From 85e4c16f39a8b00b229644bcd175663541dfd51a Mon Sep 17 00:00:00 2001 From: Steve Clay Date: Mon, 4 Feb 2013 20:37:25 -0500 Subject: Doc fixes and inline type hints for variables (big static analysis cleanup) --- engine/lib/output.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'engine/lib/output.php') diff --git a/engine/lib/output.php b/engine/lib/output.php index 9295f2173..fefb94b3e 100644 --- a/engine/lib/output.php +++ b/engine/lib/output.php @@ -12,7 +12,7 @@ * * @param string $text The input string * - * @return string The output stirng with formatted links + * @return string The output string with formatted links **/ function parse_urls($text) { // @todo this causes problems with @@ -421,7 +421,7 @@ function _elgg_html_decode($string) { /** * Unit tests for Output * - * @param sting $hook unit_test + * @param string $hook unit_test * @param string $type system * @param mixed $value Array of tests * @param mixed $params Params -- cgit v1.2.3 From 269d3621531a80b13221a2f6e663efe2ad20ccaa Mon Sep 17 00:00:00 2001 From: Steve Clay Date: Mon, 4 Feb 2013 20:59:06 -0500 Subject: remove unused code: vars, foreach keys, etc --- engine/classes/ElggEntity.php | 2 -- engine/classes/ElggFile.php | 1 - engine/classes/ElggMenuBuilder.php | 1 - engine/lib/annotations.php | 1 - engine/lib/cron.php | 2 -- engine/lib/database.php | 16 ++++++++-------- engine/lib/elgglib.php | 12 +++--------- engine/lib/export.php | 4 ---- engine/lib/filestore.php | 2 -- engine/lib/input.php | 2 -- engine/lib/languages.php | 2 -- engine/lib/metastrings.php | 3 --- engine/lib/navigation.php | 6 +++--- engine/lib/notification.php | 2 +- engine/lib/output.php | 1 - engine/lib/plugins.php | 2 -- engine/lib/relationships.php | 3 --- engine/lib/river.php | 4 ---- engine/lib/sessions.php | 6 ------ engine/lib/sites.php | 4 ---- engine/lib/upgrade.php | 3 --- engine/lib/users.php | 9 --------- 22 files changed, 15 insertions(+), 73 deletions(-) (limited to 'engine/lib/output.php') diff --git a/engine/classes/ElggEntity.php b/engine/classes/ElggEntity.php index 0cb8e5f7c..f44e73023 100644 --- a/engine/classes/ElggEntity.php +++ b/engine/classes/ElggEntity.php @@ -1735,8 +1735,6 @@ abstract class ElggEntity extends ElggData implements * @return array */ public function getTags($tag_names = NULL) { - global $CONFIG; - if ($tag_names && !is_array($tag_names)) { $tag_names = array($tag_names); } diff --git a/engine/classes/ElggFile.php b/engine/classes/ElggFile.php index 3f652ff19..532db3617 100644 --- a/engine/classes/ElggFile.php +++ b/engine/classes/ElggFile.php @@ -365,7 +365,6 @@ class ElggFile extends ElggObject { // need to get all filestore::* metadata because the rest are "parameters" that // get passed to filestore::setParameters() if ($this->guid) { - $db_prefix = elgg_get_config('dbprefix'); $options = array( 'guid' => $this->guid, 'where' => array("n.string LIKE 'filestore::%'"), diff --git a/engine/classes/ElggMenuBuilder.php b/engine/classes/ElggMenuBuilder.php index 028eef15f..6da951597 100644 --- a/engine/classes/ElggMenuBuilder.php +++ b/engine/classes/ElggMenuBuilder.php @@ -227,7 +227,6 @@ class ElggMenuBuilder { if ($children) { $stack = array_merge($stack, $children); } - $p = count($stack); } } } diff --git a/engine/lib/annotations.php b/engine/lib/annotations.php index a95aba8f8..e5566a00a 100644 --- a/engine/lib/annotations.php +++ b/engine/lib/annotations.php @@ -465,7 +465,6 @@ function export_annotation_plugin_hook($hook, $entity_type, $returnvalue, $param } $guid = (int)$params['guid']; - $name = $params['name']; $result = elgg_get_annotations(array( 'guid' => $guid, diff --git a/engine/lib/cron.php b/engine/lib/cron.php index dd83a9849..4f3d05b93 100644 --- a/engine/lib/cron.php +++ b/engine/lib/cron.php @@ -30,8 +30,6 @@ function cron_init() { * @access private */ function cron_page_handler($page) { - global $CONFIG; - if (!isset($page[0])) { forward(); } diff --git a/engine/lib/database.php b/engine/lib/database.php index 18c30cb8e..dcf50545d 100644 --- a/engine/lib/database.php +++ b/engine/lib/database.php @@ -79,7 +79,7 @@ $dbcalls = 0; */ function establish_db_link($dblinkname = "readwrite") { // Get configuration, and globalise database link - global $CONFIG, $dblink, $DB_QUERY_CACHE, $dbcalls; + global $CONFIG, $dblink, $DB_QUERY_CACHE; if ($dblinkname != "readwrite" && isset($CONFIG->db[$dblinkname])) { if (is_array($CONFIG->db[$dblinkname])) { @@ -137,7 +137,7 @@ function establish_db_link($dblinkname = "readwrite") { * @access private */ function setup_db_connections() { - global $CONFIG, $dblink; + global $CONFIG; if (!empty($CONFIG->db->split)) { establish_db_link('read'); @@ -250,7 +250,7 @@ function explain_query($query, $link) { * @access private */ function execute_query($query, $dblink) { - global $CONFIG, $dbcalls; + global $dbcalls; if ($query == NULL) { throw new DatabaseException(elgg_echo('DatabaseException:InvalidQuery')); @@ -389,7 +389,7 @@ function get_data_row($query, $callback = "") { * @access private */ function elgg_query_runner($query, $callback = null, $single = false) { - global $CONFIG, $DB_QUERY_CACHE; + global $DB_QUERY_CACHE; // Since we want to cache results of running the callback, we need to // need to namespace the query with the callback and single result request. @@ -454,7 +454,7 @@ function elgg_query_runner($query, $callback = null, $single = false) { * @access private */ function insert_data($query) { - global $CONFIG, $DB_QUERY_CACHE; + global $DB_QUERY_CACHE; elgg_log("DB query $query", 'NOTICE'); @@ -486,7 +486,7 @@ function insert_data($query) { * @access private */ function update_data($query) { - global $CONFIG, $DB_QUERY_CACHE; + global $DB_QUERY_CACHE; elgg_log("DB query $query", 'NOTICE'); @@ -517,7 +517,7 @@ function update_data($query) { * @access private */ function delete_data($query) { - global $CONFIG, $DB_QUERY_CACHE; + global $DB_QUERY_CACHE; elgg_log("DB query $query", 'NOTICE'); @@ -644,7 +644,7 @@ function run_sql_script($scriptlocation) { $statement = str_replace("prefix_", $CONFIG->dbprefix, $statement); if (!empty($statement)) { try { - $result = update_data($statement); + update_data($statement); } catch (DatabaseException $e) { $errors[] = $e->getMessage(); } diff --git a/engine/lib/elgglib.php b/engine/lib/elgglib.php index 6a2ebf97b..4cac79a22 100644 --- a/engine/lib/elgglib.php +++ b/engine/lib/elgglib.php @@ -128,8 +128,6 @@ function elgg_load_library($name) { * @throws SecurityException */ function forward($location = "", $reason = 'system') { - global $CONFIG; - if (!headers_sent()) { if ($location === REFERER) { $location = $_SERVER['HTTP_REFERER']; @@ -385,7 +383,7 @@ function elgg_load_external_file($type, $name) { $item->url = ''; $item->location = ''; - $priority = $CONFIG->externals[$type]->add($item); + $CONFIG->externals[$type]->add($item); $CONFIG->externals_map[$type][$name] = $item; } } @@ -563,7 +561,7 @@ function system_messages($message = null, $register = "success", $count = false) return sizeof($_SESSION['msg'][$register]); } else { $count = 0; - foreach ($_SESSION['msg'] as $register => $submessages) { + foreach ($_SESSION['msg'] as $submessages) { $count += sizeof($submessages); } return $count; @@ -1294,8 +1292,6 @@ function elgg_deprecated_notice($msg, $dep_version, $backtrace_level = 1) { * @return string The current page URL. */ function current_page_url() { - global $CONFIG; - $url = parse_url(elgg_get_site_url()); $page = $url['scheme'] . "://"; @@ -1489,8 +1485,6 @@ function elgg_http_add_url_query_elements($url, array $elements) { * @since 1.8.0 */ function elgg_http_url_is_identical($url1, $url2, $ignore_params = array('offset', 'limit')) { - global $CONFIG; - // if the server portion is missing but it starts with / then add the url in. // @todo use elgg_normalize_url() if (elgg_substr($url1, 0, 1) == '/') { @@ -1629,7 +1623,7 @@ $sort_type = SORT_LOCALE_STRING) { $sort = array(); - foreach ($array as $k => $v) { + foreach ($array as $v) { if (isset($v[$element])) { $sort[] = strtolower($v[$element]); } else { diff --git a/engine/lib/export.php b/engine/lib/export.php index 1996bc885..ecc894e63 100644 --- a/engine/lib/export.php +++ b/engine/lib/export.php @@ -40,8 +40,6 @@ function get_uuid_from_object($object) { * @return string */ function guid_to_uuid($guid) { - global $CONFIG; - return elgg_get_site_url() . "export/opendd/$guid/"; } @@ -53,8 +51,6 @@ function guid_to_uuid($guid) { * @return bool */ function is_uuid_this_domain($uuid) { - global $CONFIG; - if (strpos($uuid, elgg_get_site_url()) === 