danwin1210/le-chat-php
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Various minor optimizations

Browse Source
This commit is contained in:
Daniel Winzen
2020-10-15 20:45:42 +02:00
parent 919876480d
commit c3e316d412
2 changed files with 8 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
chat.php
View File

@ -305,7 +305,7 @@ function print_end(){
} }
function credit(){ function credit(){
return '<small><br><br><a target="_blank" href="https://github.com/DanWin/le-chat-php">LE CHAT-PHP - ' . VERSION . '</a></small>'; return '<small><br><br><a target="_blank" href="https://github.com/DanWin/le-chat-php" rel="noopener">LE CHAT-PHP - ' . VERSION . '</a></small>';
} }
function meta_html(){ function meta_html(){
@ -2359,7 +2359,7 @@ function approve_session(){
} }
function check_login(){ function check_login(){
global $I, $U, $db; global $I, $U;
$ga=(int) get_setting('guestaccess'); $ga=(int) get_setting('guestaccess');
if(isset($_REQUEST['session'])){ if(isset($_REQUEST['session'])){
parse_sessions(); parse_sessions();
@ -2923,7 +2923,6 @@ function validate_input(){
//ignored //ignored
return; return;
} }
$tmp=false;
$stmt=$db->prepare('SELECT s.style, 0 AS inbox FROM ' . PREFIX . 'sessions AS s LEFT JOIN ' . PREFIX . 'members AS m ON (m.nickname=s.nickname) WHERE s.nickname=? AND (s.incognito=0 OR (m.eninbox!=0 AND m.eninbox<=?));'); $stmt=$db->prepare('SELECT s.style, 0 AS inbox FROM ' . PREFIX . 'sessions AS s LEFT JOIN ' . PREFIX . 'members AS m ON (m.nickname=s.nickname) WHERE s.nickname=? AND (s.incognito=0 OR (m.eninbox!=0 AND m.eninbox<=?));');
$stmt->execute([$_REQUEST['sendto'], $U['status']]); $stmt->execute([$_REQUEST['sendto'], $U['status']]);
if(!$tmp=$stmt->fetch(PDO::FETCH_ASSOC)){ if(!$tmp=$stmt->fetch(PDO::FETCH_ASSOC)){
@ -2974,7 +2973,7 @@ function validate_input(){
$stmt->execute([$newmessage['postdate'], $id[0], $newmessage['poster'], $newmessage['recipient'], $newmessage['text']]); $stmt->execute([$newmessage['postdate'], $id[0], $newmessage['poster'], $newmessage['recipient'], $newmessage['text']]);
} }
if(isset($hash) && $id){ if(isset($hash) && $id){
if(!empty($_FILES['file']['type']) && preg_match('~^[a-z0-9/\-\.\+]*$~i', $_FILES['file']['type'])){ if(!empty($_FILES['file']['type']) && preg_match('~^[a-z0-9/\-.+]*$~i', $_FILES['file']['type'])){
$type=$_FILES['file']['type']; $type=$_FILES['file']['type'];
}else{ }else{
$type='application/octet-stream'; $type='application/octet-stream';
@ -3022,7 +3021,7 @@ function apply_linkfilter($message){
} }
$redirect=get_setting('redirect'); $redirect=get_setting('redirect');
if(get_setting('imgembed')){ if(get_setting('imgembed')){
$message=preg_replace_callback('/\[img\]\s?<a href="([^"]+)" target="_blank" rel="noreferrer noopener">(.*?(?=<\/a>))<\/a>/iu', $message=preg_replace_callback('/\[img]\s?<a href="([^"]+)" target="_blank" rel="noreferrer noopener">(.*?(?=<\/a>))<\/a>/iu',
function ($matched){ function ($matched){
return str_ireplace('[/img]', '', "<br><a href=\"$matched[1]\" target=\"_blank\" rel=\"noreferrer noopener\"><img src=\"$matched[1]\"></a><br>"); return str_ireplace('[/img]', '', "<br><a href=\"$matched[1]\" target=\"_blank\" rel=\"noreferrer noopener\"><img src=\"$matched[1]\"></a><br>");
} }
@ -3061,7 +3060,7 @@ function create_hotlinks($message){
$message=preg_replace('~([^\s<>]*:[^\s<>]*@[a-z0-9\-]+(?:\.[a-z0-9\-]+)+(?::\d+)?)(?![^<>]*>)~iu', "<<$1>>", $message); // au:th@server given $message=preg_replace('~([^\s<>]*:[^\s<>]*@[a-z0-9\-]+(?:\.[a-z0-9\-]+)+(?::\d+)?)(?![^<>]*>)~iu', "<<$1>>", $message); // au:th@server given
