util.php 83.4 KB
Newer Older
1
<?php
Evan Prodromou's avatar
Evan Prodromou committed
2
/*
3
 * StatusNet - the distributed open-source microblogging tool
4
 * Copyright (C) 2008-2011, StatusNet, Inc.
Evan Prodromou's avatar
Evan Prodromou committed
5
 *
6 7 8 9
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
Evan Prodromou's avatar
Evan Prodromou committed
10
 *
11 12 13 14
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
Evan Prodromou's avatar
Evan Prodromou committed
15
 *
16 17 18 19
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

20
/* XXX: break up into separate modules (HTTP, user, files) */
21

22 23 24
/**
 * Show a server error.
 */
25 26
function common_server_error($msg, $code=500)
{
27 28
    $err = new ServerErrorAction($msg, $code);
    $err->showPage();
29 30
}

31 32 33
/**
 * Show a user error.
 */
34 35
function common_user_error($msg, $code=400)
{
36 37
    $err = new ClientErrorAction($msg, $code);
    $err->showPage();
38 39
}

40 41 42
/**
 * This should only be used at setup; processes switching languages
 * to send text to other users should use common_switch_locale().
43
 *
44 45 46 47
 * @param string $language Locale language code (optional; empty uses
 *                         current user's preference or site default)
 * @return mixed success
 */
48 49
function common_init_locale($language=null)
{
50 51 52 53 54
    if(!$language) {
        $language = common_language();
    }
    putenv('LANGUAGE='.$language);
    putenv('LANG='.$language);
55
    $ok =  setlocale(LC_ALL, $language . ".utf8",
56 57 58 59
                     $language . ".UTF8",
                     $language . ".utf-8",
                     $language . ".UTF-8",
                     $language);
60 61

    return $ok;
62 63
}

64 65 66
/**
 * Initialize locale and charset settings and gettext with our message catalog,
 * using the current user's language preference or the site default.
67
 *
68 69
 * This should generally only be run at framework initialization; code switching
 * languages at runtime should call common_switch_language().
70
 *
71 72
 * @access private
 */
73 74
function common_init_language()
{
75
    mb_internal_encoding('UTF-8');
76

77 78
    // Note that this setlocale() call may "fail" but this is harmless;
    // gettext will still select the right language.
79 80
    $language = common_language();
    $locale_set = common_init_locale($language);
81

82 83 84 85 86 87 88 89 90 91 92 93
    if (!$locale_set) {
        // The requested locale doesn't exist on the system.
        //
        // gettext seems very picky... We first need to setlocale()
        // to a locale which _does_ exist on the system, and _then_
        // we can set in another locale that may not be set up
        // (say, ga_ES for Galego/Galician) it seems to take it.
        //
        // For some reason C and POSIX which are guaranteed to work
        // don't do the job. en_US.UTF-8 should be there most of the
        // time, but not guaranteed.
        $ok = common_init_locale("en_US");
94 95
        if (!$ok && strtolower(substr(PHP_OS, 0, 3)) != 'win') {
            // Try to find a complete, working locale on Unix/Linux...
96 97 98 99 100 101 102 103 104 105 106
            // @fixme shelling out feels awfully inefficient
            // but I don't think there's a more standard way.
            $all = `locale -a`;
            foreach (explode("\n", $all) as $locale) {
                if (preg_match('/\.utf[-_]?8$/i', $locale)) {
                    $ok = setlocale(LC_ALL, $locale);
                    if ($ok) {
                        break;
                    }
                }
            }
107 108 109
        }
        if (!$ok) {
            common_log(LOG_ERR, "Unable to find a UTF-8 locale on this system; UI translations may not work.");
110 111 112 113
        }
        $locale_set = common_init_locale($language);
    }

114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139
    common_init_gettext();
}

/**
 * @access private
 */
function common_init_gettext()
{
    setlocale(LC_CTYPE, 'C');
    // So we do not have to make people install the gettext locales
    $path = common_config('site','locale_path');
    bindtextdomain("statusnet", $path);
    bind_textdomain_codeset("statusnet", "UTF-8");
    textdomain("statusnet");
}

/**
 * Switch locale during runtime, and poke gettext until it cries uncle.
 * Otherwise, sometimes it doesn't actually switch away from the old language.
 *
 * @param string $language code for locale ('en', 'fr', 'pt_BR' etc)
 */
function common_switch_locale($language=null)
{
    common_init_locale($language);

140
    setlocale(LC_CTYPE, 'C');
141
    // So we do not have to make people install the gettext locales
142 143
    $path = common_config('site','locale_path');
    bindtextdomain("statusnet", $path);
144 145
    bind_textdomain_codeset("statusnet", "UTF-8");
    textdomain("statusnet");
146 147
}

148 149
function common_timezone()
{
150 151 152 153 154 155
    if (common_logged_in()) {
        $user = common_current_user();
        if ($user->timezone) {
            return $user->timezone;
        }
    }
156

157
    return common_config('site', 'timezone');
158 159
}

160 161 162 163 164 165 166 167 168 169 170 171 172 173
function common_valid_language($lang)
{
    if ($lang) {
        // Validate -- we don't want to end up with a bogus code
        // left over from some old junk.
        foreach (common_config('site', 'languages') as $code => $info) {
            if ($info['lang'] == $lang) {
                return true;
            }
        }
    }
    return false;
}

174 175
function common_language()
{
176 177 178 179 180 181 182 183
    // Allow ?uselang=xx override, very useful for debugging
    // and helping translators check usage and context.
    if (isset($_GET['uselang'])) {
        $uselang = strval($_GET['uselang']);
        if (common_valid_language($uselang)) {
            return $uselang;
        }
    }
184

185 186
    // If there is a user logged in and they've set a language preference
    // then return that one...
187
    if (_have_config() && common_logged_in()) {
188
        $user = common_current_user();
189 190 191

        if (common_valid_language($user->language)) {
            return $user->language;
192
        }
193
    }
194

195 196
    // Otherwise, find the best match for the languages requested by the
    // user's browser...
Brion Vibber's avatar
Brion Vibber committed
197 198 199 200 201 202 203
    if (common_config('site', 'langdetect')) {
        $httplang = isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? $_SERVER['HTTP_ACCEPT_LANGUAGE'] : null;
        if (!empty($httplang)) {
            $language = client_prefered_language($httplang);
            if ($language)
              return $language;
        }
204
    }
205

206 207
    // Finally, if none of the above worked, use the site's default...
    return common_config('site', 'language');
208
}
209

210 211 212
/**
 * Salted, hashed passwords are stored in the DB.
 */
213
function common_munge_password($password, Profile $profile=null)
214
{
215 216 217 218 219 220 221
    $hashed = null;

    if (Event::handle('StartHashPassword', array(&$hashed, $password, $profile))) {
        Event::handle('EndHashPassword', array(&$hashed, $password, $profile));
    }
    if (empty($hashed)) {
        throw new PasswordHashException();
222
    }
223 224

    return $hashed;
225 226
}

227 228 229
/**
 * Check if a username exists and has matching password.
 */
230 231
function common_check_user($nickname, $password)
{
232 233 234 235 236
    // empty nickname always unacceptable
    if (empty($nickname)) {
        return false;
    }

