2007-04-25 19:05:12 +00:00
|
|
|
<?php
|
2008-08-05 22:43:14 +00:00
|
|
|
// This file is part of BOINC.
|
|
|
|
// http://boinc.berkeley.edu
|
|
|
|
// Copyright (C) 2008 University of California
|
|
|
|
//
|
|
|
|
// BOINC is free software; you can redistribute it and/or modify it
|
|
|
|
// under the terms of the GNU Lesser General Public License
|
|
|
|
// as published by the Free Software Foundation,
|
|
|
|
// either version 3 of the License, or (at your option) any later version.
|
|
|
|
//
|
|
|
|
// BOINC is distributed in the hope that it will be useful,
|
|
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
|
|
|
// See the GNU Lesser General Public License for more details.
|
|
|
|
//
|
|
|
|
// You should have received a copy of the GNU Lesser General Public License
|
|
|
|
// along with BOINC. If not, see <http://www.gnu.org/licenses/>.
|
2007-04-21 12:10:15 +00:00
|
|
|
|
2008-06-05 20:32:21 +00:00
|
|
|
// Functions that process user-supplied text (e.g. messages)
|
|
|
|
// prior to displaying it to users.
|
|
|
|
// Goals:
|
|
|
|
// - Security (don't send evil javascript)
|
|
|
|
// - obey user preferences
|
|
|
|
// - improve formatting (e.g., convert newlines to <br> tags)
|
2007-11-20 00:55:35 +00:00
|
|
|
|
2016-12-07 03:18:34 +00:00
|
|
|
require_once('../inc/sanitize_html.inc');
|
|
|
|
|
2005-05-13 19:13:30 +00:00
|
|
|
class output_options {
|
2008-03-07 04:38:06 +00:00
|
|
|
var $bb2html; // BBCode as HTML? (on)
|
|
|
|
var $images_as_links; // Images as hyperlinks? (off)
|
|
|
|
var $link_popup; // Links in new windows? (off)
|
|
|
|
var $nl2br; // Convert newlines to <br>'s? (on)
|
|
|
|
var $htmlitems; // Convert special chars to HTML entities? (on)
|
|
|
|
var $htmlscrub; // Scrub "bad" HTML tags? (off)
|
|
|
|
var $highlight_terms;// Array of terms to be highlighted (off)
|
2007-11-20 00:55:35 +00:00
|
|
|
|
|
|
|
// Constructor - set the defaults.
|
|
|
|
|
2017-04-07 14:50:21 +00:00
|
|
|
function __construct() {
|
2008-03-07 04:38:06 +00:00
|
|
|
$this->bb2html = 1;
|
|
|
|
$this->images_as_links = 0;
|
|
|
|
$this->link_popup = 0;
|
|
|
|
$this->nl2br = 1;
|
2009-12-19 06:13:22 +00:00
|
|
|
$this->htmlitems = 1;
|
2008-03-07 04:38:06 +00:00
|
|
|
$this->htmlscrub = 0;
|
|
|
|
$this->highlight_terms = 0;
|
|
|
|
return true;
|
|
|
|
}
|
2006-06-16 23:53:56 +00:00
|
|
|
|
2007-11-20 00:55:35 +00:00
|
|
|
// Define the terms to be highlighted (for use with searches and such)
|
|
|
|
|
2008-03-07 04:38:06 +00:00
|
|
|
function setHighlightTerms($terms) {
|
|
|
|
if (is_array($terms)) {
|
|
|
|
$this->highlight_terms = $terms;
|
|
|
|
} else {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
return true;
|
|
|
|
}
|
2005-05-13 19:13:30 +00:00
|
|
|
}
|
|
|
|
|
2007-11-20 00:55:35 +00:00
|
|
|
// Do the actual transformation of the text.
|
|
|
|
// TODO: Make this part of the above class.
