diff options
Diffstat (limited to 'lib/util.php')
-rw-r--r-- | lib/util.php | 73 |
1 files changed, 62 insertions, 11 deletions
diff --git a/lib/util.php b/lib/util.php index d159c583e..a4865c46c 100644 --- a/lib/util.php +++ b/lib/util.php @@ -119,16 +119,44 @@ function common_munge_password($password, $id) // check if a username exists and has matching password function common_check_user($nickname, $password) { - // NEVER allow blank passwords, even if they match the DB - if (mb_strlen($password) == 0) { - return false; - } + $authenticated = false; + $eventResult = Event::handle('CheckPassword', array($nickname, $password, &$authenticated)); $user = User::staticGet('nickname', $nickname); if (is_null($user) || $user === false) { - return false; + //user does not exist + if($authenticated){ + //a handler said these are valid credentials, so see if a plugin wants to auto register the user + if(Event::handle('AutoRegister', array($nickname))){ + //no handler registered the user + return false; + }else{ + $user = User::staticGet('nickname', $nickname); + if (is_null($user) || $user === false) { + common_log(LOG_WARNING, "A plugin handled the AutoRegister event, but did not actually register the user, nickname: $nickname"); + return false; + }else{ + return $user; + } + } + }else{ + //no handler indicated the credentials were valid, and we know their not valid because the user isn't in the database + return false; + } } else { - if (0 == strcmp(common_munge_password($password, $user->id), - $user->password)) { + if($eventResult && ! $authenticated){ + //no handler was authoritative + if (mb_strlen($password) == 0) { + // NEVER allow blank passwords, even if they match the DB + return false; + }else{ + if (0 == strcmp(common_munge_password($password, $user->id), + $user->password)) { + //internal checking passed + $authenticated = true; + } + } + } + if($authenticated){ return $user; } else { return false; @@ -422,7 +450,7 @@ function common_render_text($text) function common_replace_urls_callback($text, $callback, $notice_id = null) { // Start off with a regex $regex = '#'. - '(?:^|[\s\(\)\[\]\{\}\\\'\\\";]+)(?![\@\!\#])'. + '(?:^|[\s\<\>\(\)\[\]\{\}\\\'\\\";]+)(?![\@\!\#])'. '('. '(?:'. '(?:'. //Known protocols @@ -452,9 +480,9 @@ function common_replace_urls_callback($text, $callback, $notice_id = null) { ')'. '(?:'. '(?:\:\d+)?'. //:port - '(?:/[\pN\pL$\[\]\,\!\(\)\.\:\-\_\+\/\=\&\;\%\~\*\$\+\'\"@]*)?'. // /path - '(?:\?[\pN\pL\$\[\]\,\!\(\)\.\:\-\_\+\/\=\&\;\%\~\*\$\+\'\"@\/]*)?'. // ?query string - '(?:\#[\pN\pL$\[\]\,\!\(\)\.\:\-\_\+\/\=\&\;\%\~\*\$\+\'\"\@/\?\#]*)?'. // #fragment + '(?:/[\pN\pL$\,\!\(\)\.\:\-\_\+\/\=\&\;\%\~\*\$\+\'@]*)?'. // /path + '(?:\?[\pN\pL\$\,\!\(\)\.\:\-\_\+\/\=\&\;\%\~\*\$\+\'@\/]*)?'. // ?query string + '(?:\#[\pN\pL$\,\!\(\)\.\:\-\_\+\/\=\&\;\%\~\*\$\+\'\@/\?\#]*)?'. // #fragment ')(?<![\?\.\,\#\,])'. ')'. '#ixu'; @@ -480,6 +508,10 @@ function callback_helper($matches, $callback, $notice_id) { array( 'left'=>'{', 'right'=>'}' + ), + array( + 'left'=>'<', + 'right'=>'>' ) ); $cannotEndWith=array('.','?',',','#'); @@ -1366,9 +1398,28 @@ function common_memcache() } } +function common_license_terms($uri) +{ + if(preg_match('/creativecommons.org\/licenses\/([^\/]+)/', $uri, $matches)) { + return explode('-',$matches[1]); + } + return array($uri); +} + function common_compatible_license($from, $to) { + $from_terms = common_license_terms($from); + // public domain and cc-by are compatible with everything + if(count($from_terms) == 1 && ($from_terms[0] == 'publicdomain' || $from_terms[0] == 'by')) { + return true; + } + $to_terms = common_license_terms($to); + // sa is compatible across versions. IANAL + if(in_array('sa',$from_terms) || in_array('sa',$to_terms)) { + return count(array_diff($from_terms, $to_terms)) == 0; + } // XXX: better compatibility check needed here! + // Should at least normalise URIs return ($from == $to); } |