237 238 239
    $authenticatedUser = false;

    if (Event::handle('StartCheckPassword', array($nickname, $password, &$authenticatedUser))) {
240 241

        if (common_is_email($nickname)) {
242
            $user = User::getKV('email', common_canonical_email($nickname));
243
        } else {
244
            $user = User::getKV('nickname', Nickname::normalize($nickname));
245 246
        }

247
        if ($user instanceof User && !empty($password)) {
248
            if (0 == strcmp(common_munge_password($password, $user->getProfile()), $user->password)) {
249 250
                //internal checking passed
                $authenticatedUser = $user;
251 252
            }
        }
253
    }
254
    Event::handle('EndCheckPassword', array($nickname, $password, $authenticatedUser));
255 256

    return $authenticatedUser;
257 258
}

259 260 261
/**
 * Is the current user logged in?
 */
262 263
function common_logged_in()
{
264
    return (!is_null(common_current_user()));
265 266
}

267 268
function common_local_referer()
{
269 270
    return isset($_SERVER['HTTP_REFERER'])
            && parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) === common_config('site', 'server');
271 272
}

273 274
function common_have_session()
{
275
    return (0 != strcmp(session_id(), ''));
276 277
}

278 279
function common_ensure_session()
{
Evan Prodromou's avatar
Evan Prodromou committed
280
    $c = null;
281
    if (array_key_exists(session_name(), $_COOKIE)) {
Evan Prodromou's avatar
Evan Prodromou committed
282 283
        $c = $_COOKIE[session_name()];
    }
284
    if (!common_have_session()) {
285 286 287
        if (common_config('sessions', 'handle')) {
            Session::setSaveHandler();
        }
Evan Prodromou's avatar
Evan Prodromou committed
288 289 290 291 292 293 294 295
	if (array_key_exists(session_name(), $_GET)) {
	    $id = $_GET[session_name()];
	} else if (array_key_exists(session_name(), $_COOKIE)) {
	    $id = $_COOKIE[session_name()];
	}
	if (isset($id)) {
	    session_id($id);
	}
296
        @session_start();
Evan Prodromou's avatar
Evan Prodromou committed
297 298
        if (!isset($_SESSION['started'])) {
            $_SESSION['started'] = time();
Evan Prodromou's avatar
Evan Prodromou committed
299
            if (!empty($id)) {
Evan Prodromou's avatar
Evan Prodromou committed
300 301 302 303
                common_log(LOG_WARNING, 'Session cookie "' . $_COOKIE[session_name()] . '" ' .
                           ' is set but started value is null');
            }
        }
304
    }
305 306
}

307 308 309 310
// Three kinds of arguments:
// 1) a user object
// 2) a nickname
// 3) null to clear
311

312
// Initialize to false; set to null if none found
313 314
$_cur = false;

315 316
function common_set_user($user)
{
317 318
    global $_cur;

319 320 321 322 323 324
    if (is_null($user) && common_have_session()) {
        $_cur = null;
        unset($_SESSION['userid']);
        return true;
    } else if (is_string($user)) {
        $nickname = $user;
325
        $user = User::getKV('nickname', $nickname);
326
    } else if (!$user instanceof User) {
327 328 329 330
        return false;
    }

    if ($user) {
331
        if (Event::handle('StartSetUser', array(&$user))) {
332 333
            if (!empty($user)) {
                if (!$user->hasRight(Right::WEBLOGIN)) {
334
                    // TRANS: Authorisation exception thrown when a user a not allowed to login.
335 336
                    throw new AuthorizationException(_('Not allowed to log in.'));
                }
337 338 339 340 341 342 343
                common_ensure_session();
                $_SESSION['userid'] = $user->id;
                $_cur = $user;
                Event::handle('EndSetUser', array($user));
                return $_cur;
            }
        }
344 345
    }
    return false;
346 347
}

348 349
function common_set_cookie($key, $value, $expiration=0)
{
350 351
    $path = common_config('site', 'path');
    $server = common_config('site', 'server');
352

353 354 355 356 357 358 359 360 361
    if ($path && ($path != '/')) {
        $cookiepath = '/' . $path . '/';
    } else {
        $cookiepath = '/';
    }
    return setcookie($key,
                     $value,
                     $expiration,
                     $cookiepath,
362
                     $server,
mmn's avatar
mmn committed
363
                     GNUsocial::useHTTPS());
364 365 366
}

define('REMEMBERME', 'rememberme');
367
define('REMEMBERME_EXPIRY', 30 * 24 * 60 * 60); // 30 days
368

369 370
function common_rememberme($user=null)
{
371 372 373 374 375 376
    if (!$user) {
        $user = common_current_user();
        if (!$user) {
            return false;
        }
    }
377

378
    $rm = new Remember_me();
379

380
    $rm->code = common_random_hexstr(16);
381
    $rm->user_id = $user->id;
382

383
    // Wrap the insert in some good ol' fashioned transaction code
384 385 386

    $rm->query('BEGIN');

387
    $result = $rm->insert();
388

389 390
    if (!$result) {
        common_log_db_error($rm, 'INSERT', __FILE__);
391
        $rm->query('ROLLBACK');
392
        return false;
393 394
    }

395 396
    $rm->query('COMMIT');

397 398
    $cookieval = $rm->user_id . ':' . $rm->code;

399
    common_log(LOG_INFO, 'adding rememberme cookie "' . $cookieval . '" for ' . $user->nickname);
400

401
    common_set_cookie(REMEMBERME, $cookieval, time() + REMEMBERME_EXPIRY);
402

403
    return true;
404 405
}

406 407
function common_remembered_user()
{
408
    $user = null;
409

410
    $packed = isset($_COOKIE[REMEMBERME]) ? $_COOKIE[REMEMBERME] : null;
411

412 413
    if (!$packed) {
        return null;
414 415 416 417 418
    }

    list($id, $code) = explode(':', $packed);

    if (!$id || !$code) {
419
        common_log(LOG_WARNING, 'Malformed rememberme cookie: ' . $packed);
420
        common_forgetme();
421
        return null;
422 423
    }

424
    $rm = Remember_me::getKV('code', $code);
425 426

    if (!$rm) {
427
        common_log(LOG_WARNING, 'No such remember code: ' . $code);
428
        common_forgetme();
429
        return null;
430 431 432
    }

    if ($rm->user_id != $id) {
433
        common_log(LOG_WARNING, 'Rememberme code for wrong user: ' . $rm->user_id . ' != ' . $id);
434
        common_forgetme();
435
        return null;
436 437
    }

438
    $user = User::getKV('id', $rm->user_id);
439

440
    if (!$user instanceof User) {
441
        common_log(LOG_WARNING, 'No such user for rememberme: ' . $rm->user_id);
442
        common_forgetme();
443
        return null;
444 445
    }

