Commit 5de98588 by Scott

Remove 4-byte Unicode characters from usernames/questions

Filtered due to lack of support in MySQL < 5.5.3.
parent 36f388d3
......@@ -1515,7 +1515,7 @@
{
require_once QA_INCLUDE_DIR.'util/string.php';
$text=qa_post_text($fieldname);
$text=qa_remove_utf8mb4(qa_post_text($fieldname));
if (qa_opt('tag_separator_comma'))
return array_unique(preg_split('/\s*,\s*/', trim(qa_strtolower(strtr($text, '/', ' '))), -1, PREG_SPLIT_NO_EMPTY));
......@@ -1912,6 +1912,15 @@
return $viewer->get_html($content, $format, $options);
}
/**
* Retrieve title from HTTP POST, appropriately sanitised.
*/
function qa_get_post_title($fieldname)
{
require_once QA_INCLUDE_DIR.'util/string.php';
return qa_remove_utf8mb4(qa_post_text($fieldname));
}
function qa_get_post_content($editorfield, $contentfield, &$ineditor, &$incontent, &$informat, &$intext)
/*
......@@ -1919,13 +1928,16 @@
Assigns the module's output to $incontent and $informat, editor's name in $ineditor, text rendering of content in $intext
*/
{
$ineditor=qa_post_text($editorfield);
require_once QA_INCLUDE_DIR.'util/string.php';
$ineditor=qa_post_text($editorfield);
$editor=qa_load_module('editor', $ineditor);
$readdata=$editor->read_post($contentfield);
$incontent=$readdata['content'];
// sanitise 4-byte Unicode
$incontent=qa_remove_utf8mb4($readdata['content']);
$informat=$readdata['format'];
$intext=qa_viewer_text($incontent, $informat);
$intext=qa_remove_utf8mb4(qa_viewer_text($incontent, $informat));
}
......
......@@ -36,9 +36,13 @@
*/
{
require_once QA_INCLUDE_DIR.'db/users.php';
require_once QA_INCLUDE_DIR.'util/string.php';
$errors=array();
// sanitise 4-byte Unicode
$handle = qa_remove_utf8mb4($handle);
$filtermodules=qa_load_modules_with('filter', 'filter_handle');
foreach ($filtermodules as $filtermodule) {
......
......@@ -93,7 +93,7 @@
$captchareason=qa_user_captcha_reason();
$in['title']=qa_post_text('title'); // allow title and tags to be posted by an external form
$in['title']=qa_get_post_title('title'); // allow title and tags to be posted by an external form
$in['extra']=qa_opt('extra_field_active') ? qa_post_text('extra') : null;
if (qa_using_tags())
$in['tags']=qa_get_tags_field_value('tags');
......
......@@ -418,7 +418,7 @@
$in=array();
if ($question['editable']) {
$in['title']=qa_post_text('q_title');
$in['title']=qa_get_post_title('q_title');
qa_get_post_content('q_editor', 'q_content', $in['editor'], $in['content'], $in['format'], $in['text']);
$in['extra']=qa_opt('extra_field_active') ? qa_post_text('q_extra') : null;
}
......
......@@ -32,7 +32,7 @@
if (!strlen($handle)) {
$handle = qa_get_logged_in_handle();
qa_redirect(isset($handle) ? 'user/'.$handle : 'users');
qa_redirect(!empty($handle) ? 'user/'.$handle : 'users');
}
......
......@@ -534,6 +534,20 @@
return $string;
}
/**
* Removes 4-byte Unicode characters (e.g. emoji) from a string due to missing support in MySQL < 5.5.3.
* @param string $string
* @return string
*/
function qa_remove_utf8mb4($string)
{
return preg_replace('%(?:
\xF0[\x90-\xBF][\x80-\xBF]{2} # planes 1-3
| [\xF1-\xF3][\x80-\xBF]{3} # planes 4-15
| \xF4[\x80-\x8F][\x80-\xBF]{2} # plane 16
)%xs', '', $string);
}
function qa_block_words_explode($wordstring)
/*
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment