util.php 82 KB
Newer Older
1
<?php
Evan Prodromou's avatar
Evan Prodromou committed
2
/*
3
 * StatusNet - the distributed open-source microblogging tool
4
 * Copyright (C) 2008-2011, StatusNet, Inc.
Evan Prodromou's avatar
Evan Prodromou committed
5
 *
6 7 8 9
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
Evan Prodromou's avatar
Evan Prodromou committed
10
 *
11 12 13 14
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
Evan Prodromou's avatar
Evan Prodromou committed
15
 *
16 17 18 19
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

20
/* XXX: break up into separate modules (HTTP, user, files) */
21

22 23 24
/**
 * Show a server error.
 */
25 26
function common_server_error($msg, $code=500)
{
27 28
    $err = new ServerErrorAction($msg, $code);
    $err->showPage();
29 30
}

31 32 33
/**
 * Show a user error.
 */
34 35
function common_user_error($msg, $code=400)
{
36 37
    $err = new ClientErrorAction($msg, $code);
    $err->showPage();
38 39
}

40 41 42
/**
 * This should only be used at setup; processes switching languages
 * to send text to other users should use common_switch_locale().
43
 *
44 45 46 47
 * @param string $language Locale language code (optional; empty uses
 *                         current user's preference or site default)
 * @return mixed success
 */
48 49
function common_init_locale($language=null)
{
50 51 52 53 54
    if(!$language) {
        $language = common_language();
    }
    putenv('LANGUAGE='.$language);
    putenv('LANG='.$language);
55
    $ok =  setlocale(LC_ALL, $language . ".utf8",
56 57 58 59
                     $language . ".UTF8",
                     $language . ".utf-8",
                     $language . ".UTF-8",
                     $language);
60 61

    return $ok;
62 63
}

64 65 66
/**
 * Initialize locale and charset settings and gettext with our message catalog,
 * using the current user's language preference or the site default.
67
 *
68 69
 * This should generally only be run at framework initialization; code switching
 * languages at runtime should call common_switch_language().
70
 *
71 72
 * @access private
 */
73 74
function common_init_language()
{
75
    mb_internal_encoding('UTF-8');
76

77 78
    // Note that this setlocale() call may "fail" but this is harmless;
    // gettext will still select the right language.
79 80
    $language = common_language();
    $locale_set = common_init_locale($language);
81

82 83 84 85 86 87 88 89 90 91 92 93
    if (!$locale_set) {
        // The requested locale doesn't exist on the system.
        //
        // gettext seems very picky... We first need to setlocale()
        // to a locale which _does_ exist on the system, and _then_
        // we can set in another locale that may not be set up
        // (say, ga_ES for Galego/Galician) it seems to take it.
        //
        // For some reason C and POSIX which are guaranteed to work
        // don't do the job. en_US.UTF-8 should be there most of the
        // time, but not guaranteed.
        $ok = common_init_locale("en_US");
94 95
        if (!$ok && strtolower(substr(PHP_OS, 0, 3)) != 'win') {
            // Try to find a complete, working locale on Unix/Linux...
96 97 98 99 100 101 102 103 104 105 106
            // @fixme shelling out feels awfully inefficient
            // but I don't think there's a more standard way.
            $all = `locale -a`;
            foreach (explode("\n", $all) as $locale) {
                if (preg_match('/\.utf[-_]?8$/i', $locale)) {
                    $ok = setlocale(LC_ALL, $locale);
                    if ($ok) {
                        break;
                    }
                }
            }
107 108 109
        }
        if (!$ok) {
            common_log(LOG_ERR, "Unable to find a UTF-8 locale on this system; UI translations may not work.");
110 111 112 113
        }
        $locale_set = common_init_locale($language);
    }

114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139
    common_init_gettext();
}

/**
 * @access private
 */
function common_init_gettext()
{
    setlocale(LC_CTYPE, 'C');
    // So we do not have to make people install the gettext locales
    $path = common_config('site','locale_path');
    bindtextdomain("statusnet", $path);
    bind_textdomain_codeset("statusnet", "UTF-8");
    textdomain("statusnet");
}

/**
 * Switch locale during runtime, and poke gettext until it cries uncle.
 * Otherwise, sometimes it doesn't actually switch away from the old language.
 *
 * @param string $language code for locale ('en', 'fr', 'pt_BR' etc)
 */
function common_switch_locale($language=null)
{
    common_init_locale($language);

140
    setlocale(LC_CTYPE, 'C');
141
    // So we do not have to make people install the gettext locales
142 143
    $path = common_config('site','locale_path');
    bindtextdomain("statusnet", $path);
144 145
    bind_textdomain_codeset("statusnet", "UTF-8");
    textdomain("statusnet");
146 147
}

148 149
function common_timezone()
{
150 151 152 153 154 155
    if (common_logged_in()) {
        $user = common_current_user();
        if ($user->timezone) {
            return $user->timezone;
        }
    }
156

157
    return common_config('site', 'timezone');
158 159
}

160 161 162 163 164 165 166 167 168 169 170 171 172 173
function common_valid_language($lang)
{
    if ($lang) {
        // Validate -- we don't want to end up with a bogus code
        // left over from some old junk.
        foreach (common_config('site', 'languages') as $code => $info) {
            if ($info['lang'] == $lang) {
                return true;
            }
        }
    }
    return false;
}

174 175
function common_language()
{
176 177 178 179 180 181 182 183
    // Allow ?uselang=xx override, very useful for debugging
    // and helping translators check usage and context.
    if (isset($_GET['uselang'])) {
        $uselang = strval($_GET['uselang']);
        if (common_valid_language($uselang)) {
            return $uselang;
        }
    }
184

185 186
    // If there is a user logged in and they've set a language preference
    // then return that one...
187
    if (_have_config() && common_logged_in()) {
188
        $user = common_current_user();
189 190 191

        if (common_valid_language($user->language)) {
            return $user->language;
192
        }
193
    }
194

195 196
    // Otherwise, find the best match for the languages requested by the
    // user's browser...
Brion Vibber's avatar
Brion Vibber committed
197 198 199 200 201 202 203
    if (common_config('site', 'langdetect')) {
        $httplang = isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? $_SERVER['HTTP_ACCEPT_LANGUAGE'] : null;
        if (!empty($httplang)) {
            $language = client_prefered_language($httplang);
            if ($language)
              return $language;
        }
204
    }
205

206 207
    // Finally, if none of the above worked, use the site's default...
    return common_config('site', 'language');
208
}
209

210 211 212
/**
 * Salted, hashed passwords are stored in the DB.
 */
213
function common_munge_password($password, Profile $profile=null)
214
{
215 216 217 218 219 220 221
    $hashed = null;

    if (Event::handle('StartHashPassword', array(&$hashed, $password, $profile))) {
        Event::handle('EndHashPassword', array(&$hashed, $password, $profile));
    }
    if (empty($hashed)) {
        throw new PasswordHashException();
222
    }
223 224

    return $hashed;
225 226
}

227 228 229
/**
 * Check if a username exists and has matching password.
 */
230 231
function common_check_user($nickname, $password)
{
232 233 234 235 236
    // empty nickname always unacceptable
    if (empty($nickname)) {
        return false;
    }

237 238 239
    $authenticatedUser = false;

    if (Event::handle('StartCheckPassword', array($nickname, $password, &$authenticatedUser))) {
240 241

        if (common_is_email($nickname)) {
242
            $user = User::getKV('email', common_canonical_email($nickname));
243
        } else {
244
            $user = User::getKV('nickname', Nickname::normalize($nickname));
245 246
        }

247
        if ($user instanceof User && !empty($password)) {
248
            if (0 == strcmp(common_munge_password($password, $user->getProfile()), $user->password)) {
249 250
                //internal checking passed
                $authenticatedUser = $user;
251 252
            }
        }
253
    }
254
    Event::handle('EndCheckPassword', array($nickname, $password, $authenticatedUser));
255 256

    return $authenticatedUser;
257 258
}

259 260 261
/**
 * Is the current user logged in?
 */
262 263
function common_logged_in()
{
264
    return (!is_null(common_current_user()));
265 266
}

267 268 269 270 271
function common_local_referer()
{
    return parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) === common_config('site', 'server');
}

272 273
function common_have_session()
{
274
    return (0 != strcmp(session_id(), ''));
275 276
}

277 278
function common_ensure_session()
{
Evan Prodromou's avatar
Evan Prodromou committed
279
    $c = null;
280
    if (array_key_exists(session_name(), $_COOKIE)) {
Evan Prodromou's avatar
Evan Prodromou committed
281 282
        $c = $_COOKIE[session_name()];
    }
283
    if (!common_have_session()) {
284 285 286
        if (common_config('sessions', 'handle')) {
            Session::setSaveHandler();
        }
Evan Prodromou's avatar
Evan Prodromou committed
287 288 289 290 291 292 293 294
	if (array_key_exists(session_name(), $_GET)) {
	    $id = $_GET[session_name()];
	} else if (array_key_exists(session_name(), $_COOKIE)) {
	    $id = $_COOKIE[session_name()];
	}
	if (isset($id)) {
	    session_id($id);
	}
295
        @session_start();
Evan Prodromou's avatar
Evan Prodromou committed
296 297
        if (!isset($_SESSION['started'])) {
            $_SESSION['started'] = time();
Evan Prodromou's avatar
Evan Prodromou committed
298
            if (!empty($id)) {
Evan Prodromou's avatar
Evan Prodromou committed
299 300 301 302
                common_log(LOG_WARNING, 'Session cookie "' . $_COOKIE[session_name()] . '" ' .
                           ' is set but started value is null');
            }
        }
303
    }
304 305
}

306 307 308 309
// Three kinds of arguments:
// 1) a user object
// 2) a nickname
// 3) null to clear
310

311
// Initialize to false; set to null if none found
312 313
$_cur = false;

314 315
function common_set_user($user)
{
316 317
    global $_cur;

318 319 320 321 322 323
    if (is_null($user) && common_have_session()) {
        $_cur = null;
        unset($_SESSION['userid']);
        return true;
    } else if (is_string($user)) {
        $nickname = $user;
324
        $user = User::getKV('nickname', $nickname);
325
    } else if (!$user instanceof User) {
326 327 328 329
        return false;
    }

    if ($user) {
330
        if (Event::handle('StartSetUser', array(&$user))) {
331 332
            if (!empty($user)) {
                if (!$user->hasRight(Right::WEBLOGIN)) {
333
                    // TRANS: Authorisation exception thrown when a user a not allowed to login.
334 335
                    throw new AuthorizationException(_('Not allowed to log in.'));
                }
336 337 338 339 340 341 342
                common_ensure_session();
                $_SESSION['userid'] = $user->id;
                $_cur = $user;
                Event::handle('EndSetUser', array($user));
                return $_cur;
            }
        }
343 344
    }
    return false;
345 346
}

347 348
function common_set_cookie($key, $value, $expiration=0)
{
349 350
    $path = common_config('site', 'path');
    $server = common_config('site', 'server');
351

352 353 354 355 356 357 358 359 360
    if ($path && ($path != '/')) {
        $cookiepath = '/' . $path . '/';
    } else {
        $cookiepath = '/';
    }
    return setcookie($key,
                     $value,
                     $expiration,
                     $cookiepath,
361
                     $server,
mmn's avatar
mmn committed
362
                     GNUsocial::useHTTPS());
363 364 365
}

define('REMEMBERME', 'rememberme');
366
define('REMEMBERME_EXPIRY', 30 * 24 * 60 * 60); // 30 days
367

368 369
function common_rememberme($user=null)
{
370 371 372 373 374 375
    if (!$user) {
        $user = common_current_user();
        if (!$user) {
            return false;
        }
    }
376

377
    $rm = new Remember_me();
378

379
    $rm->code = common_random_hexstr(16);
380
    $rm->user_id = $user->id;
381

382
    // Wrap the insert in some good ol' fashioned transaction code
383 384 385

    $rm->query('BEGIN');

386
    $result = $rm->insert();
387

388 389
    if (!$result) {
        common_log_db_error($rm, 'INSERT', __FILE__);
390
        $rm->query('ROLLBACK');
391
        return false;
392 393
    }

394 395
    $rm->query('COMMIT');

396 397
    $cookieval = $rm->user_id . ':' . $rm->code;

398
    common_log(LOG_INFO, 'adding rememberme cookie "' . $cookieval . '" for ' . $user->nickname);
399

400
    common_set_cookie(REMEMBERME, $cookieval, time() + REMEMBERME_EXPIRY);
401

402
    return true;
403 404
}

405 406
function common_remembered_user()
{
407
    $user = null;
408

409
    $packed = isset($_COOKIE[REMEMBERME]) ? $_COOKIE[REMEMBERME] : null;
410

411 412
    if (!$packed) {
        return null;
413 414 415 416 417
    }

    list($id, $code) = explode(':', $packed);

    if (!$id || !$code) {
418
        common_log(LOG_WARNING, 'Malformed rememberme cookie: ' . $packed);
419
        common_forgetme();
420
        return null;
421 422
    }

423
    $rm = Remember_me::getKV('code', $code);
424 425

    if (!$rm) {
426
        common_log(LOG_WARNING, 'No such remember code: ' . $code);
427
        common_forgetme();
428
        return null;
429 430 431
    }

    if ($rm->user_id != $id) {
432
        common_log(LOG_WARNING, 'Rememberme code for wrong user: ' . $rm->user_id . ' != ' . $id);
433
        common_forgetme();
434
        return null;
435 436
    }

437
    $user = User::getKV('id', $rm->user_id);
438

439
    if (!$user instanceof User) {
440
        common_log(LOG_WARNING, 'No such user for rememberme: ' . $rm->user_id);
441
        common_forgetme();
442
        return null;
443 444
    }

