
213
function common_munge_password($password, Profile $profile=null)
214
{
215 216 217 218 219 220 221
    $hashed = null;

    if (Event::handle('StartHashPassword', array(&$hashed, $password, $profile))) {
        Event::handle('EndHashPassword', array(&$hashed, $password, $profile));
    }
    if (empty($hashed)) {
        throw new PasswordHashException();
222
    }
223 224

    return $hashed;
225 226
}

227 228 229
/**
 * Check if a username exists and has matching password.
 */
230 231
function common_check_user($nickname, $password)
{
232 233 234 235 236
    // empty nickname always unacceptable
    if (empty($nickname)) {
        return false;
    }

237 238 239
    $authenticatedUser = false;

    if (Event::handle('StartCheckPassword', array($nickname, $password, &$authenticatedUser))) {
240 241

        if (common_is_email($nickname)) {
242
            $user = User::getKV('email', common_canonical_email($nickname));
243
        } else {
244
            $user = User::getKV('nickname', Nickname::normalize($nickname));
245 246
        }

247
        if ($user instanceof User && !empty($password)) {
248
            if (0 == strcmp(common_munge_password($password, $user->getProfile()), $user->password)) {
249 250
                //internal checking passed
                $authenticatedUser = $user;
Craig Andrews's avatar
Craig Andrews committed
251 252
            }
        }
253
    }
254
    Event::handle('EndCheckPassword', array($nickname, $password, $authenticatedUser));
255 256

    return $authenticatedUser;
257 258
}

259 260 261
/**
 * Is the current user logged in?
 */
262 263
function common_logged_in()
{
264
    return (!is_null(common_current_user()));
265 266
}

267 268 269 270 271
function common_local_referer()
{
    return parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) === common_config('site', 'server');
}

272 273
function common_have_session()
{
274
    return (0 != strcmp(session_id(), ''));
275 276
}

277 278
function common_ensure_session()
{
Evan Prodromou's avatar
Evan Prodromou committed
279
    $c = null;
280
    if (array_key_exists(session_name(), $_COOKIE)) {
Evan Prodromou's avatar
Evan Prodromou committed
281 282
        $c = $_COOKIE[session_name()];
    }
283
    if (!common_have_session()) {
284 285 286
        if (common_config('sessions', 'handle')) {
            Session::setSaveHandler();
        }
Evan Prodromou's avatar
Evan Prodromou committed
287 288 289 290 291 292 293 294
	if (array_key_exists(session_name(), $_GET)) {
	    $id = $_GET[session_name()];
	} else if (array_key_exists(session_name(), $_COOKIE)) {
	    $id = $_COOKIE[session_name()];
	}
	if (isset($id)) {
	    session_id($id);
	}
295
        @session_start();
Evan Prodromou's avatar
Evan Prodromou committed
296 297
        if (!isset($_SESSION['started'])) {
            $_SESSION['started'] = time();
Evan Prodromou's avatar
Evan Prodromou committed
298
            if (!empty($id)) {
Evan Prodromou's avatar
Evan Prodromou committed
299 300 301 302
                common_log(LOG_WARNING, 'Session cookie "' . $_COOKIE[session_name()] . '" ' .
                           ' is set but started value is null');
            }
        }
303
    }
304 305
}

306 307 308 309
// Three kinds of arguments:
// 1) a user object
// 2) a nickname
// 3) null to clear
310

311
// Initialize to false; set to null if none found
312 313
$_cur = false;

314 315
function common_set_user($user)
{
316 317
    global $_cur;

318 319 320 321 322 323
    if (is_null($user) && common_have_session()) {
        $_cur = null;
        unset($_SESSION['userid']);
        return true;
    } else if (is_string($user)) {
        $nickname = $user;
324
        $user = User::getKV('nickname', $nickname);
325
    } else if (!$user instanceof User) {
326 327 328 329
        return false;
    }

    if ($user) {
Craig Andrews's avatar
Craig Andrews committed
330
        if (Event::handle('StartSetUser', array(&$user))) {
331 332
            if (!empty($user)) {
                if (!$user->hasRight(Right::WEBLOGIN)) {
333
                    // TRANS: Authorisation exception thrown when a user a not allowed to login.
334 335
                    throw new AuthorizationException(_('Not allowed to log in.'));
                }
Craig Andrews's avatar
Craig Andrews committed
336 337 338 339 340 341 342
                common_ensure_session();
                $_SESSION['userid'] = $user->id;
                $_cur = $user;
                Event::handle('EndSetUser', array($user));
                return $_cur;
            }
        }
343 344
    }
    return false;
345 346
}

347 348
function common_set_cookie($key, $value, $expiration=0)
{
349 350
    $path = common_config('site', 'path');
    $server = common_config('site', 'server');
351

352 353 354 355 356 357 358 359 360
    if ($path && ($path != '/')) {
        $cookiepath = '/' . $path . '/';
    } else {
        $cookiepath = '/';
    }
    return setcookie($key,
                     $value,
                     $expiration,
                     $cookiepath,
361
                     $server,
mmn's avatar
mmn committed
362
                     GNUsocial::useHTTPS());
363 364 365
}

define('REMEMBERME', 'rememberme');
366
define('REMEMBERME_EXPIRY', 30 * 24 * 60 * 60); // 30 days
367

