diff options
| author | Nils Adermann <naderman@naderman.de> | 2006-12-16 20:24:34 +0000 |
|---|---|---|
| committer | Nils Adermann <naderman@naderman.de> | 2006-12-16 20:24:34 +0000 |
| commit | 1e34820cd87837b545b310022ee460803d8c5b54 (patch) | |
| tree | 8cb1026f115e8fe067d770b2bbc5fa4a42de1ce1 /phpBB/includes/message_parser.php | |
| parent | 6938688e75e703208bd1087be8f37383da8e3f15 (diff) | |
| download | forums-1e34820cd87837b545b310022ee460803d8c5b54.tar forums-1e34820cd87837b545b310022ee460803d8c5b54.tar.gz forums-1e34820cd87837b545b310022ee460803d8c5b54.tar.bz2 forums-1e34820cd87837b545b310022ee460803d8c5b54.tar.xz forums-1e34820cd87837b545b310022ee460803d8c5b54.zip | |
- Optimize acl_getf_global a bit
- a little performance improvement of the IP regular expressions
- convert post_text/subject collation to utf8_unicode_ci if a user wants to use mysql_fulltext to allow case insensitivity [Bug #6272]
- mysql_fulltext should alter all necessary columns at once to speed up the process
- validate URLs against RFC3986
- fixed some weirdness in make_clickable
I hope I didn't break any URLs with this commit, if I did then report it to the bugtracker please!
git-svn-id: file:///svn/phpbb/trunk@6774 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes/message_parser.php')
| -rw-r--r-- | phpBB/includes/message_parser.php | 30 |
1 files changed, 15 insertions, 15 deletions
diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index ebac61dd8f..a6687a94e5 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -783,6 +783,9 @@ class bbcode_firstpass extends bbcode /** * Validate url + * + * @param string $var1 optional url parameter for url bbcode: [url(=$var1)]$var2[/url] + * @param string $var2 url bbcode content: [url(=$var1)]$var2[/url] */ function validate_url($var1, $var2) { @@ -792,38 +795,35 @@ class bbcode_firstpass extends bbcode $var2 = str_replace("\r\n", "\n", str_replace('\"', '"', trim($var2))); $url = ($var1) ? $var1 : $var2; - $valid = false; if (!$url || ($var1 && !$var2)) { return ''; } - // Before we check anything, we make sure certain characters are not included - if (!preg_match('#[\t\n\r<"\']#', $url)) + $valid = false; + + $url = str_replace(' ', '%20', $url); + + // Checking urls + if (preg_match('#^' . get_preg_expression('url') . '$#i', $url) || + preg_match('#^' . get_preg_expression('www_url') . '$#i', $url) || + preg_match('#^' . preg_quote(generate_board_url(), '#') . get_preg_expression('relative_url') . '$#i', $url)) { - // Checking urls - if (preg_match('#' . preg_quote(generate_board_url(), '#') . '/([^ \t\n\r<"\']+)#i', $url) || - preg_match('#([\w]+?://.*?[^ \t\n\r<"\']*)#i', $url) || - preg_match('#(www\.[\w\-]+\.[\w\-.\~]+(?:/[^ \t\n\r<"\']*)?)#i', $url)) - { - $valid = true; - } + $valid = true; } if ($valid) { - // Do we want to transform some characters? - $url = str_replace(' ', '%20', $url); - $this->parsed_items['url']++; - if (!preg_match('#^[\w]+?://.*?#i', $url)) + // if there is no scheme, then add http schema + if (!preg_match('#^[a-z][a-z\d+\-.]*:/{2}#i', $url)) { $url = 'http://' . $url; } - // We take our test url and stick on the first bit of text we get to check if we are really at the domain. If so, lets go! + // Is this a link to somewhere inside this board? If so then remove the session id from the url if (strpos($url, generate_board_url()) !== false && strpos($url, 'sid=') !== false) { $url = preg_replace('/(&|\?)sid=[0-9a-f]{32}/', '\1', $url); |