445
    // successful!
446 447 448 449
    $result = $rm->delete();

    if (!$result) {
        common_log_db_error($rm, 'DELETE', __FILE__);
450
        common_log(LOG_WARNING, 'Could not delete rememberme: ' . $code);
451
        common_forgetme();
452
        return null;
453 454 455 456
    }

    common_log(LOG_INFO, 'logging in ' . $user->nickname . ' using rememberme code ' . $rm->code);

457
    common_set_user($user);
458 459
    common_real_login(false);

460 461
    // We issue a new cookie, so they can log in
    // automatically again after this session
462 463 464

    common_rememberme($user);

465
    return $user;
466 467
}

468 469 470
/**
 * must be called with a valid user!
 */
471 472
function common_forgetme()
{
473
    common_set_cookie(REMEMBERME, '', 0);
474 475
}

476 477 478
/**
 * Who is the current user?
 */
479 480
function common_current_user()
{
481 482
    global $_cur;

483 484 485 486
    if (!_have_config()) {
        return null;
    }

487 488
    if ($_cur === false) {

489 490
        if (isset($_COOKIE[session_name()]) || isset($_GET[session_name()])
            || (isset($_SESSION['userid']) && $_SESSION['userid'])) {
491 492 493
            common_ensure_session();
            $id = isset($_SESSION['userid']) ? $_SESSION['userid'] : false;
            if ($id) {
494 495
                $user = User::getKV('id', $id);
                if ($user instanceof User) {
496 497 498
                	$_cur = $user;
                	return $_cur;
                }
499 500 501
            }
        }

502
        // that didn't work; try to remember; will init $_cur to null on failure
503 504 505
        $_cur = common_remembered_user();

        if ($_cur) {
506
            // XXX: Is this necessary?
507 508 509 510
            $_SESSION['userid'] = $_cur->id;
        }
    }

511
    return $_cur;
512 513
}

514 515 516 517 518
/**
 * Logins that are 'remembered' aren't 'real' -- they're subject to
 * cookie-stealing. So, we don't let them do certain things. New reg,
 * OpenID, and password logins _are_ real.
 */
519 520
function common_real_login($real=true)
{
521 522
    common_ensure_session();
    $_SESSION['real_login'] = $real;
523 524
}

525 526
function common_is_real_login()
{
527
    return common_logged_in() && $_SESSION['real_login'];
528 529
}

530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552
/**
 * Get a hash portion for HTTP caching Etags and such including
 * info on the current user's session. If login/logout state changes,
 * or we've changed accounts, or we've renamed the current user,
 * we'll get a new hash value.
 *
 * This should not be considered secure information.
 *
 * @param User $user (optional; uses common_current_user() if left out)
 * @return string
 */
function common_user_cache_hash($user=false)
{
    if ($user === false) {
        $user = common_current_user();
    }
    if ($user) {
        return crc32($user->id . ':' . $user->nickname);
    } else {
        return '0';
    }
}

553 554 555 556 557
/**
 * get canonical version of nickname for comparison
 *
 * @param string $nickname
 * @return string
558 559 560
 *
 * @throws NicknameException on invalid input
 * @deprecated call Nickname::normalize() directly.
561
 */
562 563
function common_canonical_nickname($nickname)
{
564
    return Nickname::normalize($nickname);
565 566
}

567 568 569 570 571 572 573 574 575
/**
 * get canonical version of email for comparison
 *
 * @fixme actually normalize
 * @fixme reject invalid input
 *
 * @param string $email
 * @return string
 */
576 577
function common_canonical_email($email)
{
578 579 580
    // XXX: canonicalize UTF-8
    // XXX: lcase the domain part
    return $email;
581 582
}

583 584 585 586 587 588 589 590 591
function common_to_alphanumeric($str)
{
    $filtered = preg_replace('/[^A-Za-z0-9]\s*/', '', $str);
    if (strlen($filtered) < 1) {
        throw new Exception('Filtered string was zero-length.');
    }
    return $filtered;
}

592 593
function common_purify($html)
{
mmn's avatar
mmn committed
594
    require_once INSTALLDIR.'/extlib/HTMLPurifier/HTMLPurifier.auto.php';
595

mmn's avatar
mmn committed
596
    $cfg = HTMLPurifier_Config::createDefault();
597
    $cfg->set('Attr.AllowedRel', ['bookmark', 'directory', 'enclosure', 'home', 'license', 'nofollow', 'payment', 'tag']);  // http://microformats.org/wiki/rel
mmn's avatar
mmn committed
598
    $cfg->set('HTML.ForbiddenAttributes', array('style'));  // id, on* etc. are already filtered by default
599
    $cfg->set('URI.AllowedSchemes', array_fill_keys(common_url_schemes(), true));
600

mmn's avatar
mmn committed
601 602 603
    // Remove more elements than what the default filter removes, default in GNU social are remotely
    // linked resources such as img, video, audio
    $forbiddenElements = array();
604 605
    foreach (common_config('htmlfilter') as $tag=>$filter) {
        if ($filter === true) {
mmn's avatar
mmn committed
606
            $forbiddenElements[] = $tag;
607 608
        }
    }
mmn's avatar
mmn committed
609
    $cfg->set('HTML.ForbiddenElements', $forbiddenElements);
610

611 612
    $html = common_remove_unicode_formatting($html);

mmn's avatar
mmn committed
613 614
    $purifier = new HTMLPurifier($cfg);
    $purified = $purifier->purify($html);
615
    Event::handle('EndCommonPurify', array(&$purified, $html));
hannes's avatar
hannes committed
616 617
    
    return $purified;
618 619 620 621 622 623 624 625 626
}

function common_remove_unicode_formatting($text)
{
    // Strip Unicode text formatting/direction codes
    // this is pretty dangerous for visualisation of text and can be used for mischief
    return preg_replace('/[\\x{200b}-\\x{200f}\\x{202a}-\\x{202e}]/u', '', $text);
}

627 628 629
/**
 * Partial notice markup rendering step: build links to !group references.
 *
630 631 632
 * @param string    $text partially rendered HTML
 * @param Profile   $author the Profile that is composing the current notice
 * @param Notice    $parent the Notice this is sent in reply to, if any
633 634
 * @return string partially rendered HTML
 */
635
function common_render_content($text, Profile $author, Notice $parent=null)
636
{
637
    $text = common_render_text($text);
638
    $text = common_linkify_mentions($text, $author, $parent);
639
    return $text;
640 641
}

642 643 644 645 646 647
/**
 * Finds @-mentions within the partially-rendered text section and
 * turns them into live links.
 *
 * Should generally not be called except from common_render_content().
 *
648 649 650
 * @param string    $text   partially-rendered HTML
 * @param Profile   $author the Profile that is composing the current notice
 * @param Notice    $parent the Notice this is sent in reply to, if any
651 652
 * @return string partially-rendered HTML
 */
653
function common_linkify_mentions($text, Profile $author, Notice $parent=null)
654
{
655
    $mentions = common_find_mentions($text, $author, $parent);
656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673

    // We need to go through in reverse order by position,
    // so our positions stay valid despite our fudging with the
    // string!