368 369
function common_rememberme($user=null)
{
370 371 372 373 374 375
    if (!$user) {
        $user = common_current_user();
        if (!$user) {
            return false;
        }
    }
376

377
    $rm = new Remember_me();
378

379
    $rm->code = common_random_hexstr(16);
380
    $rm->user_id = $user->id;
381

382
    // Wrap the insert in some good ol' fashioned transaction code
383 384 385

    $rm->query('BEGIN');

386
    $result = $rm->insert();
387

388 389
    if (!$result) {
        common_log_db_error($rm, 'INSERT', __FILE__);
mmn's avatar
mmn committed
390
        $rm->query('ROLLBACK');
391
        return false;
392 393
    }

394 395
    $rm->query('COMMIT');

396 397
    $cookieval = $rm->user_id . ':' . $rm->code;

398
    common_log(LOG_INFO, 'adding rememberme cookie "' . $cookieval . '" for ' . $user->nickname);
399

400
    common_set_cookie(REMEMBERME, $cookieval, time() + REMEMBERME_EXPIRY);
401

402
    return true;
403 404
}

405 406
function common_remembered_user()
{
407
    $user = null;
408

409
    $packed = isset($_COOKIE[REMEMBERME]) ? $_COOKIE[REMEMBERME] : null;
410

411 412
    if (!$packed) {
        return null;
413 414 415 416 417
    }

    list($id, $code) = explode(':', $packed);

    if (!$id || !$code) {
418
        common_log(LOG_WARNING, 'Malformed rememberme cookie: ' . $packed);
419
        common_forgetme();
420
        return null;
421 422
    }

423
    $rm = Remember_me::getKV('code', $code);
424 425

    if (!$rm) {
426
        common_log(LOG_WARNING, 'No such remember code: ' . $code);
427
        common_forgetme();
428
        return null;
429 430 431
    }

    if ($rm->user_id != $id) {
432
        common_log(LOG_WARNING, 'Rememberme code for wrong user: ' . $rm->user_id . ' != ' . $id);
433
        common_forgetme();
434
        return null;
435 436
    }

437
    $user = User::getKV('id', $rm->user_id);
438

439
    if (!$user instanceof User) {
440
        common_log(LOG_WARNING, 'No such user for rememberme: ' . $rm->user_id);
441
        common_forgetme();
442
        return null;
443 444
    }

445
    // successful!
446 447 448 449
    $result = $rm->delete();

    if (!$result) {
        common_log_db_error($rm, 'DELETE', __FILE__);
450
        common_log(LOG_WARNING, 'Could not delete rememberme: ' . $code);
451
        common_forgetme();
452
        return null;
453 454 455 456
    }

    common_log(LOG_INFO, 'logging in ' . $user->nickname . ' using rememberme code ' . $rm->code);

457
    common_set_user($user);
458 459
    common_real_login(false);

460 461
    // We issue a new cookie, so they can log in
    // automatically again after this session
462 463 464

    common_rememberme($user);

465
    return $user;
466 467
}

468 469 470
/**
 * must be called with a valid user!
 */
471 472
function common_forgetme()
{
473
    common_set_cookie(REMEMBERME, '', 0);
474 475
}

476 477 478
/**
 * Who is the current user?
 */
479 480
function common_current_user()
{
481 482
    global $_cur;

483 484 485 486
    if (!_have_config()) {
        return null;
    }

487 488
    if ($_cur === false) {

489 490
        if (isset($_COOKIE[session_name()]) || isset($_GET[session_name()])
            || (isset($_SESSION['userid']) && $_SESSION['userid'])) {
491 492 493
            common_ensure_session();
            $id = isset($_SESSION['userid']) ? $_SESSION['userid'] : false;
            if ($id) {
494 495
                $user = User::getKV('id', $id);
                if ($user instanceof User) {
496 497 498
                	$_cur = $user;
                	return $_cur;
                }
499 500 501
            }
        }

502
        // that didn't work; try to remember; will init $_cur to null on failure
503 504 505
        $_cur = common_remembered_user();

        if ($_cur) {
506
            // XXX: Is this necessary?
507 508 509 510
            $_SESSION['userid'] = $_cur->id;
        }
    }

511
    return $_cur;
512 513
}

514 515 516 517 518
/**
 * Logins that are 'remembered' aren't 'real' -- they're subject to
 * cookie-stealing. So, we don't let them do certain things. New reg,
 * OpenID, and password logins _are_ real.
 */
519 520
function common_real_login($real=true)
{
521 522
    common_ensure_session();
    $_SESSION['real_login'] = $real;
523 524
}

525 526
function common_is_real_login()
{
527
    return common_logged_in() && $_SESSION['real_login'];
528 529
}