0) { return true; } diff --git a/engine/lib/filestore.php b/engine/lib/filestore.php index 677fac931..a3c7ba439 100644 --- a/engine/lib/filestore.php +++ b/engine/lib/filestore.php @@ -308,8 +308,6 @@ function get_image_resize_parameters($width, $height, $options) { function file_delete($guid) { if ($file = get_entity($guid)) { if ($file->canEdit()) { - $container = get_entity($file->container_guid); - $thumbnail = $file->thumbnail; $smallthumb = $file->smallthumb; $largethumb = $file->largethumb; diff --git a/engine/lib/input.php b/engine/lib/input.php index 2d71fb77e..bbb9ff94d 100644 --- a/engine/lib/input.php +++ b/engine/lib/input.php @@ -266,10 +266,8 @@ function input_livesearch_page_handler($page) { } if (get_input('match_owner', false)) { - $owner_guid = $user->getGUID(); $owner_where = 'AND e.owner_guid = ' . $user->getGUID(); } else { - $owner_guid = null; $owner_where = ''; } diff --git a/engine/lib/languages.php b/engine/lib/languages.php index 11722f744..3c231d964 100644 --- a/engine/lib/languages.php +++ b/engine/lib/languages.php @@ -104,8 +104,6 @@ function add_translation($country_code, $language_array) { * @return string The language code for the site/user or "en" if not set */ function get_current_language() { - global $CONFIG; - $language = get_language(); if (!$language) { diff --git a/engine/lib/metastrings.php b/engine/lib/metastrings.php index 264d2ba2c..698c8c1a9 100644 --- a/engine/lib/metastrings.php +++ b/engine/lib/metastrings.php @@ -520,9 +520,6 @@ function elgg_get_metastring_sql($table, $names = null, $values = null, $db_prefix = elgg_get_config('dbprefix'); - // join counter for incremental joins. - $i = 1; - // binary forces byte-to-byte comparision of strings, making // it case- and diacritical-mark- sensitive. // only supported on values. diff --git a/engine/lib/navigation.php b/engine/lib/navigation.php index 0e8914bbb..118a7214c 100644 --- a/engine/lib/navigation.php +++ b/engine/lib/navigation.php @@ -152,7 +152,7 @@ function elgg_is_menu_item_registered($menu_name, $item_name) { return false; } - foreach ($CONFIG->menus[$menu_name] as $index => $menu_object) { + foreach ($CONFIG->menus[$menu_name] as $menu_object) { /* @var ElggMenuItem $menu_object */ if ($menu_object->getName() == $item_name) { return true; @@ -313,8 +313,8 @@ function elgg_site_menu_setup($hook, $type, $return, $params) { // check if we have anything selected $selected = false; - foreach ($return as $section_name => $section) { - foreach ($section as $key => $item) { + foreach ($return as $section) { + foreach ($section as $item) { if ($item->getSelected()) { $selected = true; break 2; diff --git a/engine/lib/notification.php b/engine/lib/notification.php index d72b1352a..f0aff84e6 100644 --- a/engine/lib/notification.php +++ b/engine/lib/notification.php @@ -86,7 +86,7 @@ function unregister_notification_handler($method) { * @throws NotificationException */ function notify_user($to, $from, $subject, $message, array $params = NULL, $methods_override = "") { - global $NOTIFICATION_HANDLERS, $CONFIG; + global $NOTIFICATION_HANDLERS; // Sanitise if (!is_array($to)) { diff --git a/engine/lib/output.php b/engine/lib/output.php index fefb94b3e..da8e1ab86 100644 --- a/engine/lib/output.php +++ b/engine/lib/output.php @@ -224,7 +224,6 @@ function elgg_normalize_url($url) { $php_5_3_0_to_5_3_2 = version_compare(PHP_VERSION, '5.3.0', '>=') && version_compare(PHP_VERSION, '5.3.3', '<'); - $validated = false; if ($php_5_2_13_and_below || $php_5_3_0_to_5_3_2) { $tmp_address = str_replace("-", "", $url); $validated = filter_var($tmp_address, FILTER_VALIDATE_URL); diff --git a/engine/lib/plugins.php b/engine/lib/plugins.php index d6f03c795..0ea4404f3 100644 --- a/engine/lib/plugins.php +++ b/engine/lib/plugins.php @@ -309,8 +309,6 @@ function elgg_is_active_plugin($plugin_id, $site_guid = null) { * @access private */ function elgg_load_plugins() { - global $CONFIG; - $plugins_path = elgg_get_plugins_path(); $start_flags = ELGG_PLUGIN_INCLUDE_START | ELGG_PLUGIN_REGISTER_VIEWS diff --git a/engine/lib/relationships.php b/engine/lib/relationships.php index 6f18bda93..c1a7cc080 100644 --- a/engine/lib/relationships.php +++ b/engine/lib/relationships.php @@ -589,8 +589,6 @@ function