    $points = array();

    foreach ($mentions as $mention)
    {
        $points[$mention['position']] = $mention;
    }

    krsort($points);

    foreach ($points as $position => $mention) {

        $linkText = common_linkify_mention($mention);

674
        $text = substr_replace($text, $linkText, $position, $mention['length']);
675 676 677 678 679
    }

    return $text;
}

680
function common_linkify_mention(array $mention)
681 682 683 684 685 686 687 688
{
    $output = null;

    if (Event::handle('StartLinkifyMention', array($mention, &$output))) {

        $xs = new XMLStringer(false);

        $attrs = array('href' => $mention['url'],
mmn's avatar
mmn committed
689
                       'class' => 'h-card '.$mention['type']);
690 691 692 693 694

        if (!empty($mention['title'])) {
            $attrs['title'] = $mention['title'];
        }

mmn's avatar
mmn committed
695
        $xs->element('a', $attrs, $mention['text']);
696 697 698 699 700 701 702 703 704

        $output = $xs->getString();

        Event::handle('EndLinkifyMention', array($mention, &$output));
    }

    return $output;
}

705
function common_get_attentions($text, Profile $sender, Notice $parent=null)
706 707 708 709 710
{
    $mentions = common_find_mentions($text, $sender, $parent);
    $atts = array();
    foreach ($mentions as $mention) {
        foreach ($mention['mentioned'] as $mentioned) {
711
            $atts[$mentioned->getUri()] = $mentioned->getObjectType();
712 713
        }
    }
714 715 716 717 718
    if ($parent instanceof Notice) {
        $parentAuthor = $parent->getProfile();
        // afaik groups can't be authors
        $atts[$parentAuthor->getUri()] = ActivityObject::PERSON;
    }
719 720 721
    return $atts;
}

722
/**
723 724 725 726 727 728
 * Find @-mentions in the given text, using the given notice object as context.
 * References will be resolved with common_relative_profile() against the user
 * who posted the notice.
 *
 * Note the return data format is internal, to be used for building links and
 * such. Should not be used directly; rather, call common_linkify_mentions().
729
 *
730 731 732
 * @param string    $text
 * @param Profile   $sender the Profile that is sending the current text
 * @param Notice    $parent the Notice this text is in reply to, if any
733
 *
734
 * @return array
735 736
 *
 * @access private
737
 */
738
function common_find_mentions($text, Profile $sender, Notice $parent=null)
739
{
740 741
    $mentions = array();

742
    if (Event::handle('StartFindMentions', array($sender, $text, &$mentions))) {
743
        // Get the context of the original notice, if any
744
        $origMentions = array();
745 746
        // Does it have a parent notice for context?
        if ($parent instanceof Notice) {
747 748 749
            foreach ($parent->getAttentionProfiles() as $repliedTo) {
                if (!$repliedTo->isPerson()) {
                    continue;
750
                }
751
                $origMentions[$repliedTo->id] = $repliedTo;
752 753 754
            }
        }

755
        $matches = common_find_mentions_raw($text);
756 757

        foreach ($matches as $match) {
758 759 760 761 762 763
            try {
                $nickname = Nickname::normalize($match[0]);
            } catch (NicknameException $e) {
                // Bogus match? Drop it.
                continue;
            }
764

765 766 767 768 769 770 771 772 773 774 775
			// primarily mention the profiles mentioned in the parent
            $mention_found_in_origMentions = false;
            foreach($origMentions as $origMentionsId=>$origMention) {
                if($origMention->getNickname() == $nickname) {
                    $mention_found_in_origMentions = $origMention;
                    // don't mention same twice! the parent might have mentioned 
                    // two users with same nickname on different instances
                    unset($origMentions[$origMentionsId]);
                    break;
                }
            }
776

777 778 779 780 781
            // Try to get a profile for this nickname.
            // Start with parents mentions, then go to parents sender context
            if ($mention_found_in_origMentions) {
                $mentioned = $mention_found_in_origMentions;            
            } else if ($parent instanceof Notice && $parent->getProfile()->getNickname() === $nickname) {
782
                $mentioned = $parent->getProfile();
783
            } else {
784
                // sets to null if no match
785 786
                $mentioned = common_relative_profile($sender, $nickname);
            }
787

788
            if ($mentioned instanceof Profile) {
789
                try {
790 791 792 793
                    $url = $mentioned->getUri();    // prefer the URI as URL, if it is one.
                    if (!common_valid_http_url($url)) {
                        $url = $mentioned->getUrl();
                    }
794 795
                } catch (InvalidUrlException $e) {
                    $url = common_local_url('userbyid', array('id' => $mentioned->getID()));
796 797 798
                }

                $mention = array('mentioned' => array($mentioned),
799
                                 'type' => 'mention',
800 801
                                 'text' => $match[0],
                                 'position' => $match[1],
802
                                 'length' => mb_strlen($match[0]),
803
                                 'title' => $mentioned->getFullname(),
804 805 806 807 808 809 810 811 812
                                 'url' => $url);

                $mentions[] = $mention;
            }
        }

        // @#tag => mention of all subscriptions tagged 'tag'

        preg_match_all('/(?:^|[\s\.\,\:\;]+)@#([\pL\pN_\-\.]{1,64})/',
813
                       $text, $hmatches, PREG_OFFSET_CAPTURE);
814 815
        foreach ($hmatches[1] as $hmatch) {
            $tag = common_canonical_tag($hmatch[0]);
816
            $plist = Profile_list::getByTaggerAndTag($sender->getID(), $tag);
817 818 819 820
            if (!$plist instanceof Profile_list || $plist->private) {
                continue;
            }
            $tagged = $sender->getTaggedSubscribers($tag);
821

822
            $url = common_local_url('showprofiletag',
823
                                    array('nickname' => $sender->getNickname(),
824 825 826
                                          'tag' => $tag));

            $mentions[] = array('mentioned' => $tagged,
827
                                'type'      => 'list',
828 829
                                'text' => $hmatch[0],
                                'position' => $hmatch[1],
830
                                'length' => mb_strlen($hmatch[0]),
831 832
                                'url' => $url);
        }
833

834 835 836 837 838 839 840 841
        preg_match_all('/(?:^|[\s\.\,\:\;]+)!(' . Nickname::DISPLAY_FMT . ')/',
                       $text, $hmatches, PREG_OFFSET_CAPTURE);
        foreach ($hmatches[1] as $hmatch) {
            $nickname = Nickname::normalize($hmatch[0]);
            $group = User_group::getForNickname($nickname, $sender);

            if (!$group instanceof User_group || !$sender->isMember($group)) {
                continue;
842
            }
843 844 845

            $profile = $group->getProfile();

