mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-06 08:47:45 +02:00
Code Issues Releases Wiki Activity

- Optimize acl_getf_global a bit

Browse Source 
- a little performance improvement of the IP regular expressions
- convert post_text/subject collation to utf8_unicode_ci if a user wants to use mysql_fulltext to allow case insensitivity [Bug #6272]
- mysql_fulltext should alter all necessary columns at once to speed up the process
- validate URLs against RFC3986
- fixed some weirdness in make_clickable
I hope I didn't break any URLs with this commit, if I did then report it to the bugtracker please!


git-svn-id: file:///svn/phpbb/trunk@6774 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Nils Adermann
2006-12-16 20:24:34 +00:00
parent 6938688e75
commit 1e34820cd8
7 changed files with 149 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
phpBB/includes/message_parser.php
View File

@@ -783,6 +783,9 @@ class bbcode_firstpass extends bbcode
/**
* Validate url
*
* @param string $var1 optional url parameter for url bbcode: [url(=$var1)]$var2[/url]
* @param string $var2 url bbcode content: [url(=$var1)]$var2[/url]
*/
function validate_url($var1, $var2)
{
@@ -792,38 +795,35 @@ class bbcode_firstpass extends bbcode
$var2 = str_replace("\r\n", "\n", str_replace('\"', '"', trim($var2)));
$url = ($var1) ? $var1 : $var2;
$valid = false;
if (!$url || ($var1 && !$var2))
{
return '';
}
// Before we check anything, we make sure certain characters are not included
if (!preg_match('#[\t\n\r<"\']#', $url))
$valid = false;
$url = str_replace(' ', '%20', $url);
// Checking urls
if (preg_match('#^' . get_preg_expression('url') . '$#i', $url) ||
preg_match('#^' . get_preg_expression('www_url') . '$#i', $url) ||
preg_match('#^' . preg_quote(generate_board_url(), '#') . get_preg_expression('relative_url') . '$#i', $url))
{
// Checking urls
if (preg_match('#' . preg_quote(generate_board_url(), '#') . '/([^ \t\n\r<"\']+)#i', $url) ||
preg_match('#([\w]+?://.*?[^ \t\n\r<"\']*)#i', $url) ||
preg_match('#(www\.[\w\-]+\.[\w\-.\~]+(?:/[^ \t\n\r<"\']*)?)#i', $url))
{
$valid = true;
}
$valid = true;
}
if ($valid)
{
// Do we want to transform some characters?
$url = str_replace(' ', '%20', $url);
$this->parsed_items['url']++;
if (!preg_match('#^[\w]+?://.*?#i', $url))
// if there is no scheme, then add http schema
if (!preg_match('#^[a-z][a-z\d+\-.]*:/{2}#i', $url))
{
$url = 'http://' . $url;
}
// We take our test url and stick on the first bit of text we get to check if we are really at the domain. If so, lets go!
// Is this a link to somewhere inside this board? If so then remove the session id from the url
if (strpos($url, generate_board_url()) !== false && strpos($url, 'sid=') !== false)
{
$url = preg_replace('/(&amp;|\?)sid=[0-9a-f]{32}/', '\1', $url);