import_relationship_plugin_hook($hook, $entity_type, $returnvalue, $par * @access private */ function export_relationship_plugin_hook($hook, $entity_type, $returnvalue, $params) { - global $CONFIG; - // Sanity check values if ((!is_array($params)) && (!isset($params['guid']))) { throw new InvalidParameterException(elgg_echo('InvalidParameterException:GUIDNotForExport')); @@ -626,7 +624,6 @@ function export_relationship_plugin_hook($hook, $entity_type, $returnvalue, $par function relationship_notification_hook($event, $type, $object) { /* @var ElggRelationship $object */ $user_one = get_entity($object->guid_one); - $user_two = get_entity($object->guid_two); /* @var ElggUser $user_one */ return notify_user($object->guid_two, diff --git a/engine/lib/river.php b/engine/lib/river.php index 6274887b5..f2ec1e101 100644 --- a/engine/lib/river.php +++ b/engine/lib/river.php @@ -664,10 +664,6 @@ function elgg_river_page_handler($page) { } set_input('page_type', $page_type); - // content filter code here - $entity_type = ''; - $entity_subtype = ''; - require_once("{$CONFIG->path}pages/river.php"); return true; } diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php index 3dd95aa2f..a34c2045b 100644 --- a/engine/lib/sessions.php +++ b/engine/lib/sessions.php @@ -286,8 +286,6 @@ function check_rate_limit_exceeded($user_guid) { * @throws LoginException */ function login(ElggUser $user, $persistent = false) { - global $CONFIG; - // User is banned, return false. if ($user->isBanned()) { throw new LoginException(elgg_echo('LoginException:BannedUser')); @@ -334,8 +332,6 @@ function login(ElggUser $user, $persistent = false) { * @return bool */ function logout() { - global $CONFIG; - if (isset($_SESSION['user'])) { if (!elgg_trigger_event('logout', 'user', $_SESSION['user'])) { return false; @@ -618,8 +614,6 @@ function _elgg_session_destroy($id) { $sess_file = "$sess_save_path/sess_$id"; return @unlink($sess_file); } - - return false; } /** diff --git a/engine/lib/sites.php b/engine/lib/sites.php index 8ee3213d3..3de0eccc2 100644 --- a/engine/lib/sites.php +++ b/engine/lib/sites.php @@ -118,8 +118,6 @@ function create_site_entity($guid, $name, $description, $url) { * @return bool */ function add_site_user($site_guid, $user_guid) { - global $CONFIG; - $site_guid = (int)$site_guid; $user_guid = (int)$user_guid; @@ -150,8 +148,6 @@ function remove_site_user($site_guid, $user_guid) { * @return mixed */ function add_site_object($site_guid, $object_guid) { - global $CONFIG; - $site_guid = (int)$site_guid; $object_guid = (int)$object_guid; diff --git a/engine/lib/upgrade.php b/engine/lib/upgrade.php index ae4591b0b..2883dc509 100644 --- a/engine/lib/upgrade.php +++ b/engine/lib/upgrade.php @@ -17,8 +17,6 @@ * @access private */ function upgrade_code($version, $quiet = FALSE) { - global $CONFIG; - $version = (int) $version; $upgrade_path = elgg_get_config('path') . 'engine/lib/upgrades/'; $processed_upgrades = elgg_get_processed_upgrades(); @@ -291,7 +289,6 @@ function elgg_upgrade_bootstrap_17_to_18() { '2011010101.php', ); - $upgrades_17 = array(); $upgrade_files = elgg_get_upgrade_files(); $processed_upgrades = array(); diff --git a/engine/lib/users.php b/engine/lib/users.php index c4e06895d..8e9086f57 100644 --- a/engine/lib/users.php +++ b/engine/lib/users.php @@ -343,8 +343,6 @@ function user_add_friend($user_guid, $friend_guid) { * @return bool Depending on success */ function user_remove_friend($user_guid, $friend_guid) { - global $CONFIG; - $user_guid = (int) $user_guid; $friend_guid = (int) $friend_guid; @@ -675,8 +673,6 @@ function find_active_users($seconds = 600, $limit = 10, $offset = 0, $count = fa * @return bool */ function send_new_password_request($user_guid) { - global $CONFIG; - $user_guid = (int)$user_guid; $user = get_entity($user_guid); @@ -916,9 +912,6 @@ function validate_email_address($address) { function register_user($username, $password, $name, $email, $allow_multiple_emails = false, $friend_guid = 0, $invitecode = '') { - // Load the configuration - global $CONFIG; - // no need to trim password. $username = trim($username); $name = trim(strip_tags($name)); @@ -1205,8 +1198,6 @@ function set_last_login($user_guid) { * @access private */ function user_create_hook_add_site_relationship($event, $object_type, $object) { - global $CONFIG; - add_entity_relationship($object->getGUID(), 'member_of_site', elgg_get_site_entity()->guid); } -- cgit v1.2.3 From 5ccc0540fd28cc1620ffca10e3aed92319e78794 Mon Sep 17 00:00:00 2001 From: Steve Clay Date: Sun, 31 Mar 2013 21:09:07 -0400 Subject: Fixes #4972: More robust friendly titles implementation --- engine/classes/ElggTranslit.php | 15 ++++++++++++--- engine/lib/output.php | 8 +++----- engine/tests/regression/trac_bugs.php | 16 +++++++++------- 3 files changed, 24 insertions(+), 15 deletions(-) (limited to 'engine/lib/output.php') diff --git a/engine/classes/ElggTranslit.php b/engine/classes/ElggTranslit.php index 601965c11..4ae1d2479 100644 --- a/engine/classes/ElggTranslit.php +++ b/engine/classes/ElggTranslit.php @@ -49,10 +49,19 @@ class ElggTranslit { // Internationalization, AND 日本語! $string = self::transliterateAscii($string); - // more translation + // allow HTML tags in titles + $string = preg_replace('~<([a-zA-Z][^>]*)>~', ' $1 ', $string); + + // more substitutions + // @todo put these somewhere else $string = strtr($string, array( - // Euro/GBP - "\xE2\x82\xAC" /* € */ => 'E', "\xC2\xA3" /* £ */ => 'GBP', + // currency + "\xE2\x82\xAC" /* € */ => ' E ', + "\xC2\xA3" /* £ */ => ' GBP ', + + "&" => ' and ', + ">" => ' greater than ', + "<" => ' less than ', )); // remove all ASCII except 0-9a-zA-Z, hyphen, underscore, and whitespace diff --git a/engine/lib/output.php b/engine/lib/output.php index da8e1ab86..c5a04989b 100644 --- a/engine/lib/output.php +++ b/engine/lib/output.php @@ -284,11 +284,9 @@ function elgg_get_friendly_title($title) { return $result; } - // handle some special cases - $title = str_replace('&', 'and', $title); - // quotes and angle brackets stored in the database as html encoded - $title = htmlspecialchars_decode($title); - + // titles are often stored HTML encoded + $title = html_entity_decode($title, ENT_QUOTES, 'UTF-8'); + $title = ElggTranslit::urlize($title); return $title; diff --git a/engine/tests/regression/trac_bugs.php b/engine/tests/regression/trac_bugs.php index 691433a41..58444dd39 100644 --- a/engine/tests/regression/trac_bugs.php +++ b/engine/tests/regression/trac_bugs.php @@ -206,21 +206,23 @@ class ElggCoreRegressionBugsTest extends ElggCoreUnitTest { */ public function test_friendly_title() { $cases = array( + // acid test + "B&N > Amazon, OK? 'hey!' $34" + => "b-and-n-greater-than-amazon-ok-bold-hey-34", + // hyphen, underscore and ASCII whitespace replaced by separator, // other non-alphanumeric ASCII removed - "a-a_a a\na\ra\ta\va!a\"a#a\$a%a&a'a(a)a*a+a,a.a/a:a;aa?a@a[a\\a]a^a`a{a|a}a~a" - => "a-a-a-a-a-a-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", - + "a-a_a a\na\ra\ta\va!a\"a#a\$a%a&a'a(a)a*a+a,a.a/a:a;a=a?a@a[a\\a]a^a`a{a|a}a~a" + => "a-a-a-a-a-a-aaaaaaa-and-aaaaaaaaaaaaaaaaaaaaaaa", + // separators trimmed - "-_ hello _-" => "hello", + "-_ hello _-" + => "hello", // accents removed, lower case, other multibyte chars are URL encoded "I\xC3\xB1t\xC3\xABrn\xC3\xA2ti\xC3\xB4n\xC3\xA0liz\xC3\xA6ti\xC3\xB8n, AND \xE6\x97\xA5\xE6\x9C\xAC\xE8\xAA\x9E" // Iñtërnâtiônàlizætiøn, AND 日本語 => 'internationalizaetion-and-%E6%97%A5%E6%9C%AC%E8%AA%9E', - - // some HTML entity replacements - "Me & You" => 'me-and-you', ); // where available, string is converted to NFC before transliteration -- cgit v1.2.3 From 834c4ad0bf82f28949b108eb6c957fde3c18e1ce Mon Sep 17 00:00:00 2001 From: Cash Costello Date: Sat, 20 Apr 2013 11:07:44 -0400 Subject: Fixes #5369 allows ! in urls and adds unit tests --- engine/lib/output.php | 25 ++++++++++------- engine/tests/regression/trac_bugs.php | 52 +++++++++++++++++++++++++++++++++++ 2 files changed, 67 insertions(+), 10 deletions(-) (limited to 'engine/lib/output.php') diff --git a/engine/lib/output.php b/engine/lib/output.php index c5a04989b..fe5bbcaaf 100644 --- a/engine/lib/output.php +++ b/engine/lib/output.php @@ -13,28 +13,33 @@ * @param string $text The input string * * @return string The output string with formatted links - **/ + */ function parse_urls($text) { + + // URI specification: http://www.ietf.org/rfc/rfc3986.txt + // This varies from the specification in the following ways: + // * Supports non-ascii characters + // * Does not allow parentheses and single quotes + // * Cuts off commas, exclamation points, and periods off as last character + // @todo this causes problems with // must be in format (no space). // By default htmlawed rewrites tags to this format. // if PHP supported conditional negative lookbehinds we could use this: // $r = preg_replace_callback('/(?"