|
|
|
|
|
2005-05-13 19:13:30 +00:00
|
|
|
function output_transform($text, $options = NULL) {
|
2008-03-07 04:38:06 +00:00
|
|
|
// Options is a output_options object, defined above
|
|
|
|
if (!$options) {
|
|
|
|
$options = new output_options; // Defaults in the class definition
|
|
|
|
}
|
|
|
|
if ($options->htmlitems) {
|
2020-04-09 20:54:16 +00:00
|
|
|
$text = htmlspecialchars($text, ENT_COMPAT | ENT_HTML401 | ENT_SUBSTITUTE);
|
2008-03-07 04:38:06 +00:00
|
|
|
}
|
2008-10-12 17:09:38 +00:00
|
|
|
if (is_array($options->highlight_terms)) {
|
|
|
|
$text = highlight_terms($text, $options->highlight_terms);
|
|
|
|
}
|
2008-03-07 04:38:06 +00:00
|
|
|
// if ($options->htmlscrub) {
|
|
|
|
// $text = sanitize_html($text);
|
|
|
|
// }
|
|
|
|
if ($options->nl2br) {
|
|
|
|
$text = nl2br($text);
|
|
|
|
}
|
|
|
|
if ($options->bb2html) {
|
|
|
|
$text = bb2html($text);
|
|
|
|
}
|
|
|
|
if ($options->images_as_links) {
|
|
|
|
$text = image_as_link($text);
|
|
|
|
}
|
|
|
|
if ($options->link_popup) {
|
|
|
|
$text = externalize_links($text);
|
|
|
|
}
|
|
|
|
return $text;
|
2005-05-13 19:13:30 +00:00
|
|
|
}
|
|
|
|
|
2008-03-07 04:38:06 +00:00
|
|
|
function get_output_options($user) {
|
|
|
|
$options = new output_options();
|
|
|
|
if ($user) {
|
|
|
|
if ($user->prefs->images_as_links) $options->images_as_links = 1;
|
|
|
|
if ($user->prefs->link_popup) $options->link_popup = 1;
|
|
|
|
}
|
|
|
|
return $options;
|
2005-05-13 19:13:30 +00:00
|
|
|
}
|
|
|
|
|
2014-09-10 22:46:58 +00:00
|
|
|
// Converts bbcode to HTML
|
2009-12-15 17:57:36 +00:00
|
|
|
// If $export is true, don't use BOINC CSS
|
2007-11-20 00:55:35 +00:00
|
|
|
|
2014-09-10 22:46:58 +00:00
|
|
|
// handle [pre] and [code] separately because we need to remove <br />s
|
2014-08-10 17:26:10 +00:00
|
|
|
//
|
2014-09-10 22:46:58 +00:00
|
|
|
function replace_pre_code($text, $export) {
|
2014-08-10 17:26:10 +00:00
|
|
|
if ($export) {
|
2014-09-10 22:46:58 +00:00
|
|
|
$text = preg_replace_callback(
|
2014-08-10 17:26:10 +00:00
|
|
|
"@\[pre\](.*?)\[/pre\]@is",
|
|
|
|
function ($matches) {
|
2014-08-27 21:27:55 +00:00
|
|
|
$x = remove_br(substr($matches[0], 5, -6));
|
2014-09-25 01:35:07 +00:00
|
|
|
$x = htmlspecialchars($x, ENT_COMPAT, "UTF-8", false);
|
2014-09-10 22:46:58 +00:00
|
|
|
$x = str_replace("[", "[", $x);
|
2014-08-27 21:27:55 +00:00
|
|
|
return "<pre>$x</pre>";
|
2014-08-10 17:26:10 +00:00
|
|
|
},
|
|
|
|
$text
|
|
|
|
);
|
|
|
|
return preg_replace_callback(
|
2014-09-10 22:46:58 +00:00
|
|
|
"@\[code\](.*?)\[/code\]@is",