846
            $mentions[] = array('mentioned' => array($profile),
847
                                'type'      => 'group',
848 849
                                'text'      => $hmatch[0],
                                'position'  => $hmatch[1],
850
                                'length'    => mb_strlen($hmatch[0]),
851
                                'url'       => $group->permalink(),
852
                                'title'     => $group->getFancyName());
853 854 855 856 857 858 859 860
        }

        Event::handle('EndFindMentions', array($sender, $text, &$mentions));
    }

    return $mentions;
}

861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876
/**
 * Does the actual regex pulls to find @-mentions in text.
 * Should generally not be called directly; for use in common_find_mentions.
 *
 * @param string $text
 * @return array of PCRE match arrays
 */
function common_find_mentions_raw($text)
{
    $tmatches = array();
    preg_match_all('/^T (' . Nickname::DISPLAY_FMT . ') /',
                   $text,
                   $tmatches,
                   PREG_OFFSET_CAPTURE);

    $atmatches = array();
877 878
    // the regexp's "(?!\@)" makes sure it doesn't matches the single "@remote" in "@remote@server.com"
    preg_match_all('/(?:^|\s+)@(' . Nickname::DISPLAY_FMT . ')\b(?!\@)/',
879 880 881 882 883 884 885 886
                   $text,
                   $atmatches,
                   PREG_OFFSET_CAPTURE);

    $matches = array_merge($tmatches[1], $atmatches[1]);
    return $matches;
}

887 888
function common_render_text($text)
{
889 890
    $text = common_remove_unicode_formatting($text);
    $text = nl2br(htmlspecialchars($text));
891

892 893 894 895
    $text = preg_replace('/[\x{0}-\x{8}\x{b}-\x{c}\x{e}-\x{19}]/', '', $text);
    $text = common_replace_urls_callback($text, 'common_linkify');
    $text = preg_replace_callback('/(^|\&quot\;|\'|\(|\[|\{|\s+)#([\pL\pN_\-\.]{1,64})/u',
                function ($m) { return "{$m[1]}#".common_tag_link($m[2]); }, $text);
896
    // XXX: machine tags
897
    return $text;
Evan Prodromou's avatar
Evan Prodromou committed
898 899
}

mmn's avatar
mmn committed
900 901 902
define('_URL_SCHEME_COLON_DOUBLE_SLASH', 1);
define('_URL_SCHEME_SINGLE_COLON', 2);
define('_URL_SCHEME_NO_DOMAIN', 4);
903
define('_URL_SCHEME_COLON_COORDINATES', 8);
mmn's avatar
mmn committed
904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932

function common_url_schemes($filter=null)
{
    // TODO: move these to $config
    $schemes = [
                'http'      => _URL_SCHEME_COLON_DOUBLE_SLASH,
                'https'     => _URL_SCHEME_COLON_DOUBLE_SLASH,
                'ftp'       => _URL_SCHEME_COLON_DOUBLE_SLASH,
                'ftps'      => _URL_SCHEME_COLON_DOUBLE_SLASH,
                'mms'       => _URL_SCHEME_COLON_DOUBLE_SLASH,
                'rtsp'      => _URL_SCHEME_COLON_DOUBLE_SLASH,
                'gopher'    => _URL_SCHEME_COLON_DOUBLE_SLASH,
                'news'      => _URL_SCHEME_COLON_DOUBLE_SLASH,
                'nntp'      => _URL_SCHEME_COLON_DOUBLE_SLASH,
                'telnet'    => _URL_SCHEME_COLON_DOUBLE_SLASH,
                'wais'      => _URL_SCHEME_COLON_DOUBLE_SLASH,
                'file'      => _URL_SCHEME_COLON_DOUBLE_SLASH,
                'prospero'  => _URL_SCHEME_COLON_DOUBLE_SLASH,
                'webcal'    => _URL_SCHEME_COLON_DOUBLE_SLASH,
                'irc'       => _URL_SCHEME_COLON_DOUBLE_SLASH,
                'ircs'      => _URL_SCHEME_COLON_DOUBLE_SLASH,
                'aim'       => _URL_SCHEME_SINGLE_COLON,
                'bitcoin'   => _URL_SCHEME_SINGLE_COLON,
                'fax'       => _URL_SCHEME_SINGLE_COLON,
                'jabber'    => _URL_SCHEME_SINGLE_COLON,
                'mailto'    => _URL_SCHEME_SINGLE_COLON,
                'tel'       => _URL_SCHEME_SINGLE_COLON,
                'xmpp'      => _URL_SCHEME_SINGLE_COLON,
                'magnet'    => _URL_SCHEME_NO_DOMAIN,
933
                'geo'       => _URL_SCHEME_COLON_COORDINATES,
mmn's avatar
mmn committed
934 935 936 937 938 939 940 941 942 943
                ];

    return array_keys(
            array_filter($schemes,
                function ($scheme) use ($filter) {
                    return is_null($filter) || ($scheme & $filter);
                })
            );
}

944 945 946 947 948 949 950 951
/**
 * Find links in the given text and pass them to the given callback function.
 *
 * @param string $text
 * @param function($text, $arg) $callback: return replacement text
 * @param mixed $arg: optional argument will be passed on to the callback
 */
function common_replace_urls_callback($text, $callback, $arg = null) {
952 953 954 955 956 957 958
    $geouri_labeltext_regex = '\pN\pL\-';
    $geouri_mark_regex = '\-\_\.\!\~\*\\\'\(\)';    // the \\\' is really pretty
    $geouri_unreserved_regex = '\pN\pL' . $geouri_mark_regex;
    $geouri_punreserved_regex = '\[\]\:\&\+\$';
    $geouri_pctencoded_regex = '(?:\%[0-9a-fA-F][0-9a-fA-F])';
    $geouri_paramchar_regex = $geouri_unreserved_regex . $geouri_punreserved_regex; //FIXME: add $geouri_pctencoded_regex here so it works