446
    // successful!
447 448 449 450
    $result = $rm->delete();

    if (!$result) {
        common_log_db_error($rm, 'DELETE', __FILE__);
451
        common_log(LOG_WARNING, 'Could not delete rememberme: ' . $code);
452
        common_forgetme();
453
        return null;
454 455 456 457
    }

    common_log(LOG_INFO, 'logging in ' . $user->nickname . ' using rememberme code ' . $rm->code);

458
    common_set_user($user);
459 460
    common_real_login(false);

461 462
    // We issue a new cookie, so they can log in
    // automatically again after this session
463 464 465

    common_rememberme($user);

466
    return $user;
467 468
}

469 470 471
/**
 * must be called with a valid user!
 */
472 473
function common_forgetme()
{
474
    common_set_cookie(REMEMBERME, '', 0);
475 476
}

477 478 479
/**
 * Who is the current user?
 */
480 481
function common_current_user()
{
482 483
    global $_cur;

484 485 486 487
    if (!_have_config()) {
        return null;
    }

488 489
    if ($_cur === false) {

490 491
        if (isset($_COOKIE[session_name()]) || isset($_GET[session_name()])
            || (isset($_SESSION['userid']) && $_SESSION['userid'])) {
492 493 494
            common_ensure_session();
            $id = isset($_SESSION['userid']) ? $_SESSION['userid'] : false;
            if ($id) {
495 496
                $user = User::getKV('id', $id);
                if ($user instanceof User) {
497 498 499
                	$_cur = $user;
                	return $_cur;
                }
500 501 502
            }
        }

503
        // that didn't work; try to remember; will init $_cur to null on failure
504 505 506
        $_cur = common_remembered_user();

        if ($_cur) {
507
            // XXX: Is this necessary?
508 509 510 511
            $_SESSION['userid'] = $_cur->id;
        }
    }

512
    return $_cur;
513 514
}

515 516 517 518 519
/**
 * Logins that are 'remembered' aren't 'real' -- they're subject to
 * cookie-stealing. So, we don't let them do certain things. New reg,
 * OpenID, and password logins _are_ real.
 */
520 521
function common_real_login($real=true)
{
522 523
    common_ensure_session();
    $_SESSION['real_login'] = $real;
524 525
}

526 527
function common_is_real_login()
{
528
    return common_logged_in() && $_SESSION['real_login'];
529 530
}

531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553
/**
 * Get a hash portion for HTTP caching Etags and such including
 * info on the current user's session. If login/logout state changes,
 * or we've changed accounts, or we've renamed the current user,
 * we'll get a new hash value.
 *
 * This should not be considered secure information.
 *
 * @param User $user (optional; uses common_current_user() if left out)
 * @return string
 */
function common_user_cache_hash($user=false)
{
    if ($user === false) {
        $user = common_current_user();
    }
    if ($user) {
        return crc32($user->id . ':' . $user->nickname);
    } else {
        return '0';
    }
}

554 555 556 557 558
/**
 * get canonical version of nickname for comparison
 *
 * @param string $nickname
 * @return string
559 560 561
 *
 * @throws NicknameException on invalid input
 * @deprecated call Nickname::normalize() directly.
562
 */
563 564
function common_canonical_nickname($nickname)
{
565
    return Nickname::normalize($nickname);
566 567
}

568 569 570 571 572 573 574 575 576
/**
 * get canonical version of email for comparison
 *
 * @fixme actually normalize
 * @fixme reject invalid input
 *
 * @param string $email
 * @return string
 */
577 578
function common_canonical_email($email)
{
579 580 581
    // XXX: canonicalize UTF-8
    // XXX: lcase the domain part
    return $email;
582 583
}

584 585 586 587 588 589 590 591 592
function common_to_alphanumeric($str)
{
    $filtered = preg_replace('/[^A-Za-z0-9]\s*/', '', $str);
    if (strlen($filtered) < 1) {
        throw new Exception('Filtered string was zero-length.');
    }
    return $filtered;
}

593
function common_purify($html, array $args=array())
594
{
mmn's avatar
mmn committed
595
    require_once INSTALLDIR.'/extlib/HTMLPurifier/HTMLPurifier.auto.php';
596

mmn's avatar
mmn committed
597
    $cfg = HTMLPurifier_Config::createDefault();
598 599 600 601 602 603 604 605
    /**
     * rel values that should be avoided since they can be used to infer
     * information about the _current_ page, not the h-entry:
     *
     *      directory, home, license, payment
     *
     * Source: http://microformats.org/wiki/rel
     */
606
    $cfg->set('Attr.AllowedRel', ['bookmark', 'enclosure', 'nofollow', 'tag', 'noreferrer']);
mmn's avatar
mmn committed
607
    $cfg->set('HTML.ForbiddenAttributes', array('style'));  // id, on* etc. are already filtered by default
608
    $cfg->set('URI.AllowedSchemes', array_fill_keys(common_url_schemes(), true));
609 610 611 612
    if (isset($args['URI.Base'])) {
        $cfg->set('URI.Base', $args['URI.Base']);   // if null this is like unsetting it I presume
        $cfg->set('URI.MakeAbsolute', !is_null($args['URI.Base']));   // if we have a URI base, convert relative URLs to absolute ones.
    }
613 614 615
    foreach (common_config('htmlpurifier') as $key=>$val) {
        $cfg->set($key, $val);
    }
616

mmn's avatar
mmn committed
617 618 619
    // Remove more elements than what the default filter removes, default in GNU social are remotely
    // linked resources such as img, video, audio
    $forbiddenElements = array();
620 621
    foreach (common_config('htmlfilter') as $tag=>$filter) {
        if ($filter === true) {
mmn's avatar
mmn committed
622
            $forbiddenElements[] = $tag;
623 624
        }
    }
mmn's avatar
mmn committed
625
    $cfg->set('HTML.ForbiddenElements', $forbiddenElements);
626

627 628
    $html = common_remove_unicode_formatting($html);

mmn's avatar
mmn committed
629 630
    $purifier = new HTMLPurifier($cfg);
    $purified = $purifier->purify($html);
631
    Event::handle('EndCommonPurify', array(&$purified, $html));
hannes's avatar
hannes committed
632 633
    
    return $purified;
634 635 636 637 638 639 640 641 642
}

function common_remove_unicode_formatting($text)
{
    // Strip Unicode text formatting/direction codes
    // this is pretty dangerous for visualisation of text and can be used for mischief
    return preg_replace('/[\\x{200b}-\\x{200f}\\x{202a}-\\x{202e}]/u', '', $text);
}

643 644 645
/**
 * Partial notice markup rendering step: build links to !group references.
 *
646 647 648
 * @param string    $text partially rendered HTML
 * @param Profile   $author the Profile that is composing the current notice
 * @param Notice    $parent the Notice this is sent in reply to, if any
649 650
 * @return string partially rendered HTML
 */
651
function common_render_content($text, Profile $author, Notice $parent=null)
652
{
653
    $text = common_render_text($text);
654
    $text = common_linkify_mentions($text, $author, $parent);
655
    return $text;
656 657
}

658 659 660 661 662 663
/**
 * Finds @-mentions within the partially-rendered text section and
 * turns them into live links.
 *
 * Should generally not be called except from common_render_content().
 *
664 665 666
 * @param string    $text   partially-rendered HTML
 * @param Profile   $author the Profile that is composing the current notice
 * @param Notice    $parent the Notice this is sent in reply to, if any
667 668
 * @return string partially-rendered HTML
 */
669
function common_linkify_mentions($text, Profile $author, Notice $parent=null)
670
{
671
    $mentions = common_find_mentions($text, $author, $parent);
672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689

    // We need to go through in reverse order by position,
    // so our positions stay valid despite our fudging with the
    // string!