\'\!\(\),]+)/i', - // - // we can put , in the list of excluded char but need to keep . because of domain names. - // it is removed in the callback. - $r = preg_replace_callback('/(?"\'\!\(\),]+)/i', + $r = preg_replace_callback('/(?"\'\(\)]+)/i', create_function( '$matches', ' $url = $matches[1]; - $period = \'\'; - if (substr($url, -1, 1) == \'.\') { - $period = \'.\'; - $url = trim($url, \'.\'); + $punc = \'\'; + $last = substr($url, -1, 1); + if (in_array($last, array(".", "!", ","))) { + $punc = $last; + $url = rtrim($url, ".!,"); } $urltext = str_replace("/", "/", $url); - return "$urltext$period"; + return "$urltext$punc"; ' ), $text); diff --git a/engine/tests/regression/trac_bugs.php b/engine/tests/regression/trac_bugs.php index 58444dd39..83b78bc6b 100644 --- a/engine/tests/regression/trac_bugs.php +++ b/engine/tests/regression/trac_bugs.php @@ -236,4 +236,56 @@ class ElggCoreRegressionBugsTest extends ElggCoreUnitTest { $this->assertIdentical($expected, $friendly_title); } } + + /** + * Test #5369 -- parse_urls() + * https://github.com/Elgg/Elgg/issues/5369 + */ + public function test_parse_urls() { + + $cases = array( + 'no.link.here' => + 'no.link.here', + 'simple link http://example.org test' => + 'simple link http://example.org test', + 'non-ascii http://ñew.org/ test' => + 'non-ascii http://ñew.org/ test', + + // section 2.1 + 'percent encoded http://example.org/a%20b test' => + 'percent encoded http://example.org/a%20b test', + // section 2.2: skipping single quote and parenthese + 'reserved characters http://example.org/:/?#[]@!$&*+,;= test' => + 'reserved characters http://example.org/:/?#[]@!$&*+,;= test', + // section 2.3 + 'unreserved characters http://example.org/a1-._~ test' => + 'unreserved characters http://example.org/a1-._~ test', + + 'parameters http://example.org/?val[]=1&val[]=2 test' => + 'parameters http://example.org/?val[]=1&val[]=2 test', + 'port http://example.org:80/ test' => + 'port http://example.org:80/ test', + + 'parentheses (http://www.google.com) test' => + 'parentheses (http://www.google.com) test', + 'comma http://elgg.org, test' => + 'comma http://elgg.org, test', + 'period http://elgg.org. test' => + 'period http://elgg.org. test', + 'exclamation http://elgg.org! test' => + 'exclamation http://elgg.org! test', + + 'already anchor twitter test' => + 'already anchor twitter test', + + 'ssl https://example.org/ test' => + 'ssl https://example.org/ test', + 'ftp ftp://example.org/ test' => + 'ftp ftp://example.org/ test', + + ); + foreach ($cases as $input => $output) { + $this->assertEqual($output, parse_urls($input)); + } + } } -- cgit v1.2.3 From 164ff10b46d5917c7ab6ad068abf10e492464691 Mon Sep 17 00:00:00 2001 From: cash Date: Sat, 20 Apr 2013 12:08:27 -0400 Subject: Fixes #5244 adds nofollow to anchor tags created by parse_urls() --- engine/lib/output.php | 2 +- engine/tests/regression/trac_bugs.php | 26 +++++++++++++------------- 2 files changed, 14 insertions(+), 14 deletions(-) (limited to 'engine/lib/output.php') diff --git a/engine/lib/output.php b/engine/lib/output.php index fe5bbcaaf..6905b9b71 100644 --- a/engine/lib/output.php +++ b/engine/lib/output.php @@ -39,7 +39,7 @@ function parse_urls($text) { $url = rtrim($url, ".!,"); } $urltext = str_replace("/", "/", $url); - return "$urltext$punc"; + return "$urltext$punc"; ' ), $text); diff --git a/engine/tests/regression/trac_bugs.php b/engine/tests/regression/trac_bugs.php index 83b78bc6b..4de9c306b 100644 --- a/engine/tests/regression/trac_bugs.php +++ b/engine/tests/regression/trac_bugs.php @@ -247,41 +247,41 @@ class ElggCoreRegressionBugsTest extends ElggCoreUnitTest { 'no.link.here' => 'no.link.here', 'simple link http://example.org test' => - 'simple link http://example.org test', + 'simple link http://example.org test', 'non-ascii http://ñew.org/ test' => - 'non-ascii http://ñew.org/ test', + 'non-ascii http://ñew.org/ test', // section 2.1 'percent encoded http://example.org/a%20b test' => - 'percent encoded http://example.org/a%20b test', + 'percent encoded http://example.org/a%20b test', // section 2.2: skipping single quote and parenthese 'reserved characters http://example.org/:/?