530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552
/**
 * Get a hash portion for HTTP caching Etags and such including
 * info on the current user's session. If login/logout state changes,
 * or we've changed accounts, or we've renamed the current user,
 * we'll get a new hash value.
 *
 * This should not be considered secure information.
 *
 * @param User $user (optional; uses common_current_user() if left out)
 * @return string
 */
function common_user_cache_hash($user=false)
{
    if ($user === false) {
        $user = common_current_user();
    }
    if ($user) {
        return crc32($user->id . ':' . $user->nickname);
    } else {
        return '0';
    }
}

553 554 555 556 557
/**
 * get canonical version of nickname for comparison
 *
 * @param string $nickname
 * @return string
558 559 560
 *
 * @throws NicknameException on invalid input
 * @deprecated call Nickname::normalize() directly.
561
 */
562 563
function common_canonical_nickname($nickname)
{
564
    return Nickname::normalize($nickname);
565 566
}

567 568 569 570 571 572 573 574 575
/**
 * get canonical version of email for comparison
 *
 * @fixme actually normalize
 * @fixme reject invalid input
 *
 * @param string $email
 * @return string
 */
576 577
function common_canonical_email($email)
{
578 579 580
    // XXX: canonicalize UTF-8
    // XXX: lcase the domain part
    return $email;
581 582
}

583 584 585 586 587 588 589 590 591
function common_to_alphanumeric($str)
{
    $filtered = preg_replace('/[^A-Za-z0-9]\s*/', '', $str);
    if (strlen($filtered) < 1) {
        throw new Exception('Filtered string was zero-length.');
    }
    return $filtered;
}

592 593
function common_purify($html)
{
mmn's avatar
mmn committed
594
    require_once INSTALLDIR.'/extlib/HTMLPurifier/HTMLPurifier.auto.php';
595

mmn's avatar
mmn committed
596
    $cfg = HTMLPurifier_Config::createDefault();
597
    $cfg->set('Attr.AllowedRel', ['bookmark', 'directory', 'enclosure', 'home', 'license', 'nofollow', 'payment', 'tag']);  // http://microformats.org/wiki/rel
mmn's avatar
mmn committed
598
    $cfg->set('HTML.ForbiddenAttributes', array('style'));  // id, on* etc. are already filtered by default
mmn's avatar
mmn committed
599
    $cfg->set('URI.AllowedSchemes', array_fill_keys(common_url_schemes(), true));
600

mmn's avatar
mmn committed
601 602 603
    // Remove more elements than what the default filter removes, default in GNU social are remotely
    // linked resources such as img, video, audio
    $forbiddenElements = array();
604 605
    foreach (common_config('htmlfilter') as $tag=>$filter) {
        if ($filter === true) {
mmn's avatar
mmn committed
606
            $forbiddenElements[] = $tag;
607 608
        }
    }
mmn's avatar
mmn committed
609
    $cfg->set('HTML.ForbiddenElements', $forbiddenElements);
610

611 612
    $html = common_remove_unicode_formatting($html);

mmn's avatar
mmn committed
613 614
    $purifier = new HTMLPurifier($cfg);
    $purified = $purifier->purify($html);
hannes's avatar
hannes committed
615
    Event::handle('EndCommonPurify', array(&$purified, $html));
hannes's avatar
hannes committed
616 617
    
    return $purified;
618 619 620 621 622 623 624 625 626
}

function common_remove_unicode_formatting($text)
{
    // Strip Unicode text formatting/direction codes
    // this is pretty dangerous for visualisation of text and can be used for mischief
    return preg_replace('/[\\x{200b}-\\x{200f}\\x{202a}-\\x{202e}]/u', '', $text);
}

627 628 629
/**
 * Partial notice markup rendering step: build links to !group references.
 *
630 631 632
 * @param string    $text partially rendered HTML
 * @param Profile   $author the Profile that is composing the current notice
 * @param Notice    $parent the Notice this is sent in reply to, if any
633 634
 * @return string partially rendered HTML
 */
635
function common_render_content($text, Profile $author, Notice $parent=null)
636
{
637
    $text = common_render_text($text);
638
    $text = common_linkify_mentions($text, $author, $parent);
639
    return $text;
640 641
}

642 643 644 645 646 647
/**
 * Finds @-mentions within the partially-rendered text section and
 * turns them into live links.
 *
 * Should generally not be called except from common_render_content().
 *
648 649 650
 * @param string    $text   partially-rendered HTML
 * @param Profile   $author the Profile that is composing the current notice
 * @param Notice    $parent the Notice this is sent in reply to, if any
651 652
 * @return string partially-rendered HTML
 */
653
function common_linkify_mentions($text, Profile $author, Notice $parent=null)
654
{
655
    $mentions = common_find_mentions($text, $author, $parent);
656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673

    // We need to go through in reverse order by position,
    // so our positions stay valid despite our fudging with the
    // string!

