On 09/30/2010 05:22 PM, Lukas Fleischer wrote:
This is a bit hacky patch to make links in AUR comments clickable (fixes FS#20137 [1]). Huge parts of this code are ripped from the DokuWiki plugin that is also used in Flyspray.
I didn't have any time to test it extensively so I'd suggest to do some more tests if this will be commited.
[1] https://bugs.archlinux.org/task/20137
--- web/lib/aur.inc | 45 +++++++++++++++++++++++++++++++++++++++++ web/template/pkg_comments.php | 2 +- 2 files changed, 46 insertions(+), 1 deletions(-)
diff --git a/web/lib/aur.inc b/web/lib/aur.inc index bd69c4c..b0cfdc8 100644 --- a/web/lib/aur.inc +++ b/web/lib/aur.inc @@ -494,3 +494,48 @@ function salted_hash($passwd, $salt) } return md5($salt . $passwd); } + +function parse_link($matches) +{ + $name = $url = $matches[0]; + + if(substr($url, 0, 3) == 'ftp'&& (substr($url, 0, 6) != 'ftp://')) { + $url = 'ftp://'.$url; + } + elseif (substr($url, 0, 3) == 'www') { + $url = 'http://'.$url; + } + + $url = str_replace('&','&', $url); + $url = str_replace('&', '&', $url);
What about the occurrences of "&(html-entity-code-here);" you produced the line before?
+ $url = strtr($url, array('>' => '%3E','<' => '%3C', '"' => '%22')); + + return '<a href="' . $url . '">' . $name .'</a>'; +} + +function parse_comment($comment) +{ + $schemes = array('http', 'https', 'ftp'); + $ltrs = '\w'; + $gunk = '\/\#~:.?+=&%@!\-'; + $punc = '.:?\-;,'; + $host = $ltrs . $punc; + $any = $ltrs . $gunk . $punc; + + $patterns = array(); + + foreach ($schemes as $scheme) { + $patterns[] = '(\b(?i)' . $scheme . '(?-i):\/\/[' . $any . ']+?(?=[' . $punc . ']*[^' . $any . ']))'; + } + + $patterns[] = '(\b(?i)www?(?-i)\.[' . $host . ']+?\.[' . $host . ']+?[' . $any . ']+?(?=[' . $punc . ']*[^' . $any . ']))'; + $patterns[] = '(\b(?i)ftp?(?-i)\.['. $host . ']+?\.[' . $host . ']+?[' . $any . ']+?(?=[' . $punc . ']*[^' . $any . ']))';
I am not that experienced with PHP, but this looks like the $patterns array got replaced instead of extended.
+ + $regex = '/' . implode('|', $patterns) . '/msS'; + + $comment = htmlspecialchars($comment);
Won't this render the next instruction useless if there are html-characters in a link?
+ $comment = preg_replace_callback($regex, parse_link, $comment . "\n"); + $comment = nl2br($comment); + + return $comment; +} diff --git a/web/template/pkg_comments.php b/web/template/pkg_comments.php index 02171a0..2ca9bf0 100644 --- a/web/template/pkg_comments.php +++ b/web/template/pkg_comments.php @@ -20,7 +20,7 @@ while (list($indx, $carr) = each($comments)) { ?> ?></div> <blockquote class="comment-body"> <div> -<?php echo nl2br(htmlspecialchars($carr['Comments'])) ?> +<?php echo parse_comment($carr['Comments']) ?> </div> </blockquote> <?php
Generally I would not make hostnames ("www.foo.tld") clickable. If people are not able to provide proper URL's, they have a serious problem. (there is also the technical argument that the hostname is not a good indicator for the kind of service the host provides.) Regards, PyroPeter -- freenode/pyropeter "12:50 - Ich drücke Return."