    $points = array();

    foreach ($mentions as $mention)
    {
        $points[$mention['position']] = $mention;
    }

    krsort($points);

    foreach ($points as $position => $mention) {

        $linkText = common_linkify_mention($mention);

690
        $text = substr_replace($text, $linkText, $position, $mention['length']);
691 692 693 694 695
    }

    return $text;
}

696
function common_linkify_mention(array $mention)
697 698 699 700 701 702 703 704
{
    $output = null;

    if (Event::handle('StartLinkifyMention', array($mention, &$output))) {

        $xs = new XMLStringer(false);

        $attrs = array('href' => $mention['url'],
705
                       'class' => 'h-card u-url p-nickname '.$mention['type']);
706 707 708 709 710

        if (!empty($mention['title'])) {
            $attrs['title'] = $mention['title'];
        }

mmn's avatar
mmn committed
711
        $xs->element('a', $attrs, $mention['text']);
712 713 714 715 716 717 718 719 720

        $output = $xs->getString();

        Event::handle('EndLinkifyMention', array($mention, &$output));
    }

    return $output;
}

721
function common_get_attentions($text, Profile $sender, Notice $parent=null)
722 723 724 725 726
{
    $mentions = common_find_mentions($text, $sender, $parent);
    $atts = array();
    foreach ($mentions as $mention) {
        foreach ($mention['mentioned'] as $mentioned) {
727
            $atts[$mentioned->getUri()] = $mentioned->getObjectType();
728 729
        }
    }
730 731 732 733 734
    if ($parent instanceof Notice) {
        $parentAuthor = $parent->getProfile();
        // afaik groups can't be authors
        $atts[$parentAuthor->getUri()] = ActivityObject::PERSON;
    }
735 736 737
    return $atts;
}

738
/**
739 740 741 742 743 744
 * Find @-mentions in the given text, using the given notice object as context.
 * References will be resolved with common_relative_profile() against the user
 * who posted the notice.
 *
 * Note the return data format is internal, to be used for building links and
 * such. Should not be used directly; rather, call common_linkify_mentions().
745
 *
746 747 748
 * @param string    $text
 * @param Profile   $sender the Profile that is sending the current text
 * @param Notice    $parent the Notice this text is in reply to, if any
749
 *
750
 * @return array
751 752
 *
 * @access private
753
 */
754
function common_find_mentions($text, Profile $sender, Notice $parent=null)
755
{
756 757
    $mentions = array();

758
    if (Event::handle('StartFindMentions', array($sender, $text, &$mentions))) {
759
        // Get the context of the original notice, if any
760
        $origMentions = array();
761 762
        // Does it have a parent notice for context?
        if ($parent instanceof Notice) {
763 764 765
            foreach ($parent->getAttentionProfiles() as $repliedTo) {
                if (!$repliedTo->isPerson()) {
                    continue;
766
                }
767
                $origMentions[$repliedTo->id] = $repliedTo;
768 769 770
            }
        }

771
        $matches = common_find_mentions_raw($text, '@');
772 773

        foreach ($matches as $match) {
774 775 776 777 778 779
            try {
                $nickname = Nickname::normalize($match[0]);
            } catch (NicknameException $e) {
                // Bogus match? Drop it.
                continue;
            }
780

781 782 783 784 785 786 787 788 789 790 791
			// primarily mention the profiles mentioned in the parent
            $mention_found_in_origMentions = false;
            foreach($origMentions as $origMentionsId=>$origMention) {
                if($origMention->getNickname() == $nickname) {
                    $mention_found_in_origMentions = $origMention;
                    // don't mention same twice! the parent might have mentioned 
                    // two users with same nickname on different instances
                    unset($origMentions[$origMentionsId]);
                    break;
                }
            }
792

793 794 795 796 797
            // Try to get a profile for this nickname.
            // Start with parents mentions, then go to parents sender context
            if ($mention_found_in_origMentions) {
                $mentioned = $mention_found_in_origMentions;            
            } else if ($parent instanceof Notice && $parent->getProfile()->getNickname() === $nickname) {
798
                $mentioned = $parent->getProfile();
799
            } else {
800
                // sets to null if no match
801 802
                $mentioned = common_relative_profile($sender, $nickname);
            }
803

804
            if ($mentioned instanceof Profile) {
805
                try {
806 807 808 809
                    $url = $mentioned->getUri();    // prefer the URI as URL, if it is one.
                    if (!common_valid_http_url($url)) {
                        $url = $mentioned->getUrl();
                    }
810 811
                } catch (InvalidUrlException $e) {
                    $url = common_local_url('userbyid', array('id' => $mentioned->getID()));
812 813 814
                }

                $mention = array('mentioned' => array($mentioned),
815
                                 'type' => 'mention',
816 817
                                 'text' => $match[0],
                                 'position' => $match[1],
818
                                 'length' => mb_strlen($match[0]),
819
                                 'title' => $mentioned->getFullname(),
820 821 822 823 824 825 826 827
                                 'url' => $url);

                $mentions[] = $mention;
            }
        }

        // @#tag => mention of all subscriptions tagged 'tag'

828
        preg_match_all('/'.Nickname::BEFORE_MENTIONS.'@#([\pL\pN_\-\.]{1,64})/',
829
                       $text, $hmatches, PREG_OFFSET_CAPTURE);
830 831
        foreach ($hmatches[1] as $hmatch) {
            $tag = common_canonical_tag($hmatch[0]);
832
            $plist = Profile_list::getByTaggerAndTag($sender->getID(), $tag);
833 834 835 836
            if (!$plist instanceof Profile_list || $plist->private) {
                continue;
            }
            $tagged = $sender->getTaggedSubscribers($tag);
837

838
            $url = common_local_url('showprofiletag',
839
                                    array('nickname' => $sender->getNickname(),
840 841 842
                                          'tag' => $tag));

            $mentions[] = array('mentioned' => $tagged,
843
                                'type'      => 'list',
844 845
                                'text' => $hmatch[0],
                                'position' => $hmatch[1],
846
                                'length' => mb_strlen($hmatch[0]),
847 848
                                'url' => $url);
        }
849