#[]@!$&*+,;= test' => - 'reserved characters http://example.org/:/?#[]@!$&*+,;= test', + 'reserved characters http://example.org/:/?#[]@!$&*+,;= test', // section 2.3 'unreserved characters http://example.org/a1-._~ test' => - 'unreserved characters http://example.org/a1-._~ test', + 'unreserved characters http://example.org/a1-._~ test', 'parameters http://example.org/?val[]=1&val[]=2 test' => - 'parameters http://example.org/?val[]=1&val[]=2 test', + 'parameters http://example.org/?val[]=1&val[]=2 test', 'port http://example.org:80/ test' => - 'port http://example.org:80/ test', + 'port http://example.org:80/ test', 'parentheses (http://www.google.com) test' => - 'parentheses (http://www.google.com) test', + 'parentheses (http://www.google.com) test', 'comma http://elgg.org, test' => - 'comma http://elgg.org, test', + 'comma http://elgg.org, test', 'period http://elgg.org. test' => - 'period http://elgg.org. test', + 'period http://elgg.org. test', 'exclamation http://elgg.org! test' => - 'exclamation http://elgg.org! test', + 'exclamation http://elgg.org! test', 'already anchor twitter test' => 'already anchor twitter test', 'ssl https://example.org/ test' => - 'ssl https://example.org/ test', + 'ssl https://example.org/ test', 'ftp ftp://example.org/ test' => - 'ftp ftp://example.org/ test', + 'ftp ftp://example.org/ test', ); foreach ($cases as $input => $output) { -- cgit v1.2.3 From cd7922c58f3f2d04b8ca4bcf336ecda2787c821e Mon Sep 17 00:00:00 2001 From: Jeff Tilson Date: Mon, 29 Apr 2013 13:38:42 -0400 Subject: Fixes #2057 (broken internet archive links) --- engine/lib/output.php | 2 +- engine/tests/regression/trac_bugs.php | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) (limited to 'engine/lib/output.php') diff --git a/engine/lib/output.php b/engine/lib/output.php index 6905b9b71..5adc01053 100644 --- a/engine/lib/output.php +++ b/engine/lib/output.php @@ -27,7 +27,7 @@ function parse_urls($text) { // By default htmlawed rewrites tags to this format. // if PHP supported conditional negative lookbehinds we could use this: // $r = preg_replace_callback('/(?"\'\!\(\),]+)/i', - $r = preg_replace_callback('/(?"\'\(\)]+)/i', + $r = preg_replace_callback('/(?"\'\(\)]+)/i', create_function( '$matches', ' diff --git a/engine/tests/regression/trac_bugs.php b/engine/tests/regression/trac_bugs.php index 4de9c306b..b791dcad3 100644 --- a/engine/tests/regression/trac_bugs.php +++ b/engine/tests/regression/trac_bugs.php @@ -288,4 +288,13 @@ class ElggCoreRegressionBugsTest extends ElggCoreUnitTest { $this->assertEqual($output, parse_urls($input)); } } + + /** + * Test #2057 -- parse_urls() + * https://github.com/Elgg/Elgg/issues/2057 + */ + public function test_archive_url() { + $input = 'google'; + $this->assertEqual($input, parse_urls($input)); + } } -- cgit v1.2.3 From 9892692deefdb06d9e7176c72fc5780ab79e3a7d Mon Sep 17 00:00:00 2001 From: Brett Profitt Date: Tue, 9 Jul 2013 12:13:17 -0400 Subject: Fixes #5706. Allowing parens in URIs if not last character. --- engine/lib/output.php | 8 ++++---- engine/tests/regression/trac_bugs.php | 3 +++ 2 files changed, 7 insertions(+), 4 deletions(-) (limited to 'engine/lib/output.php') diff --git a/engine/lib/output.php b/engine/lib/output.php index 5adc01053..6172a5c8d 100644 --- a/engine/lib/output.php +++ b/engine/lib/output.php @@ -27,16 +27,16 @@ function parse_urls($text) { // By default htmlawed rewrites tags to this format. // if PHP supported conditional negative lookbehinds we could use this: // $r = preg_replace_callback('/(?"\'\!\(\),]+)/i', - $r = preg_replace_callback('/(?"\'\(\)]+)/i', + $r = preg_replace_callback('/(?"