    $points = array();

    foreach ($mentions as $mention)
    {
        $points[$mention['position']] = $mention;
    }

    krsort($points);

    foreach ($points as $position => $mention) {

        $linkText = common_linkify_mention($mention);

674
        $text = substr_replace($text, $linkText, $position, $mention['length']);
675 676 677 678 679
    }

    return $text;
}

680
function common_linkify_mention(array $mention)
681 682 683 684 685 686 687 688
{
    $output = null;

    if (Event::handle('StartLinkifyMention', array($mention, &$output))) {

        $xs = new XMLStringer(false);

        $attrs = array('href' => $mention['url'],
mmn's avatar
mmn committed
689
                       'class' => 'h-card '.$mention['type']);
690 691 692 693 694

        if (!empty($mention['title'])) {
            $attrs['title'] = $mention['title'];
        }

mmn's avatar
mmn committed
695
        $xs->element('a', $attrs, $mention['text']);
696 697 698 699 700 701 702 703 704

        $output = $xs->getString();

        Event::handle('EndLinkifyMention', array($mention, &$output));
    }

    return $output;
}

705
function common_get_attentions($text, Profile $sender, Notice $parent=null)
706 707 708 709 710
{
    $mentions = common_find_mentions($text, $sender, $parent);
    $atts = array();
    foreach ($mentions as $mention) {
        foreach ($mention['mentioned'] as $mentioned) {
711
            $atts[$mentioned->getUri()] = $mentioned->getObjectType();
712 713
        }
    }
714 715 716 717 718
    if ($parent instanceof Notice) {
        $parentAuthor = $parent->getProfile();
        // afaik groups can't be authors
        $atts[$parentAuthor->getUri()] = ActivityObject::PERSON;
    }
719 720 721
    return $atts;
}

722
/**
723 724 725 726 727 728
 * Find @-mentions in the given text, using the given notice object as context.
 * References will be resolved with common_relative_profile() against the user
 * who posted the notice.
 *
 * Note the return data format is internal, to be used for building links and
 * such. Should not be used directly; rather, call common_linkify_mentions().
729
 *
730 731 732
 * @param string    $text
 * @param Profile   $sender the Profile that is sending the current text
 * @param Notice    $parent the Notice this text is in reply to, if any
733
 *
734
 * @return array
735 736
 *
 * @access private
737
 */
738
function common_find_mentions($text, Profile $sender, Notice $parent=null)
739
{
740 741
    $mentions = array();

742
    if (Event::handle('StartFindMentions', array($sender, $text, &$mentions))) {
743
        // Get the context of the original notice, if any
744
        $origMentions = array();
745 746
        // Does it have a parent notice for context?
        if ($parent instanceof Notice) {
747 748 749
            foreach ($parent->getAttentionProfiles() as $repliedTo) {
                if (!$repliedTo->isPerson()) {
                    continue;
750
                }
751
                $origMentions[$repliedTo->id] = $repliedTo;
752 753 754
            }
        }

755
        $matches = common_find_mentions_raw($text);
756 757

        foreach ($matches as $match) {
758 759 760 761 762 763
            try {
                $nickname = Nickname::normalize($match[0]);
            } catch (NicknameException $e) {
                // Bogus match? Drop it.
                continue;
            }
764

765 766 767 768 769 770 771 772 773 774 775
			// primarily mention the profiles mentioned in the parent
            $mention_found_in_origMentions = false;
            foreach($origMentions as $origMentionsId=>$origMention) {
                if($origMention->getNickname() == $nickname) {
                    $mention_found_in_origMentions = $origMention;
                    // don't mention same twice! the parent might have mentioned 
                    // two users with same nickname on different instances
                    unset($origMentions[$origMentionsId]);
                    break;
                }
            }
776

777 778 779 780 781
            // Try to get a profile for this nickname.
            // Start with parents mentions, then go to parents sender context
            if ($mention_found_in_origMentions) {
                $mentioned = $mention_found_in_origMentions;            
            } else if ($parent instanceof Notice && $parent->getProfile()->getNickname() === $nickname) {
782
                $mentioned = $parent->getProfile();
783
            } else {
784
                // sets to null if no match
785 786
                $mentioned = common_relative_profile($sender, $nickname);
            }
787

788
            if ($mentioned instanceof Profile) {
789
                try {
790 791 792 793
                    $url = $mentioned->getUri();    // prefer the URI as URL, if it is one.
                    if (!common_valid_http_url($url)) {
                        $url = $mentioned->getUrl();
                    }
794 795
                } catch (InvalidUrlException $e) {
                    $url = common_local_url('userbyid', array('id' => $mentioned->getID()));
796 797 798
                }

                $mention = array('mentioned' => array($mentioned),
799
                                 'type' => 'mention',
800 801
                                 'text' => $match[0],
                                 'position' => $match[1],
802
                                 'length' => mb_strlen($match[0]),
803
                                 'title' => $mentioned->getFullname(),
804 805 806 807 808 809 810 811 812
                                 'url' => $url);

                $mentions[] = $mention;
            }
        }

        // @#tag => mention of all subscriptions tagged 'tag'

        preg_match_all('/(?:^|[\s\.\,\:\;]+)@#([\pL\pN_\-\.]{1,64})/',
813
                       $text, $hmatches, PREG_OFFSET_CAPTURE);
814 815
        foreach ($hmatches[1] as $hmatch) {
            $tag = common_canonical_tag($hmatch[0]);
816
            $plist = Profile_list::getByTaggerAndTag($sender->getID(), $tag);
817 818 819 820
            if (!$plist instanceof Profile_list || $plist->private) {
                continue;
            }
            $tagged = $sender->getTaggedSubscribers($tag);
821