850
        preg_match_all('/'.Nickname::BEFORE_MENTIONS.'!(' . Nickname::DISPLAY_FMT . ')/',
851 852 853 854 855 856 857
                       $text, $hmatches, PREG_OFFSET_CAPTURE);
        foreach ($hmatches[1] as $hmatch) {
            $nickname = Nickname::normalize($hmatch[0]);
            $group = User_group::getForNickname($nickname, $sender);

            if (!$group instanceof User_group || !$sender->isMember($group)) {
                continue;
858
            }
859 860 861

            $profile = $group->getProfile();

862
            $mentions[] = array('mentioned' => array($profile),
863
                                'type'      => 'group',
864 865
                                'text'      => $hmatch[0],
                                'position'  => $hmatch[1],
866
                                'length'    => mb_strlen($hmatch[0]),
867
                                'url'       => $group->permalink(),
868
                                'title'     => $group->getFancyName());
869 870 871 872 873 874 875 876
        }

        Event::handle('EndFindMentions', array($sender, $text, &$mentions));
    }

    return $mentions;
}

877 878 879 880 881
/**
 * Does the actual regex pulls to find @-mentions in text.
 * Should generally not be called directly; for use in common_find_mentions.
 *
 * @param string $text
882
 * @param string $preMention Character(s) that signals a mention ('@', '!'...)
883 884
 * @return array of PCRE match arrays
 */
885
function common_find_mentions_raw($text, $preMention='@')
886 887 888 889 890 891 892 893
{
    $tmatches = array();
    preg_match_all('/^T (' . Nickname::DISPLAY_FMT . ') /',
                   $text,
                   $tmatches,
                   PREG_OFFSET_CAPTURE);

    $atmatches = array();
894
    // the regexp's "(?!\@)" makes sure it doesn't matches the single "@remote" in "@remote@server.com"
895
    preg_match_all('/'.Nickname::BEFORE_MENTIONS.preg_quote($preMention, '/').'(' . Nickname::DISPLAY_FMT . ')\b(?!\@)/',
896 897 898 899 900 901 902 903
                   $text,
                   $atmatches,
                   PREG_OFFSET_CAPTURE);

    $matches = array_merge($tmatches[1], $atmatches[1]);
    return $matches;
}

904 905
function common_render_text($text)
{
906 907
    $text = common_remove_unicode_formatting($text);
    $text = nl2br(htmlspecialchars($text));
908

909 910 911 912
    $text = preg_replace('/[\x{0}-\x{8}\x{b}-\x{c}\x{e}-\x{19}]/', '', $text);
    $text = common_replace_urls_callback($text, 'common_linkify');
    $text = preg_replace_callback('/(^|\&quot\;|\'|\(|\[|\{|\s+)#([\pL\pN_\-\.]{1,64})/u',
                function ($m) { return "{$m[1]}#".common_tag_link($m[2]); }, $text);
913
    // XXX: machine tags
914
    return $text;
Evan Prodromou's avatar
Evan Prodromou committed
915 916
}

mmn's avatar
mmn committed
917 918 919
define('_URL_SCHEME_COLON_DOUBLE_SLASH', 1);
define('_URL_SCHEME_SINGLE_COLON', 2);
define('_URL_SCHEME_NO_DOMAIN', 4);
920
define('_URL_SCHEME_COLON_COORDINATES', 8);
mmn's avatar
mmn committed
921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949

function common_url_schemes($filter=null)
{
    // TODO: move these to $config
    $schemes = [
                'http'      => _URL_SCHEME_COLON_DOUBLE_SLASH,
                'https'     => _URL_SCHEME_COLON_DOUBLE_SLASH,
                'ftp'       => _URL_SCHEME_COLON_DOUBLE_SLASH,
                'ftps'      => _URL_SCHEME_COLON_DOUBLE_SLASH,
                'mms'       => _URL_SCHEME_COLON_DOUBLE_SLASH,
                'rtsp'      => _URL_SCHEME_COLON_DOUBLE_SLASH,
                'gopher'    => _URL_SCHEME_COLON_DOUBLE_SLASH,
                'news'      => _URL_SCHEME_COLON_DOUBLE_SLASH,
                'nntp'      => _URL_SCHEME_COLON_DOUBLE_SLASH,
                'telnet'    => _URL_SCHEME_COLON_DOUBLE_SLASH,
                'wais'      => _URL_SCHEME_COLON_DOUBLE_SLASH,
                'file'      => _URL_SCHEME_COLON_DOUBLE_SLASH,
                'prospero'  => _URL_SCHEME_COLON_DOUBLE_SLASH,
                'webcal'    => _URL_SCHEME_COLON_DOUBLE_SLASH,
                'irc'       => _URL_SCHEME_COLON_DOUBLE_SLASH,
                'ircs'      => _URL_SCHEME_COLON_DOUBLE_SLASH,
                'aim'       => _URL_SCHEME_SINGLE_COLON,
                'bitcoin'   => _URL_SCHEME_SINGLE_COLON,
                'fax'       => _URL_SCHEME_SINGLE_COLON,
                'jabber'    => _URL_SCHEME_SINGLE_COLON,
                'mailto'    => _URL_SCHEME_SINGLE_COLON,
                'tel'       => _URL_SCHEME_SINGLE_COLON,
                'xmpp'      => _URL_SCHEME_SINGLE_COLON,
                'magnet'    => _URL_SCHEME_NO_DOMAIN,
950
                'geo'       => _URL_SCHEME_COLON_COORDINATES,
mmn's avatar
mmn committed
951 952 953 954 955 956 957 958 959 960
                ];

    return array_keys(
            array_filter($schemes,
                function ($scheme) use ($filter) {
                    return is_null($filter) || ($scheme & $filter);
                })
            );
}

961 962 963 964 965 966 967 968
/**
 * Find links in the given text and pass them to the given callback function.
 *
 * @param string $text
 * @param function($text, $arg) $callback: return replacement text
 * @param mixed $arg: optional argument will be passed on to the callback
 */
function common_replace_urls_callback($text, $callback, $arg = null) {
969 970 971 972 973 974 975
    $geouri_labeltext_regex = '\pN\pL\-';
    $geouri_mark_regex = '\-\_\.\!\~\*\\\'\(\)';    // the \\\' is really pretty
    $geouri_unreserved_regex = '\pN\pL' . $geouri_mark_regex;
    $geouri_punreserved_regex = '\[\]\:\&\+\$';
    $geouri_pctencoded_regex = '(?:\%[0-9a-fA-F][0-9a-fA-F])';
    $geouri_paramchar_regex = $geouri_unreserved_regex . $geouri_punreserved_regex; //FIXME: add $geouri_pctencoded_regex here so it works