959
    // Start off with a regex
960
    $regex = '#'.
961
    '(?:^|[\s\<\>\(\)\[\]\{\}\\\'\\\";]+)(?![\@\!\#])'.
962
    '('.
963
        '(?:'.
964 965
            '(?:'. //Known protocols
                '(?:'.
mmn's avatar
mmn committed
966
                    '(?:(?:' . implode('|', common_url_schemes(_URL_SCHEME_COLON_DOUBLE_SLASH)) . ')://)'.
967
                    '|'.
mmn's avatar
mmn committed
968
                    '(?:(?:' . implode('|', common_url_schemes(_URL_SCHEME_SINGLE_COLON)) . '):)'.
969
                ')'.
970
                '(?:[\pN\pL\-\_\+\%\~]+(?::[\pN\pL\-\_\+\%\~]+)?\@)?'. //user:pass@
971 972 973 974 975 976
                '(?:'.
                    '(?:'.
                        '\[[\pN\pL\-\_\:\.]+(?<![\.\:])\]'. //[dns]
                    ')|(?:'.
                        '[\pN\pL\-\_\:\.]+(?<![\.\:])'. //dns
                    ')'.
977
                ')'.
978
            ')'.
979 980 981 982 983 984 985 986 987 988
            '|(?:'.
                '(?:' . implode('|', common_url_schemes(_URL_SCHEME_COLON_COORDINATES)) . '):'.
                // There's an order that must be followed here too, if ;crs= is used, it must precede ;u=
                // Also 'crsp' (;crs=$crsp) must match $geouri_labeltext_regex
                // Also 'uval' (;u=$uval) must be a pnum: \-?[0-9]+
                '(?:'.
                    '(?:[0-9]+(?:\.[0-9]+)?(?:\,[0-9]+(?:\.[0-9]+)?){1,2})'.    // 1(.23)?(,4(.56)){1,2}
                    '(?:\;(?:['.$geouri_labeltext_regex.']+)(?:\=['.$geouri_paramchar_regex.']+)*)*'.
                ')'.
            ')'.
mmn's avatar
mmn committed
989
            // URLs without domain name, like magnet:?xt=...
mmn's avatar
mmn committed
990
            '|(?:(?:' . implode('|', common_url_schemes(_URL_SCHEME_NO_DOMAIN)) . '):(?=\?))'.  // zero-length lookahead requires ? after :
991 992 993 994 995 996 997 998
            (common_config('linkify', 'bare_ipv4')   // Convert IPv4 addresses to hyperlinks
                ? '|(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)'
                : '').
            (common_config('linkify', 'bare_ipv6')   // Convert IPv6 addresses to hyperlinks
                ? '|(?:'. //IPv6
                    '\[?(?:(?:(?:[0-9A-Fa-f]{1,4}:){7}(?:(?:[0-9A-Fa-f]{1,4})|:))|(?:(?:[0-9A-Fa-f]{1,4}:){6}(?::|(?:(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})(?:\.(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})|(?::[0-9A-Fa-f]{1,4})))|(?:(?:[0-9A-Fa-f]{1,4}:){5}(?:(?::(?:(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})(?:\.(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|(?:(?::[0-9A-Fa-f]{1,4}){1,2})))|(?:(?:[0-9A-Fa-f]{1,4}:){4}(?::[0-9A-Fa-f]{1,4}){0,1}(?:(?::(?:(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})(?:\.(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|(?:(?::[0-9A-Fa-f]{1,4}){1,2})))|(?:(?:[0-9A-Fa-f]{1,4}:){3}(?::[0-9A-Fa-f]{1,4}){0,2}(?:(?::(?:(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})(?:\.(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|(?:(?::[0-9A-Fa-f]{1,4}){1,2})))|(?:(?:[0-9A-Fa-f]{1,4}:){2}(?::[0-9A-Fa-f]{1,4}){0,3}(?:(?::(?:(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})(?:\.(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|(?:(?::[0-9A-Fa-f]{1,4}){1,2})))|(?:(?:[0-9A-Fa-f]{1,4}:)(?::[0-9A-Fa-f]{1,4}){0,4}(?:(?::(?:(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})(?:\.(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|(?:(?::[0-9A-Fa-f]{1,4}){1,2})))|(?::(?::[0-9A-Fa-f]{1,4}){0,5}(?:(?::(?:(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})(?:\.(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|(?:(?::[0-9A-Fa-f]{1,4}){1,2})))|(?:(?:(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})(?:\.(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})))\]?(?<!:)'.
                    ')'
                : '').
999 1000 1001 1002 1003 1004 1005 1006
            (common_config('linkify', 'bare_domains')
                ? '|(?:'. //DNS
                    '(?:[\pN\pL\-\_\+\%\~]+(?:\:[\pN\pL\-\_\+\%\~]+)?\@)?'. //user:pass@
                    '[\pN\pL\-\_]+(?:\.[\pN\pL\-\_]+)*\.'.
                    //tld list from http://data.iana.org/TLD/tlds-alpha-by-domain.txt, also added local, loc, and onion
                    '(?:AC|AD|AE|AERO|AF|AG|AI|AL|AM|AN|AO|AQ|AR|ARPA|AS|ASIA|AT|AU|AW|AX|AZ|BA|BB|BD|BE|BF|BG|BH|BI|BIZ|BJ|BM|BN|BO|BR|BS|BT|BV|BW|BY|BZ|CA|CAT|CC|CD|CF|CG|CH|CI|CK|CL|CM|CN|CO|COM|COOP|CR|CU|CV|CX|CY|CZ|DE|DJ|DK|DM|DO|DZ|EC|EDU|EE|EG|ER|ES|ET|EU|FI|FJ|FK|FM|FO|FR|GA|GB|GD|GE|GF|GG|GH|GI|GL|GM|GN|GOV|GP|GQ|GR|GS|GT|GU|GW|GY|HK|HM|HN|HR|HT|HU|ID|IE|IL|IM|IN|INFO|INT|IO|IQ|IR|IS|IT|JE|JM|JO|JOBS|JP|KE|KG|KH|KI|KM|KN|KP|KR|KW|KY|KZ|LA|LB|LC|LI|LK|LR|LS|LT|LU|LV|LY|MA|MC|MD|ME|MG|MH|MIL|MK|ML|MM|MN|MO|MOBI|MP|MQ|MR|MS|MT|MU|MUSEUM|MV|MW|MX|MY|MZ|NA|NAME|NC|NE|NET|NF|NG|NI|NL|NO|NP|NR|NU|NZ|OM|ORG|PA|PE|PF|PG|PH|PK|PL|PM|PN|PR|PRO|PS|PT|PW|PY|QA|RE|RO|RS|RU|RW|SA|SB|SC|SD|SE|SG|SH|SI|SJ|SK|SL|SM|SN|SO|SR|ST|SU|SV|SY|SZ|TC|TD|TEL|TF|TG|TH|TJ|TK|TL|TM|TN|TO|TP|TR|TRAVEL|TT|TV|TW|TZ|UA|UG|UK|US|UY|UZ|VA|VC|VE|VG|VI|VN|VU|WF|WS|XN--0ZWM56D|测试|XN--11B5BS3A9AJ6G|परीक्षा|XN--80AKHBYKNJ4F|испытание|XN--9T4B11YI5A|테스트|XN--DEBA0AD|טעסט|XN--G6W251D|測試|XN--HGBK6AJ7F53BBA|آزمایشی|XN--HLCJ6AYA9ESC7A|பரிட்சை|XN--JXALPDLP|δοκιμή|XN--KGBECHTV|إختبار|XN--ZCKZAH|テスト|YE|YT|YU|ZA|ZM|ZONE|ZW|local|loc|onion)'.
            ')(?![\pN\pL\-\_])'
                : '') . // if common_config('linkify', 'bare_domains') is false, don't add anything here
1007
        ')'.
1008
        '(?:'.
1009
            '(?:\:\d+)?'. //:port
1010 1011 1012
            '(?:/[\pN\pL$\,\!\(\)\.\:\-\_\+\/\=\&\;\%\~\*\$\+\'@]*)?'. // /path
            '(?:\?[\pN\pL\$\,\!\(\)\.\:\-\_\+\/\=\&\;\%\~\*\$\+\'@\/]*)?'. // ?query string
            '(?:\#[\pN\pL$\,\!\(\)\.\:\-\_\+\/\=\&\;\%\~\*\$\+\'\@/\?\#]*)?'. // #fragment
1013
        ')(?<![\?\.\,\#\,])'.
1014
    ')'.
1015
    '#ixu';
1016
    //preg_match_all($regex,$text,$matches);
1017
    //print_r($matches);
1018
    return preg_replace_callback($regex, curry('callback_helper',$callback,$arg) ,$text);
1019
}
1020