822
            $url = common_local_url('showprofiletag',
823
                                    array('nickname' => $sender->getNickname(),
824 825 826
                                          'tag' => $tag));

            $mentions[] = array('mentioned' => $tagged,
827
                                'type'      => 'list',
828 829
                                'text' => $hmatch[0],
                                'position' => $hmatch[1],
830
                                'length' => mb_strlen($hmatch[0]),
831 832
                                'url' => $url);
        }
833

834 835 836 837 838 839 840 841
        preg_match_all('/(?:^|[\s\.\,\:\;]+)!(' . Nickname::DISPLAY_FMT . ')/',
                       $text, $hmatches, PREG_OFFSET_CAPTURE);
        foreach ($hmatches[1] as $hmatch) {
            $nickname = Nickname::normalize($hmatch[0]);
            $group = User_group::getForNickname($nickname, $sender);

            if (!$group instanceof User_group || !$sender->isMember($group)) {
                continue;
842
            }
843 844 845

            $profile = $group->getProfile();

846
            $mentions[] = array('mentioned' => array($profile),
847
                                'type'      => 'group',
848 849
                                'text'      => $hmatch[0],
                                'position'  => $hmatch[1],
850
                                'length'    => mb_strlen($hmatch[0]),
851
                                'url'       => $group->permalink(),
852
                                'title'     => $group->getFancyName());
853 854 855 856 857 858 859 860
        }

        Event::handle('EndFindMentions', array($sender, $text, &$mentions));
    }

    return $mentions;
}

861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876
/**
 * Does the actual regex pulls to find @-mentions in text.
 * Should generally not be called directly; for use in common_find_mentions.
 *
 * @param string $text
 * @return array of PCRE match arrays
 */
function common_find_mentions_raw($text)
{
    $tmatches = array();
    preg_match_all('/^T (' . Nickname::DISPLAY_FMT . ') /',
                   $text,
                   $tmatches,
                   PREG_OFFSET_CAPTURE);

    $atmatches = array();
877 878
    // the regexp's "(?!\@)" makes sure it doesn't matches the single "@remote" in "@remote@server.com"
    preg_match_all('/(?:^|\s+)@(' . Nickname::DISPLAY_FMT . ')\b(?!\@)/',
879 880 881 882 883 884 885 886
                   $text,
                   $atmatches,
                   PREG_OFFSET_CAPTURE);

    $matches = array_merge($tmatches[1], $atmatches[1]);
    return $matches;
}

887 888
function common_render_text($text)
{
889 890
    $text = common_remove_unicode_formatting($text);
    $text = nl2br(htmlspecialchars($text));
891

892 893 894 895
    $text = preg_replace('/[\x{0}-\x{8}\x{b}-\x{c}\x{e}-\x{19}]/', '', $text);
    $text = common_replace_urls_callback($text, 'common_linkify');
    $text = preg_replace_callback('/(^|\&quot\;|\'|\(|\[|\{|\s+)#([\pL\pN_\-\.]{1,64})/u',
                function ($m) { return "{$m[1]}#".common_tag_link($m[2]); }, $text);
896
    // XXX: machine tags
897
    return $text;
Evan Prodromou's avatar
Evan Prodromou committed
898 899
}

mmn's avatar
mmn committed
900 901 902
define('_URL_SCHEME_COLON_DOUBLE_SLASH', 1);
define('_URL_SCHEME_SINGLE_COLON', 2);
define('_URL_SCHEME_NO_DOMAIN', 4);
mmn's avatar
mmn committed
903
define('_URL_SCHEME_COLON_COORDINATES', 8);
mmn's avatar
mmn committed
904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932

function common_url_schemes($filter=null)
{
    // TODO: move these to $config
    $schemes = [
                'http'      => _URL_SCHEME_COLON_DOUBLE_SLASH,
                'https'     => _URL_SCHEME_COLON_DOUBLE_SLASH,
                'ftp'       => _URL_SCHEME_COLON_DOUBLE_SLASH,
                'ftps'      => _URL_SCHEME_COLON_DOUBLE_SLASH,
                'mms'       => _URL_SCHEME_COLON_DOUBLE_SLASH,
                'rtsp'      => _URL_SCHEME_COLON_DOUBLE_SLASH,
                'gopher'    => _URL_SCHEME_COLON_DOUBLE_SLASH,
                'news'      => _URL_SCHEME_COLON_DOUBLE_SLASH,
                'nntp'      => _URL_SCHEME_COLON_DOUBLE_SLASH,
                'telnet'    => _URL_SCHEME_COLON_DOUBLE_SLASH,
                'wais'      => _URL_SCHEME_COLON_DOUBLE_SLASH,
                'file'      => _URL_SCHEME_COLON_DOUBLE_SLASH,
                'prospero'  => _URL_SCHEME_COLON_DOUBLE_SLASH,
                'webcal'    => _URL_SCHEME_COLON_DOUBLE_SLASH,
                'irc'       => _URL_SCHEME_COLON_DOUBLE_SLASH,
                'ircs'      => _URL_SCHEME_COLON_DOUBLE_SLASH,
                'aim'       => _URL_SCHEME_SINGLE_COLON,
                'bitcoin'   => _URL_SCHEME_SINGLE_COLON,
                'fax'       => _URL_SCHEME_SINGLE_COLON,
                'jabber'    => _URL_SCHEME_SINGLE_COLON,
                'mailto'    => _URL_SCHEME_SINGLE_COLON,
                'tel'       => _URL_SCHEME_SINGLE_COLON,
                'xmpp'      => _URL_SCHEME_SINGLE_COLON,
                'magnet'    => _URL_SCHEME_NO_DOMAIN,
mmn's avatar
mmn committed
933
                'geo'       => _URL_SCHEME_COLON_COORDINATES,
mmn's avatar
mmn committed
934 935 936 937 938 939 940 941 942 943
                ];