976
    // Start off with a regex
977
    $regex = '#'.
978
    '(?:^|[\s\<\>\(\)\[\]\{\}\\\'\\\";]+)(?![\@\!\#])'.
979
    '('.
980
        '(?:'.
981 982
            '(?:'. //Known protocols
                '(?:'.
mmn's avatar
mmn committed
983
                    '(?:(?:' . implode('|', common_url_schemes(_URL_SCHEME_COLON_DOUBLE_SLASH)) . ')://)'.
984
                    '|'.
mmn's avatar
mmn committed
985
                    '(?:(?:' . implode('|', common_url_schemes(_URL_SCHEME_SINGLE_COLON)) . '):)'.
986
                ')'.
987
                '(?:[\pN\pL\-\_\+\%\~]+(?::[\pN\pL\-\_\+\%\~]+)?\@)?'. //user:pass@
988 989 990 991 992 993
                '(?:'.
                    '(?:'.
                        '\[[\pN\pL\-\_\:\.]+(?<![\.\:])\]'. //[dns]
                    ')|(?:'.
                        '[\pN\pL\-\_\:\.]+(?<![\.\:])'. //dns
                    ')'.
994
                ')'.
995
            ')'.
996 997 998 999 1000 1001 1002 1003 1004 1005
            '|(?:'.
                '(?:' . implode('|', common_url_schemes(_URL_SCHEME_COLON_COORDINATES)) . '):'.
                // There's an order that must be followed here too, if ;crs= is used, it must precede ;u=
                // Also 'crsp' (;crs=$crsp) must match $geouri_labeltext_regex
                // Also 'uval' (;u=$uval) must be a pnum: \-?[0-9]+
                '(?:'.
                    '(?:[0-9]+(?:\.[0-9]+)?(?:\,[0-9]+(?:\.[0-9]+)?){1,2})'.    // 1(.23)?(,4(.56)){1,2}
                    '(?:\;(?:['.$geouri_labeltext_regex.']+)(?:\=['.$geouri_paramchar_regex.']+)*)*'.
                ')'.
            ')'.
mmn's avatar
mmn committed
1006
            // URLs without domain name, like magnet:?xt=...
mmn's avatar
mmn committed
1007
            '|(?:(?:' . implode('|', common_url_schemes(_URL_SCHEME_NO_DOMAIN)) . '):(?=\?))'.  // zero-length lookahead requires ? after :
1008 1009 1010 1011 1012 1013 1014 1015
            (common_config('linkify', 'bare_ipv4')   // Convert IPv4 addresses to hyperlinks
                ? '|(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)'
                : '').
            (common_config('linkify', 'bare_ipv6')   // Convert IPv6 addresses to hyperlinks
                ? '|(?:'. //IPv6
                    '\[?(?:(?:(?:[0-9A-Fa-f]{1,4}:){7}(?:(?:[0-9A-Fa-f]{1,4})|:))|(?:(?:[0-9A-Fa-f]{1,4}:){6}(?::|(?:(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})(?:\.(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})|(?::[0-9A-Fa-f]{1,4})))|(?:(?:[0-9A-Fa-f]{1,4}:){5}(?:(?::(?:(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})(?:\.(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|(?:(?::[0-9A-Fa-f]{1,4}){1,2})))|(?:(?:[0-9A-Fa-f]{1,4}:){4}(?::[0-9A-Fa-f]{1,4}){0,1}(?:(?::(?:(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})(?:\.(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|(?:(?::[0-9A-Fa-f]{1,4}){1,2})))|(?:(?:[0-9A-Fa-f]{1,4}:){3}(?::[0-9A-Fa-f]{1,4}){0,2}(?:(?::(?:(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})(?:\.(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|(?:(?::[0-9A-Fa-f]{1,4}){1,2})))|(?:(?:[0-9A-Fa-f]{1,4}:){2}(?::[0-9A-Fa-f]{1,4}){0,3}(?:(?::(?:(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})(?:\.(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|(?:(?::[0-9A-Fa-f]{1,4}){1,2})))|(?:(?:[0-9A-Fa-f]{1,4}:)(?::[0-9A-Fa-f]{1,4}){0,4}(?:(?::(?:(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})(?:\.(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|(?:(?::[0-9A-Fa-f]{1,4}){1,2})))|(?::(?::[0-9A-Fa-f]{1,4}){0,5}(?:(?::(?:(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})(?:\.(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|(?:(?::[0-9A-Fa-f]{1,4}){1,2})))|(?:(?:(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})(?:\.(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})))\]?(?<!:)'.
                    ')'
                : '').
1016 1017 1018 1019 1020 1021 1022 1023
            (common_config('linkify', 'bare_domains')
                ? '|(?:'. //DNS
                    '(?:[\pN\pL\-\_\+\%\~]+(?:\:[\pN\pL\-\_\+\%\~]+)?\@)?'. //user:pass@
                    '[\pN\pL\-\_]+(?:\.[\pN\pL\-\_]+)*\.'.
                    //tld list from http://data.iana.org/TLD/tlds-alpha-by-domain.txt, also added local, loc, and onion
                    '(?:AC|AD|AE|AERO|AF|AG|AI|AL|AM|AN|AO|AQ|AR|ARPA|AS|ASIA|AT|AU|AW|AX|AZ|BA|BB|BD|BE|BF|BG|BH|BI|BIZ|BJ|BM|BN|BO|BR|BS|BT|BV|BW|BY|BZ|CA|CAT|CC|CD|CF|CG|CH|CI|CK|CL|CM|CN|CO|COM|COOP|CR|CU|CV|CX|CY|CZ|DE|DJ|DK|DM|DO|DZ|EC|EDU|EE|EG|ER|ES|ET|EU|FI|FJ|FK|FM|FO|FR|GA|GB|GD|GE|GF|GG|GH|GI|GL|GM|GN|GOV|GP|GQ|GR|GS|GT|GU|GW|GY|HK|HM|HN|HR|HT|HU|ID|IE|IL|IM|IN|INFO|INT|IO|IQ|IR|IS|IT|JE|JM|JO|JOBS|JP|KE|KG|KH|KI|KM|KN|KP|KR|KW|KY|KZ|LA|LB|LC|LI|LK|LR|LS|LT|LU|LV|LY|MA|MC|MD|ME|MG|MH|MIL|MK|ML|MM|MN|MO|MOBI|MP|MQ|MR|MS|MT|MU|MUSEUM|MV|MW|MX|MY|MZ|NA|NAME|NC|NE|NET|NF|NG|NI|NL|NO|NP|NR|NU|NZ|OM|ORG|PA|PE|PF|PG|PH|PK|PL|PM|PN|PR|PRO|PS|PT|PW|PY|QA|RE|RO|RS|RU|RW|SA|SB|SC|SD|SE|SG|SH|SI|SJ|SK|SL|SM|SN|SO|SR|ST|SU|SV|SY|SZ|TC|TD|TEL|TF|TG|TH|TJ|TK|TL|TM|TN|TO|TP|TR|TRAVEL|TT|TV|TW|TZ|UA|UG|UK|US|UY|UZ|VA|VC|VE|VG|VI|VN|VU|WF|WS|XN--0ZWM56D|测试|XN--11B5BS3A9AJ6G|परीक्षा|XN--80AKHBYKNJ4F|испытание|XN--9T4B11YI5A|테스트|XN--DEBA0AD|טעסט|XN--G6W251D|測試|XN--HGBK6AJ7F53BBA|آزمایشی|XN--HLCJ6AYA9ESC7A|பரிட்சை|XN--JXALPDLP|δοκιμή|XN--KGBECHTV|إختبار|XN--ZCKZAH|テスト|YE|YT|YU|ZA|ZM|ZONE|ZW|local|loc|onion)'.
            ')(?![\pN\pL\-\_])'
                : '') . // if common_config('linkify', 'bare_domains') is false, don't add anything here
1024
        ')'.
1025
        '(?:'.
1026
            '(?:\:\d+)?'. //:port
1027 1028 1029
            '(?:/['  . URL_REGEX_VALID_PATH_CHARS    . ']*)?'.  // path
            '(?:\?[' . URL_REGEX_VALID_QSTRING_CHARS . ']*)?'.  // ?query string
            '(?:\#[' . URL_REGEX_VALID_FRAGMENT_CHARS . ']*)?'. // #fragment
1030
        ')(?<!['. URL_REGEX_EXCLUDED_END_CHARS .'])'.
1031
    ')'.
1032
    '#ixu';
1033
    //preg_match_all($regex,$text,$matches);
1034
    //print_r($matches);
1035
    return preg_replace_callback($regex, curry('callback_helper',$callback,$arg) ,$text);
1036
}
1037