1021 1022 1023 1024 1025 1026 1027 1028
/**
 * Intermediate callback for common_replace_links(), helps resolve some
 * ambiguous link forms before passing on to the final callback.
 *
 * @param array $matches
 * @param callable $callback
 * @param mixed $arg optional argument to pass on as second param to callback
 * @return string
1029
 *
1030 1031 1032
 * @access private
 */
function callback_helper($matches, $callback, $arg=null) {
1033
    $url=$matches[1];
1034 1035
    $left = strpos($matches[0],$url);
    $right = $left+strlen($url);
1036

1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048
    $groupSymbolSets=array(
        array(
            'left'=>'(',
            'right'=>')'
        ),
        array(
            'left'=>'[',
            'right'=>']'
        ),
        array(
            'left'=>'{',
            'right'=>'}'
1049 1050 1051 1052
        ),
        array(
            'left'=>'<',
            'right'=>'>'
1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073
        )
    );
    $cannotEndWith=array('.','?',',','#');
    $original_url=$url;
    do{
        $original_url=$url;
        foreach($groupSymbolSets as $groupSymbolSet){
            if(substr($url,-1)==$groupSymbolSet['right']){
                $group_left_count = substr_count($url,$groupSymbolSet['left']);
                $group_right_count = substr_count($url,$groupSymbolSet['right']);
                if($group_left_count<$group_right_count){
                    $right-=1;
                    $url=substr($url,0,-1);
                }
            }
        }
        if(in_array(substr($url,-1),$cannotEndWith)){
            $right-=1;
            $url=substr($url,0,-1);
        }
    }while($original_url!=$url);
1074

1075
    $result = call_user_func_array($callback, array($url, $arg));
1076
    return substr($matches[0],0,$left) . $result . substr($matches[0],$right);
1077
}
1078

1079
require_once INSTALLDIR . "/lib/curry.php";
1080 1081

function common_linkify($url) {
1082 1083 1084
    // It comes in special'd, so we unspecial it before passing to the stringifying
    // functions
    $url = htmlspecialchars_decode($url);
1085

1086 1087 1088 1089 1090
    if (strpos($url, '@') !== false && strpos($url, ':') === false && Validate::email($url)) {
        //url is an email address without the mailto: protocol
        $canon = "mailto:$url";
        $longurl = "mailto:$url";
    } else {
1091
        $canon = File_redirection::_canonUrl($url);
1092
        $longurl_data = File_redirection::where($canon, common_config('attachments', 'process_links'));
hannes's avatar
hannes committed
1093 1094 1095 1096 1097 1098 1099
        
        if(isset($longurl_data->redir_url)) {
			$longurl = $longurl_data->redir_url;
        } else {
            // e.g. local files
	        $longurl = $longurl_data->url;
        }
1100
    }
hannes's avatar
hannes committed
1101 1102
    
    $attrs = array('href' => $longurl, 'title' => $longurl);
1103

1104 1105 1106 1107
    $is_attachment = false;
    $attachment_id = null;
    $has_thumb = false;

1108
    // Check to see whether this is a known "attachment" URL.
1109

mmn's avatar
mmn committed
1110 1111 1112
    try {
        $f = File::getByUrl($longurl);
    } catch (NoResultException $e) {
1113 1114
        if (common_config('attachments', 'process_links')) {
            // XXX: this writes to the database. :<
1115 1116 1117 1118 1119
            try {
                $f = File::processNew($longurl);
            } catch (ServerException $e) {
                $f = null;
            }
1120
        }
1121 1122
    }

1123 1124 1125
    if ($f instanceof File) {
        try {
            $enclosure = $f->getEnclosure();
1126
            $is_attachment = true;
1127
            $attachment_id = $f->id;
1128

1129
            $thumb = File_thumbnail::getKV('file_id', $f->id);
1130 1131 1132
            $has_thumb = ($thumb instanceof File_thumbnail);
        } catch (ServerException $e) {
            // There was not enough metadata available
1133 1134 1135 1136 1137 1138 1139
        }
    }

    // Add clippy
    if ($is_attachment) {
        $attrs['class'] = 'attachment';
        if ($has_thumb) {
1140 1141
            $attrs['class'] = 'attachment thumbnail';
        }
1142
        $attrs['id'] = "attachment-{$attachment_id}";
1143
    }
1144

1145 1146 1147 1148 1149 1150 1151 1152 1153 1154
    // Whether to nofollow

    $nf = common_config('nofollow', 'external');

    if ($nf == 'never') {
        $attrs['rel'] = 'external';
    } else {
        $attrs['rel'] = 'nofollow external';
    }

1155
    return XMLStringer::estring('a', $attrs, $url);
1156 1157
}

1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174
/**
 * Find and shorten links in a given chunk of text if it's longer than the
 * configured notice content limit (or unconditionally).
 *
 * Side effects: may save file and file_redirection records for referenced URLs.
 *
 * Pass the $user option or call $user->shortenLinks($text) to ensure the proper
 * user's options are used; otherwise the current web session user's setitngs
 * will be used or ur1.ca if there is no active web login.
 *
 * @param string $text
 * @param boolean $always (optional)
 * @param User $user (optional)
 *
 * @return string
 */
function common_shorten_links($text, $always = false, User $user=null)
1175
{
1176 1177 1178
    if ($user === null) {
        $user = common_current_user();
    }
1179 1180 1181

    $maxLength = User_urlshortener_prefs::maxNoticeLength($user);

1182
    if ($always || ($maxLength != -1 && mb_strlen($text) > $maxLength)) {
1183
        return common_replace_urls_callback($text, array('File_redirection', 'forceShort'), $user);
1184
    } else {
1185
        return common_replace_urls_callback($text, array('File_redirection', 'makeShort'), $user);
1186
    }
1187 1188
}