    return array_keys(
            array_filter($schemes,
                function ($scheme) use ($filter) {
                    return is_null($filter) || ($scheme & $filter);
                })
            );
}

944 945 946 947 948 949 950 951
/**
 * Find links in the given text and pass them to the given callback function.
 *
 * @param string $text
 * @param function($text, $arg) $callback: return replacement text
 * @param mixed $arg: optional argument will be passed on to the callback
 */
function common_replace_urls_callback($text, $callback, $arg = null) {
mmn's avatar
mmn committed
952 953 954 955 956 957 958
    $geouri_labeltext_regex = '\pN\pL\-';
    $geouri_mark_regex = '\-\_\.\!\~\*\\\'\(\)';    // the \\\' is really pretty
    $geouri_unreserved_regex = '\pN\pL' . $geouri_mark_regex;
    $geouri_punreserved_regex = '\[\]\:\&\+\$';
    $geouri_pctencoded_regex = '(?:\%[0-9a-fA-F][0-9a-fA-F])';
    $geouri_paramchar_regex = $geouri_unreserved_regex . $geouri_punreserved_regex; //FIXME: add $geouri_pctencoded_regex here so it works

959
    // Start off with a regex
960
    $regex = '#'.
961
    '(?:^|[\s\<\>\(\)\[\]\{\}\\\'\\\";]+)(?![\@\!\#])'.
962
    '('.
963
        '(?:'.
964 965
            '(?:'. //Known protocols
                '(?:'.
mmn's avatar
mmn committed
966
                    '(?:(?:' . implode('|', common_url_schemes(_URL_SCHEME_COLON_DOUBLE_SLASH)) . ')://)'.
967
                    '|'.
mmn's avatar
mmn committed
968
                    '(?:(?:' . implode('|', common_url_schemes(_URL_SCHEME_SINGLE_COLON)) . '):)'.
969
                ')'.
970
                '(?:[\pN\pL\-\_\+\%\~]+(?::[\pN\pL\-\_\+\%\~]+)?\@)?'. //user:pass@
971 972 973 974 975 976
                '(?:'.
                    '(?:'.
                        '\[[\pN\pL\-\_\:\.]+(?<![\.\:])\]'. //[dns]
                    ')|(?:'.
                        '[\pN\pL\-\_\:\.]+(?<![\.\:])'. //dns
                    ')'.
977
                ')'.
978
            ')'.
mmn's avatar
mmn committed
979 980 981 982 983 984 985 986 987 988
            '|(?:'.
                '(?:' . implode('|', common_url_schemes(_URL_SCHEME_COLON_COORDINATES)) . '):'.
                // There's an order that must be followed here too, if ;crs= is used, it must precede ;u=
                // Also 'crsp' (;crs=$crsp) must match $geouri_labeltext_regex
                // Also 'uval' (;u=$uval) must be a pnum: \-?[0-9]+
                '(?:'.
                    '(?:[0-9]+(?:\.[0-9]+)?(?:\,[0-9]+(?:\.[0-9]+)?){1,2})'.    // 1(.23)?(,4(.56)){1,2}
                    '(?:\;(?:['.$geouri_labeltext_regex.']+)(?:\=['.$geouri_paramchar_regex.']+)*)*'.
                ')'.
            ')'.
mmn's avatar
mmn committed
989
            // URLs without domain name, like magnet:?xt=...
mmn's avatar
mmn committed
990
            '|(?:(?:' . implode('|', common_url_schemes(_URL_SCHEME_NO_DOMAIN)) . '):(?=\?))'.  // zero-length lookahead requires ? after :
mmn's avatar
mmn committed
991 992 993 994 995 996 997 998
            (common_config('linkify', 'bare_ipv4')   // Convert IPv4 addresses to hyperlinks
                ? '|(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)'
                : '').
            (common_config('linkify', 'bare_ipv6')   // Convert IPv6 addresses to hyperlinks
                ? '|(?:'. //IPv6