|
|
|
|
function ($matches) {
|
|
|
|
$x = remove_br(substr($matches[0], 6, -7));
|
2014-09-25 01:35:07 +00:00
|
|
|
$x = htmlspecialchars($x, ENT_COMPAT, "UTF-8", false);
|
2014-09-10 22:46:58 +00:00
|
|
|
$x = str_replace("[", "[", $x);
|
|
|
|
return "<code>$x</code>";
|
|
|
|
},
|
|
|
|
$text
|
|
|
|
);
|
|
|
|
} else {
|
|
|
|
$text = preg_replace_callback(
|
2014-08-10 17:26:10 +00:00
|
|
|
"@\[pre\](.*?)\[/pre\]@is",
|
|
|
|
function ($matches) {
|
2014-08-27 21:27:55 +00:00
|
|
|
$x = remove_br(substr($matches[0], 5, -6));
|
2014-09-25 01:35:07 +00:00
|
|
|
$x = htmlspecialchars($x, ENT_COMPAT, "UTF-8", false);
|
2014-09-10 22:46:58 +00:00
|
|
|
$x = str_replace("[", "[", $x);
|
2018-10-12 20:30:06 +00:00
|
|
|
return "<pre style=\"white-space:pre-wrap; \">$x</pre>";
|
2014-08-10 17:26:10 +00:00
|
|
|
},
|
|
|
|
$text
|
|
|
|
);
|
2014-09-10 22:46:58 +00:00
|
|
|
return preg_replace_callback(
|
|
|
|
"@\[code\](.*?)\[/code\]@is",
|
|
|
|
function ($matches) {
|
2014-09-14 08:29:08 +00:00
|
|
|
$x = remove_br(substr($matches[0], 6, -7));
|
2014-09-25 01:35:07 +00:00
|
|
|
$x = htmlspecialchars($x, ENT_COMPAT, "UTF-8", false);
|
2014-09-10 22:46:58 +00:00
|
|
|
$x = str_replace("[", "[", $x);
|
2016-11-25 09:11:04 +00:00
|
|
|
return "<pre style=\"white-space:pre-wrap; \">$x</pre>";
|
2014-09-10 22:46:58 +00:00
|
|
|
},
|
|
|
|
$text
|
|
|
|
);
|
2014-08-10 17:26:10 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2009-12-15 17:57:36 +00:00
|
|
|
function bb2html($text, $export=false) {
|
2007-05-09 19:30:46 +00:00
|
|
|
$urlregex = "(?:\"?)(?:(http\:\/\/)?)([^\[\"<\ ]+)(?:\"?)";
|
2015-09-02 18:37:37 +00:00
|
|
|
// NOTE:
|
|
|
|
// This matches https:// too; I don't understand why.
|
|
|
|
// sample results:
|
|
|
|
// Array
|
|
|
|
// (
|
|
|
|
// [0] => [img]https://a.b.c[/img]
|
|
|
|
// [1] =>
|
|
|
|
// [2] => https://a.b.c
|
|
|
|
// )
|
|
|
|
// Array
|
|
|
|
// (
|
|
|
|
// [0] => [img]http://a.b.c[/img]
|
|
|
|
// [1] => http://
|
|
|
|
// [2] => a.b.c
|
|
|
|
// )
|
|
|
|
|
2007-05-09 19:30:46 +00:00
|
|
|
$httpsregex = "(?:\"?)https\:\/\/([^\[\"<\ ]+)(?:\"?)";
|
|
|
|
// List of allowable tags
|
|
|
|
$bbtags = array (
|
|
|
|
"@\[b\](.*?)\[/b\]@is",
|
|
|
|
"@\[i\](.*?)\[/i\]@is",
|
|
|
|
"@\[u\](.*?)\[/u\]@is",
|
2014-07-13 17:35:22 +00:00
|
|
|
"@\[s\](.*?)\[/s\]@is",
|
2011-11-20 17:26:32 +00:00
|
|
|
"@\[sup\](.*?)\[/sup\]@is",
|
2009-12-18 04:32:30 +00:00
|
|
|
"@\[url=$httpsregex\](.*?)\[/url\]@is",
|
|
|
|
"@\[url\]$httpsregex\[/url\]@is",
|
|
|
|
"@\[link=$urlregex\](.*?)\[/link\]@is",