1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201
/**
 * Very basic stripping of invalid UTF-8 input text.
 *
 * @param string $str
 * @return mixed string or null if invalid input
 *
 * @todo ideally we should drop bad chars, and maybe do some of the checks
 *       from common_xml_safe_str. But we can't strip newlines, etc.
 * @todo Unicode normalization might also be useful, but not needed now.
 */
function common_validate_utf8($str)
{
    // preg_replace will return NULL on invalid UTF-8 input.
1202 1203 1204 1205 1206 1207
    //
    // Note: empty regex //u also caused NULL return on some
    // production machines, but none of our test machines.
    //
    // This should be replaced with a more reliable check.
    return preg_replace('/\x00/u', '', $str);
1208 1209 1210 1211 1212 1213 1214 1215
}

/**
 * Make sure an arbitrary string is safe for output in XML as a single line.
 *
 * @param string $str
 * @return string
 */
1216 1217
function common_xml_safe_str($str)
{
1218 1219 1220 1221 1222 1223 1224 1225 1226 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239
    // Replace common eol and extra whitespace input chars
    $unWelcome = array(
        "\t",  // tab
        "\n",  // newline
        "\r",  // cr
        "\0",  // null byte eos
        "\x0B" // vertical tab
    );

    $replacement = array(
        ' ', // single space
        ' ',
        '',  // nothing
        '',
        ' '
    );

    $str = str_replace($unWelcome, $replacement, $str);

    // Neutralize any additional control codes and UTF-16 surrogates
    // (Twitter uses '*')
    return preg_replace('/[\p{Cc}\p{Cs}]/u', '*', $str);
1240 1241
}

1242 1243
function common_slugify($str)
{
1244 1245 1246 1247 1248 1249 1250
    // php5-intl is highly recommended...
    if (!function_exists('transliterator_transliterate')) {
        $str = preg_replace('/[^\pL\pN]/u', '', $str);
        $str = mb_convert_case($str, MB_CASE_LOWER, 'UTF-8');
        $str = substr($str, 0, 64);
        return $str;
    }
1251 1252 1253 1254 1255 1256 1257 1258 1259 1260 1261 1262
    $str = transliterator_transliterate(
                        'Any-Latin;' .      // any charset to latin compatible
                            'NFD;' .        // decompose
                            '[:Nonspacing Mark:] Remove;' . // remove nonspacing marks (accents etc.)
                            'NFC;' .        // composite again
                            '[:Punctuation:] Remove;' . // remove punctuation (.,¿? etc.)
                            'Lower();' .    // turn into lowercase
                            'Latin-ASCII;',  // get ASCII equivalents (ð to d for example)
                        $str);
    return preg_replace('/[^\pL\pN]/', '', $str);
}

1263 1264
function common_tag_link($tag)
{
1265
    $canonical = common_canonical_tag($tag);
1266 1267
    if (common_config('singleuser', 'enabled')) {
        // regular TagAction isn't set up in 1user mode
1268
        $nickname = User::singleUserNickname();
1269
        $url = common_local_url('showstream',
1270
                                array('nickname' => $nickname,
1271 1272 1273 1274
                                      'tag' => $canonical));
    } else {
        $url = common_local_url('tag', array('tag' => $canonical));
    }
1275 1276 1277 1278 1279
    $xs = new XMLStringer();
    $xs->elementStart('span', 'tag');
    $xs->element('a', array('href' => $url,
                            'rel' => 'tag'),
                 $tag);
1280
    $xs->elementEnd('span');
1281
    return $xs->getString();
1282 1283
}

1284 1285
function common_canonical_tag($tag)
{
1286 1287 1288
    $tag = common_slugify($tag);
    $tag = substr($tag, 0, 64);
    return $tag;
1289 1290
}

1291 1292
function common_valid_profile_tag($str)
{
1293
    return preg_match('/^[A-Za-z0-9_\-\.]{1,64}$/', $str);
1294 1295
}

1296 1297 1298 1299 1300 1301 1302 1303 1304 1305 1306 1307 1308 1309 1310 1311 1312
/**
 * Resolve an ambiguous profile nickname reference, checking in following order:
 * - profiles that $sender subscribes to
 * - profiles that subscribe to $sender
 * - local user profiles
 *
 * WARNING: does not validate or normalize $nickname -- MUST BE PRE-VALIDATED
 * OR THERE MAY BE A RISK OF SQL INJECTION ATTACKS. THIS FUNCTION DOES NOT
 * ESCAPE SQL.
 *
 * @fixme validate input
 * @fixme escape SQL
 * @fixme fix or remove mystery third parameter
 * @fixme is $sender a User or Profile?
 *
 * @param <type> $sender the user or profile in whose context we're looking
 * @param string $nickname validated nickname of
1313
 * @param <type> $dt unused mystery parameter; in Notice reply-to handling a timestamp is passed.
1314 1315 1316
 *
 * @return Profile or null
 */
1317 1318
function common_relative_profile($sender, $nickname, $dt=null)
{
1319 1320 1321
    // Will throw exception on invalid input.
    $nickname = Nickname::normalize($nickname);

1322 1323 1324
    // Try to find profiles this profile is subscribed to that have this nickname
    $recipient = new Profile();
    // XXX: use a join instead of a subquery
1325 1326
    $recipient->whereAdd('EXISTS (SELECT subscribed from subscription where subscriber = '.intval($sender->id).' and subscribed = id)', 'AND');
    $recipient->whereAdd("nickname = '" . $recipient->escape($nickname) . "'", 'AND');
Evan Prodromou's avatar
Evan Prodromou committed
1327
    if ($recipient->find(true)) {
1328 1329 1330 1331 1332 1333 1334
        // XXX: should probably differentiate between profiles with
        // the same name by date of most recent update
        return $recipient;
    }
    // Try to find profiles that listen to this profile and that have this nickname
    $recipient = new Profile();
    // XXX: use a join instead of a subquery
1335 1336
    $recipient->whereAdd('EXISTS (SELECT subscriber from subscription where subscribed = '.intval($sender->id).' and subscriber = id)', 'AND');
    $recipient->whereAdd("nickname = '" . $recipient->escape($nickname) . "'", 'AND');
Evan Prodromou's avatar
Evan Prodromou committed
1337
    if ($recipient->find(true)) {
1338 1339 1340 1341 1342
        // XXX: should probably differentiate between profiles with
        // the same name by date of most recent update
        return $recipient;
    }
    // If this is a local user, try to find a local user with that nickname.
1343
    $sender = User::getKV('id', $sender->id);
1344
    if ($sender instanceof User) {
1345
        $recipient_user = User::getKV('nickname', $nickname);
1346
        if ($recipient_user instanceof User) {
1347 1348 1349 1350 1351 1352 1353
            return $recipient_user->getProfile();
        }
    }
    // Otherwise, no links. @messages from local users to remote users,
    // or from remote users to other remote users, are just
    // outside our ability to make intelligent guesses about
    return null;
1354 1355
}

1356
function common_local_url($action, $args=null, $params=null, $fragment=null, $addSession=true)
1357
{
1358 1359 1360
    if (Event::handle('StartLocalURL', array(&$action, &$params, &$fragment, &$addSession, &$url))) {
        $r = Router::get();
        $path = $r->build($action, $args, $params, $fragment);