                    '\[?(?:(?:(?:[0-9A-Fa-f]{1,4}:){7}(?:(?:[0-9A-Fa-f]{1,4})|:))|(?:(?:[0-9A-Fa-f]{1,4}:){6}(?::|(?:(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})(?:\.(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})|(?::[0-9A-Fa-f]{1,4})))|(?:(?:[0-9A-Fa-f]{1,4}:){5}(?:(?::(?:(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})(?:\.(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|(?:(?::[0-9A-Fa-f]{1,4}){1,2})))|(?:(?:[0-9A-Fa-f]{1,4}:){4}(?::[0-9A-Fa-f]{1,4}){0,1}(?:(?::(?:(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})(?:\.(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|(?:(?::[0-9A-Fa-f]{1,4}){1,2})))|(?:(?:[0-9A-Fa-f]{1,4}:){3}(?::[0-9A-Fa-f]{1,4}){0,2}(?:(?::(?:(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})(?:\.(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|(?:(?::[0-9A-Fa-f]{1,4}){1,2})))|(?:(?:[0-9A-Fa-f]{1,4}:){2}(?::[0-9A-Fa-f]{1,4}){0,3}(?:(?::(?:(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})(?:\.(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|(?:(?::[0-9A-Fa-f]{1,4}){1,2})))|(?:(?:[0-9A-Fa-f]{1,4}:)(?::[0-9A-Fa-f]{1,4}){0,4}(?:(?::(?:(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})(?:\.(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|(?:(?::[0-9A-Fa-f]{1,4}){1,2})))|(?::(?::[0-9A-Fa-f]{1,4}){0,5}(?:(?::(?:(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})(?:\.(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|(?:(?::[0-9A-Fa-f]{1,4}){1,2})))|(?:(?:(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})(?:\.(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})))\]?(?<!:)'.
                    ')'
                : '').
mmn's avatar
mmn committed
999 1000 1001 1002 1003 1004 1005 1006
            (common_config('linkify', 'bare_domains')
                ? '|(?:'. //DNS
                    '(?:[\pN\pL\-\_\+\%\~]+(?:\:[\pN\pL\-\_\+\%\~]+)?\@)?'. //user:pass@
                    '[\pN\pL\-\_]+(?:\.[\pN\pL\-\_]+)*\.'.
                    //tld list from http://data.iana.org/TLD/tlds-alpha-by-domain.txt, also added local, loc, and onion
                    '(?:AC|AD|AE|AERO|AF|AG|AI|AL|AM|AN|AO|AQ|AR|ARPA|AS|ASIA|AT|AU|AW|AX|AZ|BA|BB|BD|BE|BF|BG|BH|BI|BIZ|BJ|BM|BN|BO|BR|BS|BT|BV|BW|BY|BZ|CA|CAT|CC|CD|CF|CG|CH|CI|CK|CL|CM|CN|CO|COM|COOP|CR|CU|CV|CX|CY|CZ|DE|DJ|DK|DM|DO|DZ|EC|EDU|EE|EG|ER|ES|ET|EU|FI|FJ|FK|FM|FO|FR|GA|GB|GD|GE|GF|GG|GH|GI|GL|GM|GN|GOV|GP|GQ|GR|GS|GT|GU|GW|GY|HK|HM|HN|HR|HT|HU|ID|IE|IL|IM|IN|INFO|INT|IO|IQ|IR|IS|IT|JE|JM|JO|JOBS|JP|KE|KG|KH|KI|KM|KN|KP|KR|KW|KY|KZ|LA|LB|LC|LI|LK|LR|LS|LT|LU|LV|LY|MA|MC|MD|ME|MG|MH|MIL|MK|ML|MM|MN|MO|MOBI|MP|MQ|MR|MS|MT|MU|MUSEUM|MV|MW|MX|MY|MZ|NA|NAME|NC|NE|NET|NF|NG|NI|NL|NO|NP|NR|NU|NZ|OM|ORG|PA|PE|PF|PG|PH|PK|PL|PM|PN|PR|PRO|PS|PT|PW|PY|QA|RE|RO|RS|RU|RW|SA|SB|SC|SD|SE|SG|SH|SI|SJ|SK|SL|SM|SN|SO|SR|ST|SU|SV|SY|SZ|TC|TD|TEL|TF|TG|TH|TJ|TK|TL|TM|TN|TO|TP|TR|TRAVEL|TT|TV|TW|TZ|UA|UG|UK|US|UY|UZ|VA|VC|VE|VG|VI|VN|VU|WF|WS|XN--0ZWM56D|测试|XN--11B5BS3A9AJ6G|परीक्षा|XN--80AKHBYKNJ4F|испытание|XN--9T4B11YI5A|테스트|XN--DEBA0AD|טעסט|XN--G6W251D|測試|XN--HGBK6AJ7F53BBA|آزمایشی|XN--HLCJ6AYA9ESC7A|பரிட்சை|XN--JXALPDLP|δοκιμή|XN--KGBECHTV|إختبار|XN--ZCKZAH|テスト|YE|YT|YU|ZA|ZM|ZONE|ZW|local|loc|onion)'.
            ')(?![\pN\pL\-\_])'
                : '') . // if common_config('linkify', 'bare_domains') is false, don't add anything here
1007
        ')'.
1008
        '(?:'.
1009
            '(?:\:\d+)?'. //:port
1010 1011 1012
            '(?:/[\pN\pL$\,\!\(\)\.\:\-\_\+\/\=\&\;\%\~\*\$\+\'@]*)?'. // /path
            '(?:\?[\pN\pL\$\,\!\(\)\.\:\-\_\+\/\=\&\;\%\~\*\$\+\'@\/]*)?'. // ?query string
            '(?:\#[\pN\pL$\,\!\(\)\.\:\-\_\+\/\=\&\;\%\~\*\$\+\'\@/\?\#]*)?'. // #fragment
1013
        ')(?<![\?\.\,\#\,])'.
1014
    ')'.
1015
    '#ixu';
1016
    //preg_match_all($regex,$text,$matches);
1017
    //print_r($matches);
1018
    return preg_replace_callback($regex, curry('callback_helper',$callback,$arg) ,$text);
1019
}
1020

