danwin1210/le-chat-php
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #75 from cypherbits/master

Browse Source 
Fix link filters, image embeds, and redirects.
This commit is contained in:
Daniel Winzen
2020-09-15 18:57:01 +02:00
committed by GitHub
parent 463d66e11e 51fb54e0aa
commit 34fce5f7ab
1 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
chat.php
View File

@ -3004,17 +3004,17 @@ function apply_filter($message, $poststatus, $nickname){
function apply_linkfilter($message){ function apply_linkfilter($message){
$filters=get_linkfilters(); $filters=get_linkfilters();
foreach($filters as $filter){ foreach($filters as $filter){
$message=preg_replace_callback("/<a href=\"([^\"]+)\" target=\"_blank\">(.*?(?=<\/a>))<\/a>/iu", $message=preg_replace_callback("/<a href=\"([^\"]+)\" target=\"_blank\" rel=\"noreferrer noopener\">(.*?(?=<\/a>))<\/a>/iu",
function ($matched) use(&$filter){ function ($matched) use(&$filter){
return "<a href=\"$matched[1]\" target=\"_blank\">".preg_replace("/$filter[match]/iu", $filter['replace'], $matched[2]).'</a>'; return "<a href=\"$matched[1]\" target=\"_blank\" rel=\"noreferrer noopener\">".preg_replace("/$filter[match]/iu", $filter['replace'], $matched[2]).'</a>';
} }
, $message); , $message);
} }
$redirect=get_setting('redirect'); $redirect=get_setting('redirect');
if(get_setting('imgembed')){ if(get_setting('imgembed')){
$message=preg_replace_callback('/\[img\]\s?<a href="([^"]+)" target="_blank">(.*?(?=<\/a>))<\/a>/iu', $message=preg_replace_callback('/\[img\]\s?<a href="([^"]+)" target="_blank" rel="noreferrer noopener">(.*?(?=<\/a>))<\/a>/iu',
function ($matched){ function ($matched){
return str_ireplace('[/img]', '', "<br><a href=\"$matched[1]\" target=\"_blank\"><img src=\"$matched[1]\"></a><br>"); return str_ireplace('[/img]', '', "<br><a href=\"$matched[1]\" target=\"_blank\" rel=\"noreferrer noopener\"><img src=\"$matched[1]\"></a><br>");
} }
, $message); , $message);
} }
@ -3022,17 +3022,17 @@ function apply_linkfilter($message){
$redirect="$_SERVER[SCRIPT_NAME]?action=redirect&amp;url="; $redirect="$_SERVER[SCRIPT_NAME]?action=redirect&amp;url=";
} }
if(get_setting('forceredirect')){ if(get_setting('forceredirect')){
$message=preg_replace_callback('/<a href="([^"]+)" target="_blank">(.*?(?=<\/a>))<\/a>/u', $message=preg_replace_callback('/<a href="([^"]+)" target="_blank" rel="noreferrer noopener">(.*?(?=<\/a>))<\/a>/u',
function ($matched) use($redirect){ function ($matched) use($redirect){
return "<a href=\"$redirect".rawurlencode($matched[1])."\" target=\"_blank\">$matched[2]</a>"; return "<a href=\"$redirect".rawurlencode($matched[1])."\" target=\"_blank\" rel=\"noreferrer noopener\">$matched[2]</a>";
} }
, $message); , $message);
}elseif(preg_match_all('/<a href="([^"]+)" target="_blank">(.*?(?=<\/a>))<\/a>/u', $message, $matches)){ }elseif(preg_match_all('/<a href="([^"]+)" target="_blank" rel="noreferrer noopener">(.*?(?=<\/a>))<\/a>/u', $message, $matches)){
foreach($matches[1] as $match){ foreach($matches[1] as $match){
if(!preg_match('~^http(s)?://~u', $match)){ if(!preg_match('~^http(s)?://~u', $match)){
$message=preg_replace_callback('/<a href="('.preg_quote($match, '/').')\" target=\"_blank\">(.*?(?=<\/a>))<\/a>/u', $message=preg_replace_callback('/<a href="('.preg_quote($match, '/').')\" target=\"_blank\" rel=\"noreferrer noopener\">(.*?(?=<\/a>))<\/a>/u',
function ($matched) use($redirect){ function ($matched) use($redirect){
return "<a href=\"$redirect".rawurlencode($matched[1])."\" target=\"_blank\">$matched[2]</a>"; return "<a href=\"$redirect".rawurlencode($matched[1])."\" target=\"_blank\" rel=\"noreferrer noopener\">$matched[2]</a>";
} }
, $message); , $message);
} }