danwin1210/le-chat-php
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix link filters, image embeds, and redirects.

Browse Source
This commit is contained in:
cypherbits
2020-08-01 21:14:39 +02:00
parent cc6d36e7ce
commit e5e3b478dc
1 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
chat.php
View File

@ -3004,9 +3004,9 @@ function apply_filter($message, $poststatus, $nickname){
function apply_linkfilter($message){ function apply_linkfilter($message){
$filters=get_linkfilters(); $filters=get_linkfilters();
foreach($filters as $filter){ foreach($filters as $filter){
$message=preg_replace_callback("/<a href=\"([^\"]+)\" target=\"_blank\">(.*?(?=<\/a>))<\/a>/iu", $message=preg_replace_callback("/<a href=\"([^\"]+)\" target=\"_blank\" rel=\"noreferrer noopener\">(.*?(?=<\/a>))<\/a>/iu",
function ($matched) use(&$filter){ function ($matched) use(&$filter){
return "<a href=\"$matched[1]\" target=\"_blank\">".preg_replace("/$filter[match]/iu", $filter['replace'], $matched[2]).'</a>'; return "<a href=\"$matched[1]\" target=\"_blank\" rel=\"noreferrer noopener\">".preg_replace("/$filter[match]/iu", $filter['replace'], $matched[2]).'</a>';
} }
, $message); , $message);
} }
@ -3014,7 +3014,7 @@ function apply_linkfilter($message){
if(get_setting('imgembed')){ if(get_setting('imgembed')){
$message=preg_replace_callback('/\[img\]\s?<a href="([^"]+)" target="_blank">(.*?(?=<\/a>))<\/a>/iu', $message=preg_replace_callback('/\[img\]\s?<a href="([^"]+)" target="_blank">(.*?(?=<\/a>))<\/a>/iu',
function ($matched){ function ($matched){
return str_ireplace('[/img]', '', "<br><a href=\"$matched[1]\" target=\"_blank\"><img src=\"$matched[1]\"></a><br>"); return str_ireplace('[/img]', '', "<br><a href=\"$matched[1]\" target=\"_blank\" rel=\"noreferrer noopener\"><img src=\"$matched[1]\"></a><br>");
} }
, $message); , $message);
} }
@ -3022,17 +3022,17 @@ function apply_linkfilter($message){
$redirect="$_SERVER[SCRIPT_NAME]?action=redirect&amp;url="; $redirect="$_SERVER[SCRIPT_NAME]?action=redirect&amp;url=";
} }
if(get_setting('forceredirect')){ if(get_setting('forceredirect')){
$message=preg_replace_callback('/<a href="([^"]+)" target="_blank">(.*?(?=<\/a>))<\/a>/u', $message=preg_replace_callback('/<a href="([^"]+)" target="_blank" rel="noreferrer noopener">(.*?(?=<\/a>))<\/a>/u',
function ($matched) use($redirect){ function ($matched) use($redirect){
return "<a href=\"$redirect".rawurlencode($matched[1])."\" target=\"_blank\">$matched[2]</a>"; return "<a href=\"$redirect".rawurlencode($matched[1])."\" target=\"_blank\" rel=\"noreferrer noopener\">$matched[2]</a>";
} }
, $message); , $message);
}elseif(preg_match_all('/<a href="([^"]+)" target="_blank">(.*?(?=<\/a>))<\/a>/u', $message, $matches)){ }elseif(preg_match_all('/<a href="([^"]+)" target="_blank" rel="noreferrer noopener">(.*?(?=<\/a>))<\/a>/u', $message, $matches)){
foreach($matches[1] as $match){ foreach($matches[1] as $match){
if(!preg_match('~^http(s)?://~u', $match)){ if(!preg_match('~^http(s)?://~u', $match)){
$message=preg_replace_callback('/<a href="('.preg_quote($match, '/').')\" target=\"_blank\">(.*?(?=<\/a>))<\/a>/u', $message=preg_replace_callback('/<a href="('.preg_quote($match, '/').')\" target=\"_blank\" rel=\"noreferrer noopener\">(.*?(?=<\/a>))<\/a>/u',
function ($matched) use($redirect){ function ($matched) use($redirect){
return "<a href=\"$redirect".rawurlencode($matched[1])."\" target=\"_blank\">$matched[2]</a>"; return "<a href=\"$redirect".rawurlencode($matched[1])."\" target=\"_blank\" rel=\"noreferrer noopener\">$matched[2]</a>";
} }
, $message); , $message);
} }