1021 1022 1023 1024 1025 1026 1027 1028
/**
 * Intermediate callback for common_replace_links(), helps resolve some
 * ambiguous link forms before passing on to the final callback.
 *
 * @param array $matches
 * @param callable $callback
 * @param mixed $arg optional argument to pass on as second param to callback
 * @return string
1029
 *
1030 1031 1032
 * @access private
 */
function callback_helper($matches, $callback, $arg=null) {
1033
    $url=$matches[1];
1034 1035
    $left = strpos($matches[0],$url);
    $right = $left+strlen($url);
1036

1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048
    $groupSymbolSets=array(
        array(
            'left'=>'(',
            'right'=>')'
        ),
        array(
            'left'=>'[',
            'right'=>']'
        ),
        array(
            'left'=>'{',
            'right'=>'}'
1049 1050 1051 1052
        ),
        array(
            'left'=>'<',
            'right'=>'>'
1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073
        )
    );
    $cannotEndWith=array('.','?',',','#');
    $original_url=$url;
    do{
        $original_url=$url;
        foreach($groupSymbolSets as $groupSymbolSet){
            if(substr($url,-1)==$groupSymbolSet['right']){
                $group_left_count = substr_count($url,$groupSymbolSet['left']);
                $group_right_count = substr_count($url,$groupSymbolSet['right']);
                if($group_left_count<$group_right_count){
                    $right-=1;
                    $url=substr($url,0,-1);
                }
            }
        }
        if(in_array(substr($url,-1),$cannotEndWith)){
            $right-=1;
            $url=substr($url,0,-1);
        }
    }while($original_url!=$url);
1074

1075
    $result = call_user_func_array($callback, array($url, $arg));
1076
    return substr($matches[0],0,$left) . $result . substr($matches[0],$right);
1077
}
1078

1079
require_once INSTALLDIR . "/lib/curry.php";
1080 1081

function common_linkify($url) {
Evan Prodromou's avatar
Evan Prodromou committed
1082 1083 1084
    // It comes in special'd, so we unspecial it before passing to the stringifying
    // functions
    $url = htmlspecialchars_decode($url);
1085

1086 1087 1088 1089 1090
    if (strpos($url, '@') !== false && strpos($url, ':') === false && Validate::email($url)) {
        //url is an email address without the mailto: protocol
        $canon = "mailto:$url";
        $longurl = "mailto:$url";
    } else {
1091
        $canon = File_redirection::_canonUrl($url);
1092
        $longurl_data = File_redirection::where($canon, common_config('attachments', 'process_links'));
hannes's avatar
hannes committed
1093 1094 1095 1096 1097 1098 1099
        
        if(isset($longurl_data->redir_url)) {
			$longurl = $longurl_data->redir_url;
        } else {
            // e.g. local files
	        $longurl = $longurl_data->url;
        }
1100
    }
hannes's avatar
hannes committed
1101 1102
    
    $attrs = array('href' => $longurl, 'title' => $longurl);
1103

1104 1105 1106 1107
    $is_attachment = false;
    $attachment_id = null;
    $has_thumb = false;

1108
    // Check to see whether this is a known "attachment" URL.
1109

mmn's avatar
mmn committed
1110 1111 1112
    try {
        $f = File::getByUrl($longurl);
    } catch (NoResultException $e) {
1113 1114
        if (common_config('attachments', 'process_links')) {
            // XXX: this writes to the database. :<
1115 1116 1117 1118 1119
            try {
                $f = File::processNew($longurl);
            } catch (ServerException $e) {
                $f = null;
            }
1120
        }
1121 1122
    }

1123 1124 1125
    if ($f instanceof File) {
        try {
            $enclosure = $f->getEnclosure();
1126
            $is_attachment = true;
1127
            $attachment_id = $f->id;
1128

1129
            $thumb = File_thumbnail::getKV('file_id', $f->id);
1130 1131 1132
            $has_thumb = ($thumb instanceof File_thumbnail);
        } catch (ServerException $e) {
            // There was not enough metadata available
1133 1134 1135 1136 1137 1138 1139
        }
    }

    // Add clippy
    if ($is_attachment) {
        $attrs['class'] = 'attachment';
        if ($has_thumb) {
1140 1141
            $attrs['class'] = 'attachment thumbnail';
        }
1142
        $attrs['id'] = "attachment-{$attachment_id}";
1143
    }
1144

1145 1146 1147 1148 1149 1150