\']+)/i', create_function( '$matches', ' $url = $matches[1]; - $punc = \'\'; + $punc = ""; $last = substr($url, -1, 1); - if (in_array($last, array(".", "!", ","))) { + if (in_array($last, array(".", "!", ",", "(", ")"))) { $punc = $last; - $url = rtrim($url, ".!,"); + $url = rtrim($url, ".!,()"); } $urltext = str_replace("/", "/", $url); return "$urltext$punc"; diff --git a/engine/tests/regression/trac_bugs.php b/engine/tests/regression/trac_bugs.php index 5730830bb..f173b5b9f 100644 --- a/engine/tests/regression/trac_bugs.php +++ b/engine/tests/regression/trac_bugs.php @@ -291,6 +291,9 @@ class ElggCoreRegressionBugsTest extends ElggCoreUnitTest { 'unquoted already anchor yahoo' => 'unquoted already anchor yahoo', + + 'parens in uri http://thedailywtf.com/Articles/A-(Long-Overdue)-BuildMaster-Introduction.aspx' => + 'parens in uri http://thedailywtf.com/Articles/A-(Long-Overdue)-BuildMaster-Introduction.aspx' ); foreach ($cases as $input => $output) { $this->assertEqual($output, parse_urls($input)); -- cgit v1.2.3 From c1ea910e3b3b0bcc27a214383c9f6355a05dd495 Mon Sep 17 00:00:00 2001 From: Paweł Sroka Date: Thu, 12 Sep 2013 05:59:18 +0200 Subject: Added function for escaping query strings and fixed several XSRF vulnerabilities. --- engine/lib/output.php | 19 +++++++++++++++++++ mod/groups/lib/groups.php | 3 ++- mod/members/pages/members/search.php | 8 ++++++-- mod/search/pages/search/index.php | 10 +--------- 4 files changed, 28 insertions(+), 12 deletions(-) (limited to 'engine/lib/output.php') diff --git a/engine/lib/output.php b/engine/lib/output.php index 6172a5c8d..de4f911fb 100644 --- a/engine/lib/output.php +++ b/engine/lib/output.php @@ -420,6 +420,25 @@ function _elgg_html_decode($string) { return $string; } +/** + * Prepares query string for output to prevent CSRF attacks. + * + * @param string $string + * @return string + * + * @access private + */ +function _elgg_get_display_query($string) { + //encode <,>,&, quotes and characters above 127 + if (function_exists('mb_convert_encoding')) { + $display_query = mb_convert_encoding($string, 'HTML-ENTITIES', 'UTF-8'); + } else { + // if no mbstring extension, we just strip characters + $display_query = preg_replace("/[^\x01-\x7F]/", "", $string); + } + return htmlspecialchars($display_query, ENT_QUOTES, 'UTF-8', false); +} + /** * Unit tests for Output * diff --git a/mod/groups/lib/groups.php b/mod/groups/lib/groups.php index 77d7c09cc..aa8766e06 100644 --- a/mod/groups/lib/groups.php +++ b/mod/groups/lib/groups.php @@ -73,7 +73,8 @@ function groups_search_page() { elgg_push_breadcrumb(elgg_echo('search')); $tag = get_input("tag"); - $title = elgg_echo('groups:search:title', array($tag)); + $display_query = _elgg_get_display_query($tag); + $title = elgg_echo('groups:search:title', array($display_query)); // groups plugin saves tags as "interests" - see groups_fields_setup() in start.php $params = array( diff --git a/mod/members/pages/members/search.php b/mod/members/pages/members/search.php index 1f0444d67..5466a8246 100644 --- a/mod/members/pages/members/search.php +++ b/mod/members/pages/members/search.php @@ -7,7 +7,9 @@ if ($vars['search_type'] == 'tag') { $tag = get_input('tag'); - $title = elgg_echo('members:title:searchtag', array($tag)); + $display_query = _elgg_get_display_query($tag); + + $title = elgg_echo('members:title:searchtag', array($display_query)); $options = array(); $options['query'] = $tag; @@ -28,7 +30,9 @@ if ($vars['search_type'] == 'tag') { } else { $name = sanitize_string(get_input('name')); - $title = elgg_echo('members:title:searchname', array($name)); + $display_query = _elgg_get_display_query($name); + + $title = elgg_echo('members:title:searchname', array($display_query)); $db_prefix = elgg_get_config('dbprefix'); $params = array( diff --git a/mod/search/pages/search/index.php b/mod/search/pages/search/index.php index ede09329b..9542e0751 100644 --- a/mod/search/pages/search/index.php +++ b/mod/search/pages/search/index.php @@ -17,15 +17,7 @@ $search_type = get_input('search_type', 'all'); // XSS protection is more important that searching for HTML. $query = stripslashes(get_input('q', get_input('tag', ''))); -// @todo - create function for sanitization of strings for display in 1.8 -// encode <,>,&, quotes and characters above 127 -if (function_exists('mb_convert_encoding')) { - $display_query = mb_convert_encoding($query, 'HTML-ENTITIES', 'UTF-8'); -} else { - // if no mbstring extension, we just strip characters - $display_query = preg_replace("/[^\x01-\x7F]/", "", $query); -} -$display_query = htmlspecialchars($display_query, ENT_QUOTES, 'UTF-8', false); +$display_query = _elgg_get_display_query($query); // check that we have an actual query if (!$query) { -- cgit v1.2.3