// 3. likely servers without any hints but not filenames like *.rar zip exe etc. // 3. likely servers without any hints but not filenames like *.rar zip exe etc.
$message=preg_replace('~((?:[a-z0-9\-]+\.)*(?:[a-z2-7]{55}d|[a-z2-7]{16})\.onion)(?![^<>]*>)~iu', "<<$1>>", $message);// *.onion $message=preg_replace('~((?:[a-z0-9\-]+\.)*(?:[a-z2-7]{55}d|[a-z2-7]{16})\.onion)(?![^<>]*>)~iu', "<<$1>>", $message);// *.onion
$message=preg_replace('~([a-z0-9\-]+(?:\.[a-z0-9\-]+)+(?:\.(?!rar|zip|exe|gz|7z|bat|doc)[a-z]{2,}))(?=[^a-z0-9\-\.]|$)(?![^<>]*>)~iu', "<<$1>>", $message);// xxx.yyy.zzz $message=preg_replace('~([a-z0-9\-]+(?:\.[a-z0-9\-]+)+(?:\.(?!rar|zip|exe|gz|7z|bat|doc)[a-z]{2,}))(?=[^a-z0-9\-.]|$)(?![^<>]*>)~iu', "<<$1>>", $message);// xxx.yyy.zzz
// Convert every <<....>> into proper links: // Convert every <<....>> into proper links:
$message=preg_replace_callback('/<<([^<>]+)>>/u', $message=preg_replace_callback('/<<([^<>]+)>>/u',
function ($matches){ function ($matches){
@ -3076,7 +3075,7 @@ function create_hotlinks($message){
} }
function apply_mention($message){ function apply_mention($message){
return preg_replace_callback('/\@([^\s]+)/iu', function ($matched){ return preg_replace_callback('/@([^\s]+)/iu', function ($matched){
global $db; global $db;
$nick=htmlspecialchars_decode($matched[1]); $nick=htmlspecialchars_decode($matched[1]);
$rest=''; $rest='';
@ -3302,7 +3301,7 @@ function send_headers(){
foreach($styles as $style) { foreach($styles as $style) {
$style_hashes .= " 'sha256-".base64_encode(hash('sha256', $style, true))."'"; $style_hashes .= " 'sha256-".base64_encode(hash('sha256', $style, true))."'";
} }
header("Content-Security-Policy: default-src 'none'; font-src 'self'; form-action 'self'; frame-src 'self'; img-src * data:; media-src * data:; style-src 'self' 'unsafe-inline'"); // $style_hashes"); //we can add computed hashes as soon as all inline css is moved to default css header("Content-Security-Policy: base-uri 'self'; default-src 'none'; font-src 'self'; form-action 'self'; frame-ancestors 'self'; frame-src 'self'; img-src * data:; media-src * data:; style-src 'self' 'unsafe-inline'"); // $style_hashes"); //we can add computed hashes as soon as all inline css is moved to default css
header('X-Content-Type-Options: nosniff'); header('X-Content-Type-Options: nosniff');
header('X-Frame-Options: sameorigin'); header('X-Frame-Options: sameorigin');
header('X-XSS-Protection: 1; mode=block'); header('X-XSS-Protection: 1; mode=block');

2
chatters_list_on_right_example.css
View File

@ -3,6 +3,6 @@ input, select, textarea, button {padding: 0.2em; border: 1px solid #ffffff; bord
#messages small {color: #989898} #messages small {color: #989898}
#messages {display: block; width: 79%} #messages {display: block; width: 79%}
.messages #topic {display: block; width: 79%} .messages #topic {display: block; width: 79%}
.messages #chatters {display: block; float:right; width: 20%; overflow-y: auto; position:fixed; right:0px; max-height:100%; bottom:2em; top:2em;} .messages #chatters {display: block; float:right; width: 20%; overflow-y: auto; position:fixed; right:0; max-height:100%; bottom:2em; top:2em;}
.messages #chatters td, #chatters tr, #chatters th {display: table-row; width: 100%!important;} .messages #chatters td, #chatters tr, #chatters th {display: table-row; width: 100%!important;}
.messages #chatters table a {display: table-row; line-height: 0;} .messages #chatters table a {display: table-row; line-height: 0;}