1038 1039 1040 1041 1042 1043 1044 1045
/**
 * Intermediate callback for common_replace_links(), helps resolve some
 * ambiguous link forms before passing on to the final callback.
 *
 * @param array $matches
 * @param callable $callback
 * @param mixed $arg optional argument to pass on as second param to callback
 * @return string
1046
 *
1047 1048 1049
 * @access private
 */
function callback_helper($matches, $callback, $arg=null) {
1050
    $url=$matches[1];
1051 1052
    $left = strpos($matches[0],$url);
    $right = $left+strlen($url);
1053

1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065
    $groupSymbolSets=array(
        array(
            'left'=>'(',
            'right'=>')'
        ),
        array(
            'left'=>'[',
            'right'=>']'
        ),
        array(
            'left'=>'{',
            'right'=>'}'
1066 1067 1068 1069
        ),
        array(
            'left'=>'<',
            'right'=>'>'
1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090
        )
    );
    $cannotEndWith=array('.','?',',','#');
    $original_url=$url;
    do{
        $original_url=$url;
        foreach($groupSymbolSets as $groupSymbolSet){
            if(substr($url,-1)==$groupSymbolSet['right']){
                $group_left_count = substr_count($url,$groupSymbolSet['left']);
                $group_right_count = substr_count($url,$groupSymbolSet['right']);
                if($group_left_count<$group_right_count){
                    $right-=1;
                    $url=substr($url,0,-1);
                }
            }
        }
        if(in_array(substr($url,-1),$cannotEndWith)){
            $right-=1;
            $url=substr($url,0,-1);
        }
    }while($original_url!=$url);
1091

1092
    $result = call_user_func_array($callback, array($url, $arg));
1093
    return substr($matches[0],0,$left) . $result . substr($matches[0],$right);
1094
}
1095

1096
require_once INSTALLDIR . "/lib/curry.php";
1097 1098

function common_linkify($url) {
1099 1100 1101
    // It comes in special'd, so we unspecial it before passing to the stringifying
    // functions
    $url = htmlspecialchars_decode($url);
1102

1103 1104 1105 1106 1107
    if (strpos($url, '@') !== false && strpos($url, ':') === false && Validate::email($url)) {
        //url is an email address without the mailto: protocol
        $canon = "mailto:$url";
        $longurl = "mailto:$url";
    } else {
1108
        $canon = File_redirection::_canonUrl($url);
1109
        $longurl_data = File_redirection::where($canon, common_config('attachments', 'process_links'));
hannes's avatar
hannes committed
1110 1111 1112 1113 1114 1115 1116
        
        if(isset($longurl_data->redir_url)) {
			$longurl = $longurl_data->redir_url;
        } else {
            // e.g. local files
	        $longurl = $longurl_data->url;
        }
1117
    }
hannes's avatar
hannes committed
1118 1119
    
    $attrs = array('href' => $longurl, 'title' => $longurl);
1120

1121 1122 1123 1124
    $is_attachment = false;
    $attachment_id = null;
    $has_thumb = false;

1125
    // Check to see whether this is a known "attachment" URL.
1126

mmn's avatar
mmn committed
1127 1128 1129
    try {
        $f = File::getByUrl($longurl);
    } catch (NoResultException $e) {
1130 1131
        if (common_config('attachments', 'process_links')) {
            // XXX: this writes to the database. :<
1132 1133 1134 1135 1136
            try {
                $f = File::processNew($longurl);
            } catch (ServerException $e) {
                $f = null;
            }
1137
        }
1138 1139
    }

1140 1141 1142
    if ($f instanceof File) {
        try {
            $enclosure = $f->getEnclosure();
1143
            $is_attachment = true;
1144
            $attachment_id = $f->id;
1145

1146
            $thumb = File_thumbnail::getKV('file_id', $f->id);
1147 1148 1149
            $has_thumb = ($thumb instanceof File_thumbnail);
        } catch (ServerException $e) {
            // There was not enough metadata available
1150 1151 1152
        }
    }

1153 1154 1155 1156 1157 1158 1159 1160 1161
    // Whether to nofollow
    $nf = common_config('nofollow', 'external');

    if ($nf == 'never') {
        $attrs['rel'] = 'external';
    } else {
        $attrs['rel'] = 'nofollow external';
    }

1162 1163 1164 1165 1166 1167 1168 1169 1170 1171
    // Add clippy
    if ($is_attachment) {
        $attrs['class'] = 'attachment';
        if ($has_thumb) {
            $attrs['class'] = 'attachment thumbnail';
        }
        $attrs['id'] = "attachment-{$attachment_id}";
        $attrs['rel'] .= ' noreferrer';
    }

1172
    return XMLStringer::estring('a', $attrs, $url);
1173 1174
}

1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191
/**
 * Find and shorten links in a given chunk of text if it's longer than the
 * configured notice content limit (or unconditionally).
 *
 * Side effects: may save file and file_redirection records for referenced URLs.
 *
 * Pass the $user option or call $user->shortenLinks($text) to ensure the proper
 * user's options are used; otherwise the current web session user's setitngs
 * will be used or ur1.ca if there is no active web login.
 *
 * @param string $text
 * @param boolean $always (optional)
 * @param User $user (optional)
 *
 * @return string
 */
function common_shorten_links($text, $always = false, User $user=null)
1192
{
1193 1194 1195
    if ($user === null) {
        $user = common_current_user();
    }
1196 1197 1198

