From e5e3b478dc4bf79fe17e6af3b03619159d97f194 Mon Sep 17 00:00:00 2001
From: cypherbits <info@avanix.es>
Date: Sat, 1 Aug 2020 21:14:39 +0200
Subject: [PATCH] Fix link filters, image embeds, and redirects.

---
 chat.php | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/chat.php b/chat.php
index 467fb74..facdf75 100644
--- a/chat.php
+++ b/chat.php
@@ -3004,9 +3004,9 @@ function apply_filter($message, $poststatus, $nickname){
 function apply_linkfilter($message){
 	$filters=get_linkfilters();
 	foreach($filters as $filter){
-		$message=preg_replace_callback("/<a href=\"([^\"]+)\" target=\"_blank\">(.*?(?=<\/a>))<\/a>/iu",
+		$message=preg_replace_callback("/<a href=\"([^\"]+)\" target=\"_blank\" rel=\"noreferrer noopener\">(.*?(?=<\/a>))<\/a>/iu",
 			function ($matched) use(&$filter){
-				return "<a href=\"$matched[1]\" target=\"_blank\">".preg_replace("/$filter[match]/iu", $filter['replace'], $matched[2]).'</a>';
+				return "<a href=\"$matched[1]\" target=\"_blank\" rel=\"noreferrer noopener\">".preg_replace("/$filter[match]/iu", $filter['replace'], $matched[2]).'</a>';
 			}
 		, $message);
 	}
@@ -3014,7 +3014,7 @@ function apply_linkfilter($message){
 	if(get_setting('imgembed')){
 		$message=preg_replace_callback('/\[img\]\s?<a href="([^"]+)" target="_blank">(.*?(?=<\/a>))<\/a>/iu',
 			function ($matched){
-				return str_ireplace('[/img]', '', "<br><a href=\"$matched[1]\" target=\"_blank\"><img src=\"$matched[1]\"></a><br>");
+				return str_ireplace('[/img]', '', "<br><a href=\"$matched[1]\" target=\"_blank\" rel=\"noreferrer noopener\"><img src=\"$matched[1]\"></a><br>");
 			}
 		, $message);
 	}
@@ -3022,17 +3022,17 @@ function apply_linkfilter($message){
 		$redirect="$_SERVER[SCRIPT_NAME]?action=redirect&amp;url=";
 	}
 	if(get_setting('forceredirect')){
-		$message=preg_replace_callback('/<a href="([^"]+)" target="_blank">(.*?(?=<\/a>))<\/a>/u',
+		$message=preg_replace_callback('/<a href="([^"]+)" target="_blank" rel="noreferrer noopener">(.*?(?=<\/a>))<\/a>/u',
 			function ($matched) use($redirect){
-				return "<a href=\"$redirect".rawurlencode($matched[1])."\" target=\"_blank\">$matched[2]</a>";
+				return "<a href=\"$redirect".rawurlencode($matched[1])."\" target=\"_blank\" rel=\"noreferrer noopener\">$matched[2]</a>";
 			}
 		, $message);
-	}elseif(preg_match_all('/<a href="([^"]+)" target="_blank">(.*?(?=<\/a>))<\/a>/u', $message, $matches)){
+	}elseif(preg_match_all('/<a href="([^"]+)" target="_blank" rel="noreferrer noopener">(.*?(?=<\/a>))<\/a>/u', $message, $matches)){
 		foreach($matches[1] as $match){
 			if(!preg_match('~^http(s)?://~u', $match)){
-				$message=preg_replace_callback('/<a href="('.preg_quote($match, '/').')\" target=\"_blank\">(.*?(?=<\/a>))<\/a>/u',
+				$message=preg_replace_callback('/<a href="('.preg_quote($match, '/').')\" target=\"_blank\" rel=\"noreferrer noopener\">(.*?(?=<\/a>))<\/a>/u',
 					function ($matched) use($redirect){
-						return "<a href=\"$redirect".rawurlencode($matched[1])."\" target=\"_blank\">$matched[2]</a>";
+						return "<a href=\"$redirect".rawurlencode($matched[1])."\" target=\"_blank\" rel=\"noreferrer noopener\">$matched[2]</a>";
 					}
 				, $message);
 			}