|
|
|
|
"@\[link\]$urlregex\[/link\]@is",
|
|
|
|
"@\[url=$urlregex\](.*?)\[/url\]@is",
|
|
|
|
"@\[url\]$urlregex\[/url\]@is",
|
2007-05-09 19:30:46 +00:00
|
|
|
"@\[quote=(.*?)\](.*?)\[/quote\]@is",
|
|
|
|
"@\[quote\](.*?)\[/quote\]@is",
|
2005-05-13 19:13:30 +00:00
|
|
|
"@\[list\](.*?)\[/list\]@is",
|
|
|
|
"@\[list=1\](.*?)\[/list\]@is",
|
2007-05-09 19:30:46 +00:00
|
|
|
"@\[img\]$urlregex\[/img\]@is",
|
2015-09-28 19:40:03 +00:00
|
|
|
"@\[sm_img\]$urlregex\[/sm_img\]@is",
|
2007-05-09 19:30:46 +00:00
|
|
|
"@\[color=(?:\"?)(.{3,8})(?:\"?)\](.*?)\[/color\]@is",
|
|
|
|
"@((?:<ol>|<ul>).*?)\n\*([^\n]+)\n(.*?(</ol>|</ul>))@is",
|
|
|
|
"@\[size=([1-9]|[0-2][0-9])\](.*?)\[/size\]@is",
|
|
|
|
"@\[mailto\](.*?)\[/mailto\]@is",
|
|
|
|
"@\[email\](.*?)\[/email\]@is",
|
2015-10-07 19:21:12 +00:00
|
|
|
"@\[github\](?:\#|ticket:)(\d+)\[/github\]@is",
|
|
|
|
"@\[github\]wiki:(.*?)\[/github\]@is",
|
2007-05-09 19:30:46 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
// What the above tags are turned in to
|
2009-12-15 17:57:36 +00:00
|
|
|
if ($export) {
|
|
|
|
$htmltags = array (
|
|
|
|
"<b>\\1</b>",
|
|
|
|
"<i>\\1</i>",
|
|
|
|
"<u>\\1</u>",
|
2014-07-13 17:35:22 +00:00
|
|
|
"<s>\\1</s>",
|
2011-11-20 17:26:32 +00:00
|
|
|
"<sup>\\1</sup>",
|
2009-12-15 17:57:36 +00:00
|
|
|
"<a href=\"https://\\1\" rel=\"nofollow\">\\2</a>",
|
|
|
|
"<a href=\"https://\\1\" rel=\"nofollow\">https://\\1</a>",
|
|
|
|
"<a href=\"http://\\2\" rel=\"nofollow\">\\3</a>",
|
|
|
|
"<a href=\"http://\\2\" rel=\"nofollow\">http://\\2</a>",
|
|
|
|
"<a href=\"http://\\2\" rel=\"nofollow\">\\3</a>",
|
|
|
|
"<a href=\"http://\\2\" rel=\"nofollow\">http://\\2</a>",
|
|
|
|
"<i>\\1 wrote:</i><blockquote>\\2</blockquote>",
|
|
|
|
"<blockquote>\\1</blockquote>",
|
|
|
|
"<ul>\\1</ul><p>",
|
|
|
|
"<ol>\\1</ol><p>",
|
2015-09-02 18:37:37 +00:00
|
|
|
"<img hspace=\"8\" src=\"\\1\\2\"> ",
|
2015-09-28 19:40:03 +00:00
|
|
|
"<img hspace=\"8\" width=400 src=\"\\1\\2\"> ",
|
2009-12-15 17:57:36 +00:00
|
|
|
"<font color=\"\\1\">\\2</font>",
|
|
|
|
"\\1<li>\\2\n\\3",
|
|
|
|
"<span style=\"font-size: \\1px;\">\\2</span>",
|
|
|
|
"<a href=\"mailto:\\1\">\\1</a>",
|
|
|
|
"<a href=\"mailto:\\1\">\\1</a>",
|
2015-10-07 19:21:12 +00:00
|
|
|
"<a href=\"https://github.com/BOINC/boinc/issues/\\1\">#\\1</a>",
|
|
|
|
"<a href=\"https://github.com/BOINC/boinc-dev-doc/wiki/\\1\">\\1</a>",
|
2009-12-15 17:57:36 +00:00
|
|
|
);
|
|
|
|
} else {
|
|
|
|
$htmltags = array (
|
|
|
|
"<b>\\1</b>",
|
|
|
|
"<i>\\1</i>",
|
|
|
|
"<u>\\1</u>",
|