    $maxLength = User_urlshortener_prefs::maxNoticeLength($user);

1199
    if ($always || ($maxLength != -1 && mb_strlen($text) > $maxLength)) {
1200
        return common_replace_urls_callback($text, array('File_redirection', 'forceShort'), $user);
1201
    } else {
1202
        return common_replace_urls_callback($text, array('File_redirection', 'makeShort'), $user);
1203
    }
1204 1205
}

1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218
/**
 * Very basic stripping of invalid UTF-8 input text.
 *
 * @param string $str
 * @return mixed string or null if invalid input
 *
 * @todo ideally we should drop bad chars, and maybe do some of the checks
 *       from common_xml_safe_str. But we can't strip newlines, etc.
 * @todo Unicode normalization might also be useful, but not needed now.
 */
function common_validate_utf8($str)
{
    // preg_replace will return NULL on invalid UTF-8 input.
1219 1220 1221 1222 1223 1224
    //
    // Note: empty regex //u also caused NULL return on some
    // production machines, but none of our test machines.
    //
    // This should be replaced with a more reliable check.
    return preg_replace('/\x00/u', '', $str);
1225 1226 1227 1228 1229 1230 1231 1232
}

/**
 * Make sure an arbitrary string is safe for output in XML as a single line.
 *
 * @param string $str
 * @return string
 */
1233 1234
function common_xml_safe_str($str)
{
1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 1250 1251 1252 1253 1254 1255 1256
    // Replace common eol and extra whitespace input chars
    $unWelcome = array(
        "\t",  // tab
        "\n",  // newline
        "\r",  // cr
        "\0",  // null byte eos
        "\x0B" // vertical tab
    );

    $replacement = array(
        ' ', // single space
        ' ',
        '',  // nothing
        '',
        ' '
    );

    $str = str_replace($unWelcome, $replacement, $str);

    // Neutralize any additional control codes and UTF-16 surrogates
    // (Twitter uses '*')
    return preg_replace('/[\p{Cc}\p{Cs}]/u', '*', $str);
1257 1258
}

1259 1260
function common_slugify($str)
{
1261 1262 1263 1264 1265 1266 1267
    // php5-intl is highly recommended...
    if (!function_exists('transliterator_transliterate')) {
        $str = preg_replace('/[^\pL\pN]/u', '', $str);
        $str = mb_convert_case($str, MB_CASE_LOWER, 'UTF-8');
        $str = substr($str, 0, 64);
        return $str;
    }
1268 1269 1270 1271 1272 1273 1274 1275 1276 1277 1278 1279
    $str = transliterator_transliterate(
                        'Any-Latin;' .      // any charset to latin compatible
                            'NFD;' .        // decompose
                            '[:Nonspacing Mark:] Remove;' . // remove nonspacing marks (accents etc.)
                            'NFC;' .        // composite again
                            '[:Punctuation:] Remove;' . // remove punctuation (.,¿? etc.)
                            'Lower();' .    // turn into lowercase
                            'Latin-ASCII;',  // get ASCII equivalents (ð to d for example)
                        $str);
    return preg_replace('/[^\pL\pN]/', '', $str);
}

1280 1281
function common_tag_link($tag)
{
1282
    $canonical = common_canonical_tag($tag);
1283 1284
    if (common_config('singleuser', 'enabled')) {
        // regular TagAction isn't set up in 1user mode
1285
        $nickname = User::singleUserNickname();
1286
        $url = common_local_url('showstream',
1287
                                array('nickname' => $nickname,
1288 1289 1290 1291
                                      'tag' => $canonical));
    } else {
        $url = common_local_url('tag', array('tag' => $canonical));
    }
1292 1293 1294 1295 1296
    $xs = new XMLStringer();
    $xs->elementStart('span', 'tag');
    $xs->element('a', array('href' => $url,
                            'rel' => 'tag'),
                 $tag);
1297
    $xs->elementEnd('span');
1298
    return $xs->getString();
1299 1300
}

1301 1302
function common_canonical_tag($tag)
{
1303 1304 1305
    $tag = common_slugify($tag);
    $tag = substr($tag, 0, 64);
    return $tag;
1306 1307
}

1308 1309
function common_valid_profile_tag($str)
{
1310
    return preg_match('/^[A-Za-z0-9_\-\.]{1,64}$/', $str);
1311 1312
}

1313 1314 1315 1316 1317 1318 1319 1320 1321 1322 1323 1324 1325 1326 1327 1328 1329
/**
 * Resolve an ambiguous profile nickname reference, checking in following order:
 * - profiles that $sender subscribes to
 * - profiles that subscribe to $sender
 * - local user profiles
 *
 * WARNING: does not validate or normalize $nickname -- MUST BE PRE-VALIDATED
 * OR THERE MAY BE A RISK OF SQL INJECTION ATTACKS. THIS FUNCTION DOES NOT
 * ESCAPE SQL.
 *
 * @fixme validate input
 * @fixme escape SQL
 * @fixme fix or remove mystery third parameter
 * @fixme is $sender a User or Profile?
 *
 * @param <type> $sender the user or profile in whose context we're looking
 * @param string $nickname validated nickname of
1330
 * @param <type> $dt unused mystery parameter; in Notice reply-to handling a timestamp is passed.
1331 1332 1333
 *
 * @return Profile or null
 */
1334 1335
function common_relative_profile($sender, $nickname, $dt=null)
{
1336 1337 1338
    // Will throw exception on invalid input.
    $nickname = Nickname::normalize($nickname);

1339 1340 1341
    // Try to find profiles this profile is subscribed to that have this nickname
    $recipient = new Profile();
    // XXX: use a join instead of a subquery
1342 1343
    $recipient->whereAdd('EXISTS (SELECT subscribed from subscription where subscriber = '.intval($sender->id).' and subscribed = id)', 'AND');
    $recipient->whereAdd("nickname = '" . $recipient->escape($nickname) . "'", 'AND');
Evan Prodromou's avatar
Evan Prodromou committed
1344
    if ($recipient->find(true)) {
1345 1346 1347 1348 1349 1350 1351
        // XXX: should probably differentiate between profiles with
        // the same name by date of most recent update
        return $recipient;
    }
    // Try to find profiles that listen to this profile and that have this nickname
    $recipient = new Profile();
    // XXX: use a join instead of a subquery
1352 1353
    $recipient->whereAdd('EXISTS (SELECT subscriber from subscription where subscribed = '.intval($sender->id).' and subscriber = id)', 'AND');
    $recipient->whereAdd("nickname = '" . $recipient->escape($nickname) . "'", 'AND');
Evan Prodromou's avatar
Evan Prodromou committed
1354
    if ($recipient->find(true)) {
1355 1356 1357 1358 1359
        // XXX: should probably differentiate between profiles with
        // the same name by date of most recent update
        return $recipient;
    }
    // If this is a local user, try to find a local user with that nickname.