From 42cba538878cb695ba8b3093f72bc66ccd2fa074 Mon Sep 17 00:00:00 2001 From: Michael Foster Date: Wed, 31 Jul 2013 02:08:55 -0400 Subject: [PATCH] Allow Unicode in board URIs. --- inc/config.php | 3 +++ inc/display.php | 6 +++--- inc/functions.php | 8 ++++---- inc/mod/pages.php | 9 ++++----- install.php | 23 ++++++++++++++++++----- install.sql | 22 +++++++++++----------- mod.php | 33 +++++++++++++++++---------------- post.php | 6 +++--- 8 files changed, 63 insertions(+), 47 deletions(-) diff --git a/inc/config.php b/inc/config.php index 28a7a4db..36518028 100644 --- a/inc/config.php +++ b/inc/config.php @@ -1130,6 +1130,9 @@ // 'type' => 'scp' //); + // Regex for board URIs + $config['board_regex'] = '[0-9a-zA-Z$_\x{0080}-\x{FFFF}]{1,58}'; + // Complex regular expression to catch URLs $config['url_regex'] = '/' . '(https?|ftp):\/\/' . '(([\w\-]+\.)+[a-zA-Z]{2,6}|\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})' . '(:\d+)?' . '(\/([\w\-~.#\/?=&;:+%!*\[\]@$\'()+,|\^]+)?)?' . '/'; diff --git a/inc/display.php b/inc/display.php index a7e4826e..0992166d 100644 --- a/inc/display.php +++ b/inc/display.php @@ -235,7 +235,7 @@ function bidi_cleanup($str){ function secure_link_confirm($text, $title, $confirm_message, $href) { global $config; - return '' . $text . ''; + return '' . $text . ''; } function secure_link($href) { return $href . '/' . make_secure_link_token($href); @@ -299,7 +299,7 @@ class Post { // Fix internal links // Very complicated regex $this->body = preg_replace( - '/ ':?/', // redirect to dashboard @@ -45,7 +45,7 @@ $pages = array( '/news/(\d+)' => 'news', // view news '/news/delete/(\d+)' => 'news_delete', // delete from news - '/edit/(\w+)' => 'edit_board', // edit board details + '/edit/(\%b)' => 'edit_board', // edit board details '/new-board' => 'new_board', // create a new board '/rebuild' => 'rebuild', // rebuild static files @@ -63,15 +63,15 @@ $pages = array( // CSRF-protected moderator actions '/ban' => 'secure_POST ban', // new ban - '/(\w+)/ban(&delete)?/(\d+)' => 'secure_POST ban_post', // ban poster - '/(\w+)/move/(\d+)' => 'secure_POST move', // move thread - '/(\w+)/edit(_raw)?/(\d+)' => 'secure_POST edit_post', // edit post - '/(\w+)/delete/(\d+)' => 'secure delete', // delete post - '/(\w+)/deletefile/(\d+)' => 'secure deletefile', // delete file from post - '/(\w+)/deletebyip/(\d+)(/global)?' => 'secure deletebyip', // delete all posts by IP address - '/(\w+)/(un)?lock/(\d+)' => 'secure lock', // lock thread - '/(\w+)/(un)?sticky/(\d+)' => 'secure sticky', // sticky thread - '/(\w+)/bump(un)?lock/(\d+)' => 'secure bumplock', // "bumplock" thread + '/(\%b)/ban(&delete)?/(\d+)' => 'secure_POST ban_post', // ban poster + '/(\%b)/move/(\d+)' => 'secure_POST move', // move thread + '/(\%b)/edit(_raw)?/(\d+)' => 'secure_POST edit_post', // edit post + '/(\%b)/delete/(\d+)' => 'secure delete', // delete post + '/(\%b)/deletefile/(\d+)' => 'secure deletefile', // delete file from post + '/(\%b)/deletebyip/(\d+)(/global)?' => 'secure deletebyip', // delete all posts by IP address + '/(\%b)/(un)?lock/(\d+)' => 'secure lock', // lock thread + '/(\%b)/(un)?sticky/(\d+)' => 'secure sticky', // sticky thread + '/(\%b)/bump(un)?lock/(\d+)' => 'secure bumplock', // "bumplock" thread '/themes' => 'themes_list', // manage themes '/themes/(\w+)' => 'theme_configure', // configure/reconfigure theme @@ -86,10 +86,10 @@ $pages = array( '/debug/sql' => 'secure_POST debug_sql', // This should always be at the end: - '/(\w+)/' => 'view_board', - '/(\w+)/' . preg_quote($config['file_index'], '!') => 'view_board', - '/(\w+)/' . str_replace('%d', '(\d+)', preg_quote($config['file_page'], '!')) => 'view_board', - '/(\w+)/' . preg_quote($config['dir']['res'], '!') . + '/(\%b)/' => 'view_board', + '/(\%b)/' . preg_quote($config['file_index'], '!') => 'view_board', + '/(\%b)/' . str_replace('%d', '(\d+)', preg_quote($config['file_page'], '!')) => 'view_board', + '/(\%b)/' . preg_quote($config['dir']['res'], '!') . str_replace('%d', '(\d+)', preg_quote($config['file_page'], '!')) => 'view_thread', ); @@ -109,7 +109,8 @@ $new_pages = array(); foreach ($pages as $key => $callback) { if (is_string($callback) && preg_match('/^secure /', $callback)) $key .= '(/(?P[a-f0-9]{8}))?'; - $new_pages[@$key[0] == '!' ? $key : '!^' . $key . '(?:&[^&=]+=[^&]*)*$!'] = $callback; + $key = str_replace('\%b', $config['board_regex'], $key); + $new_pages[@$key[0] == '!' ? $key : '!^' . $key . '(?:&[^&=]+=[^&]*)*$!u'] = $callback; } $pages = $new_pages; diff --git a/post.php b/post.php index d1749fd1..85dc2d05 100644 --- a/post.php +++ b/post.php @@ -170,7 +170,7 @@ if (isset($_POST['delete'])) { error($config['error']['bot']); // Check the referrer - if (!isset($_SERVER['HTTP_REFERER']) || !preg_match($config['referer_match'], $_SERVER['HTTP_REFERER'])) + if (!isset($_SERVER['HTTP_REFERER']) || !preg_match($config['referer_match'], urldecode($_SERVER['HTTP_REFERER']))) error($config['error']['referer']); checkDNSBL(); @@ -547,9 +547,9 @@ if (isset($_POST['delete'])) { // Remove board directories before inserting them into the database. if ($post['has_file']) { $post['file_path'] = $post['file']; - $post['file'] = substr_replace($post['file'], '', 0, mb_strlen($board['dir'] . $config['dir']['img'])); + $post['file'] = mb_substr($post['file'], mb_strlen($board['dir'] . $config['dir']['img'])); if ($is_an_image && $post['thumb'] != 'spoiler') - $post['thumb'] = substr_replace($post['thumb'], '', 0, mb_strlen($board['dir'] . $config['dir']['thumb'])); + $post['thumb'] = mb_substr($post['thumb'], mb_strlen($board['dir'] . $config['dir']['thumb'])); } $post = (object)$post;