2014-07-13 17:35:22 +00:00
|
|
|
"<s>\\1</s>",
|
2011-11-20 17:26:32 +00:00
|
|
|
"<sup>\\1</sup>",
|
2009-12-15 17:57:36 +00:00
|
|
|
"<a href=\"https://\\1\" rel=\"nofollow\">\\2</a>",
|
|
|
|
"<a href=\"https://\\1\" rel=\"nofollow\">https://\\1</a>",
|
|
|
|
"<a href=\"http://\\2\" rel=\"nofollow\">\\3</a>",
|
|
|
|
"<a href=\"http://\\2\" rel=\"nofollow\">http://\\2</a>",
|
|
|
|
"<a href=\"http://\\2\" rel=\"nofollow\">\\3</a>",
|
|
|
|
"<a href=\"http://\\2\" rel=\"nofollow\">http://\\2</a>",
|
2016-11-12 03:11:57 +00:00
|
|
|
"<em>\\1 wrote:</em><blockquote>\\2</blockquote>",
|
|
|
|
"<blockquote>\\1</blockquote>",
|
2019-08-31 21:18:06 +00:00
|
|
|
"<ul>\\1</ul><p>",
|
|
|
|
"<ol>\\1</ol><p>",
|
2016-11-20 23:38:19 +00:00
|
|
|
"<img hspace=\"8\" class=\"img-responsive\" src=\"\\1\\2\"> ",
|
2015-09-28 19:40:03 +00:00
|
|
|
"<img hspace=\"8\" width=400 src=\"\\1\\2\"> ",
|
2009-12-15 17:57:36 +00:00
|
|
|
"<font color=\"\\1\">\\2</font>",
|
|
|
|
"\\1<li>\\2\n\\3",
|
|
|
|
"<span style=\"font-size: \\1px;\">\\2</span>",
|
|
|
|
"<a href=\"mailto:\\1\">\\1</a>",
|
|
|
|
"<a href=\"mailto:\\1\">\\1</a>",
|
2015-10-07 19:21:12 +00:00
|
|
|
"<a href=\"https://github.com/BOINC/boinc/issues/\\1\">#\\1</a>",
|
|
|
|
"<a href=\"https://github.com/BOINC/boinc-dev-doc/wiki/\\1\">\\1</a>",
|
2009-12-15 17:57:36 +00:00
|
|
|
);
|
|
|
|
}
|
2007-05-09 19:30:46 +00:00
|
|
|
|
|
|
|
// Do the actual replacing - iterations for nested items
|
|
|
|
$lasttext = "";
|
|
|
|
$i = 0;
|
2010-04-29 15:36:49 +00:00
|
|
|
// $i<1000 to prevent DoS
|
|
|
|
while ($text != $lasttext && $i<1000) {
|
2007-05-09 19:30:46 +00:00
|
|
|
$lasttext = $text;
|
2014-09-10 22:46:58 +00:00
|
|
|
$text = replace_pre_code($text, $export);
|
2014-08-10 17:26:10 +00:00
|
|
|
$text = preg_replace($bbtags, $htmltags, $text);
|
2007-05-09 19:30:46 +00:00
|
|
|
$i = $i + 1;
|
|
|
|
}
|
2019-08-31 21:18:06 +00:00
|
|
|
$text = str_replace("<ul>", '<ul style="word-break:break-word;">', $text);
|
|
|
|
$text = str_replace("<ol>", '<ol style="word-break:break-word;">', $text);
|
2007-05-09 19:30:46 +00:00
|
|
|
return $text;
|
2005-05-13 19:13:30 +00:00
|
|
|
}
|
|
|
|
|
2009-05-18 03:08:33 +00:00
|
|
|
// Removes any <br> tags added by nl2br which are not wanted,
|
|
|
|
// for example inside <pre> containers
|
|
|
|
// The original \n was retained after the br when it was added
|
|
|
|
//
|
|
|
|
function remove_br($text){
|
|
|
|
return str_replace("<br />", "", $text);
|
|
|
|
}
|
|
|
|
|
2008-12-15 18:43:52 +00:00
|
|
|
// Make links open in new windows.
