From e5e3b478dc4bf79fe17e6af3b03619159d97f194 Mon Sep 17 00:00:00 2001
From: cypherbits <info@avanix.es>
Date: Sat, 1 Aug 2020 21:14:39 +0200
Subject: [PATCH 1/2] Fix link filters, image embeds, and redirects.
---
chat.php | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/chat.php b/chat.php
index 467fb74..facdf75 100644
--- a/chat.php
+++ b/chat.php
@@ -3004,9 +3004,9 @@ function apply_filter($message, $poststatus, $nickname){
function apply_linkfilter($message){
$filters=get_linkfilters();
foreach($filters as $filter){
- $message=preg_replace_callback("/<a href=\"([^\"]+)\" target=\"_blank\">(.*?(?=<\/a>))<\/a>/iu",
+ $message=preg_replace_callback("/<a href=\"([^\"]+)\" target=\"_blank\" rel=\"noreferrer noopener\">(.*?(?=<\/a>))<\/a>/iu",
function ($matched) use(&$filter){
- return "<a href=\"$matched[1]\" target=\"_blank\">".preg_replace("/$filter[match]/iu", $filter['replace'], $matched[2]).'</a>';
+ return "<a href=\"$matched[1]\" target=\"_blank\" rel=\"noreferrer noopener\">".preg_replace("/$filter[match]/iu", $filter['replace'], $matched[2]).'</a>';
}
, $message);
}
@@ -3014,7 +3014,7 @@ function apply_linkfilter($message){
if(get_setting('imgembed')){
$message=preg_replace_callback('/\[img\]\s?<a href="([^"]+)" target="_blank">(.*?(?=<\/a>))<\/a>/iu',
function ($matched){
- return str_ireplace('[/img]', '', "<br><a href=\"$matched[1]\" target=\"_blank\"><img src=\"$matched[1]\"></a><br>");
+ return str_ireplace('[/img]', '', "<br><a href=\"$matched[1]\" target=\"_blank\" rel=\"noreferrer noopener\"><img src=\"$matched[1]\"></a><br>");
}
, $message);
}
@@ -3022,17 +3022,17 @@ function apply_linkfilter($message){
$redirect="$_SERVER[SCRIPT_NAME]?action=redirect&url=";
}
if(get_setting('forceredirect')){
- $message=preg_replace_callback('/<a href="([^"]+)" target="_blank">(.*?(?=<\/a>))<\/a>/u',
+ $message=preg_replace_callback('/<a href="([^"]+)" target="_blank" rel="noreferrer noopener">(.*?(?=<\/a>))<\/a>/u',
function ($matched) use($redirect){
- return "<a href=\"$redirect".rawurlencode($matched[1])."\" target=\"_blank\">$matched[2]</a>";
+ return "<a href=\"$redirect".rawurlencode($matched[1])."\" target=\"_blank\" rel=\"noreferrer noopener\">$matched[2]</a>";
}
, $message);
- }elseif(preg_match_all('/<a href="([^"]+)" target="_blank">(.*?(?=<\/a>))<\/a>/u', $message, $matches)){
+ }elseif(preg_match_all('/<a href="([^"]+)" target="_blank" rel="noreferrer noopener">(.*?(?=<\/a>))<\/a>/u', $message, $matches)){
foreach($matches[1] as $match){
if(!preg_match('~^http(s)?://~u', $match)){
- $message=preg_replace_callback('/<a href="('.preg_quote($match, '/').')\" target=\"_blank\">(.*?(?=<\/a>))<\/a>/u',
+ $message=preg_replace_callback('/<a href="('.preg_quote($match, '/').')\" target=\"_blank\" rel=\"noreferrer noopener\">(.*?(?=<\/a>))<\/a>/u',
function ($matched) use($redirect){
- return "<a href=\"$redirect".rawurlencode($matched[1])."\" target=\"_blank\">$matched[2]</a>";
+ return "<a href=\"$redirect".rawurlencode($matched[1])."\" target=\"_blank\" rel=\"noreferrer noopener\">$matched[2]</a>";
}
, $message);
}
From 51fb54e0aaf6f49ab6d966140ca93015f1b4461d Mon Sep 17 00:00:00 2001
From: cypherbits <info@avanix.es>
Date: Sat, 1 Aug 2020 22:40:42 +0200
Subject: [PATCH 2/2] Oops...
---
chat.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/chat.php b/chat.php
index facdf75..2d87070 100644
--- a/chat.php
+++ b/chat.php
@@ -3012,7 +3012,7 @@ function apply_linkfilter($message){
}
$redirect=get_setting('redirect');
if(get_setting('imgembed')){
- $message=preg_replace_callback('/\[img\]\s?<a href="([^"]+)" target="_blank">(.*?(?=<\/a>))<\/a>/iu',
+ $message=preg_replace_callback('/\[img\]\s?<a href="([^"]+)" target="_blank" rel="noreferrer noopener">(.*?(?=<\/a>))<\/a>/iu',
function ($matched){
return str_ireplace('[/img]', '', "<br><a href=\"$matched[1]\" target=\"_blank\" rel=\"noreferrer noopener\"><img src=\"$matched[1]\"></a><br>");
}