|
2014-08-27 21:27:55 +00:00
|
|
|
//
|
2005-09-05 11:52:20 +00:00
|
|
|
function externalize_links($text) {
|
2006-06-16 23:53:56 +00:00
|
|
|
// TODO: Convert this to PCRE
|
2014-08-27 21:27:55 +00:00
|
|
|
$i=0;
|
|
|
|
$linkpos=true;
|
|
|
|
$out = "";
|
|
|
|
while (true){
|
|
|
|
//Find a link
|
|
|
|
//
|
|
|
|
$linkpos=strpos($text, "<a ", $i);
|
2005-05-13 19:13:30 +00:00
|
|
|
if ($linkpos===false) break;
|
2014-08-27 21:27:55 +00:00
|
|
|
|
|
|
|
//Replace with target='_new'
|
|
|
|
//
|
|
|
|
$out .= substr($text, $i, $linkpos-$i)."<a target=\"_new\" ";
|
|
|
|
$i = $linkpos+3;
|
2005-05-13 19:13:30 +00:00
|
|
|
}
|
2014-08-27 21:27:55 +00:00
|
|
|
$out .= substr($text, $i);
|
2005-05-13 19:13:30 +00:00
|
|
|
return $out;
|
|
|
|
}
|
|
|
|
|
2007-11-20 00:55:35 +00:00
|
|
|
// Converts image tags to links to the images.
|
|
|
|
|
2005-05-13 19:13:30 +00:00
|
|
|
function image_as_link($text){
|
2008-03-07 04:38:06 +00:00
|
|
|
/* This function depends on sanitized HTML */
|
2005-05-13 19:13:30 +00:00
|
|
|
// Build some regex (should be a *lot* faster)
|
2009-05-25 18:49:42 +00:00
|
|
|
$pattern = '@<img([\S\s]+?)src=([^>]+?)>@si';
|
2009-05-20 18:25:36 +00:00
|
|
|
$replacement = '<a href=${2}>[Image link]</a>'; // Turns that URL into a hyperlink
|
2005-05-13 19:13:30 +00:00
|
|
|
$text = preg_replace($pattern, $replacement, $text);
|
|
|
|
return $text;
|
|
|
|
}
|
|
|
|
|
2007-11-20 00:55:35 +00:00
|
|
|
// Highlight terms in text (most likely used with searches)
|
2006-06-16 23:53:56 +00:00
|
|
|
|
|
|
|
function highlight_terms($text, $terms) {
|
|
|
|
$search = $terms;
|
|
|
|
$replace = array();
|
|
|
|
|
|
|
|
foreach ($search as $key => $value) {
|
2016-11-20 23:38:19 +00:00
|
|
|
$replace[$key] = "<span class=\"mark\">".$value."</span>";
|
2006-06-16 23:53:56 +00:00
|
|
|
}
|
|
|
|
if (substr(phpversion(), 0, 1) > 4) { // PHP 4.x doesn't support str_ireplace
|
|
|
|
return str_ireplace($search, $replace, $text);
|
|
|
|
} else {
|
|
|
|
return str_replace($search, $replace, $text);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2007-11-20 00:55:35 +00:00
|
|
|
$cvs_version_tracker[]="\$Id$"; //Generated automatically - do not edit
|
2006-06-16 23:53:56 +00:00
|
|
|
?>
|