Commit 5de98588 by Scott

Remove 4-byte Unicode characters from usernames/questions

Filtered due to lack of support in MySQL < 5.5.3.
parent 36f388d3
...@@ -1515,7 +1515,7 @@ ...@@ -1515,7 +1515,7 @@
{ {
require_once QA_INCLUDE_DIR.'util/string.php'; require_once QA_INCLUDE_DIR.'util/string.php';
$text=qa_post_text($fieldname); $text=qa_remove_utf8mb4(qa_post_text($fieldname));
if (qa_opt('tag_separator_comma')) if (qa_opt('tag_separator_comma'))
return array_unique(preg_split('/\s*,\s*/', trim(qa_strtolower(strtr($text, '/', ' '))), -1, PREG_SPLIT_NO_EMPTY)); return array_unique(preg_split('/\s*,\s*/', trim(qa_strtolower(strtr($text, '/', ' '))), -1, PREG_SPLIT_NO_EMPTY));
...@@ -1912,6 +1912,15 @@ ...@@ -1912,6 +1912,15 @@
return $viewer->get_html($content, $format, $options); return $viewer->get_html($content, $format, $options);
} }
/**
* Retrieve title from HTTP POST, appropriately sanitised.
*/
function qa_get_post_title($fieldname)
{
require_once QA_INCLUDE_DIR.'util/string.php';
return qa_remove_utf8mb4(qa_post_text($fieldname));
}
function qa_get_post_content($editorfield, $contentfield, &$ineditor, &$incontent, &$informat, &$intext) function qa_get_post_content($editorfield, $contentfield, &$ineditor, &$incontent, &$informat, &$intext)
/* /*
...@@ -1919,13 +1928,16 @@ ...@@ -1919,13 +1928,16 @@
Assigns the module's output to $incontent and $informat, editor's name in $ineditor, text rendering of content in $intext Assigns the module's output to $incontent and $informat, editor's name in $ineditor, text rendering of content in $intext
*/ */
{ {
$ineditor=qa_post_text($editorfield); require_once QA_INCLUDE_DIR.'util/string.php';
$ineditor=qa_post_text($editorfield);
$editor=qa_load_module('editor', $ineditor); $editor=qa_load_module('editor', $ineditor);
$readdata=$editor->read_post($contentfield); $readdata=$editor->read_post($contentfield);
$incontent=$readdata['content'];
// sanitise 4-byte Unicode
$incontent=qa_remove_utf8mb4($readdata['content']);
$informat=$readdata['format']; $informat=$readdata['format'];
$intext=qa_viewer_text($incontent, $informat); $intext=qa_remove_utf8mb4(qa_viewer_text($incontent, $informat));
} }
......
...@@ -36,9 +36,13 @@ ...@@ -36,9 +36,13 @@
*/ */
{ {
require_once QA_INCLUDE_DIR.'db/users.php'; require_once QA_INCLUDE_DIR.'db/users.php';
require_once QA_INCLUDE_DIR.'util/string.php';
$errors=array(); $errors=array();
// sanitise 4-byte Unicode
$handle = qa_remove_utf8mb4($handle);
$filtermodules=qa_load_modules_with('filter', 'filter_handle'); $filtermodules=qa_load_modules_with('filter', 'filter_handle');
foreach ($filtermodules as $filtermodule) { foreach ($filtermodules as $filtermodule) {
......
...@@ -93,7 +93,7 @@ ...@@ -93,7 +93,7 @@
$captchareason=qa_user_captcha_reason(); $captchareason=qa_user_captcha_reason();
$in['title']=qa_post_text('title'); // allow title and tags to be posted by an external form $in['title']=qa_get_post_title('title'); // allow title and tags to be posted by an external form
$in['extra']=qa_opt('extra_field_active') ? qa_post_text('extra') : null; $in['extra']=qa_opt('extra_field_active') ? qa_post_text('extra') : null;
if (qa_using_tags()) if (qa_using_tags())
$in['tags']=qa_get_tags_field_value('tags'); $in['tags']=qa_get_tags_field_value('tags');
......
...@@ -418,7 +418,7 @@ ...@@ -418,7 +418,7 @@
$in=array(); $in=array();
if ($question['editable']) { if ($question['editable']) {
$in['title']=qa_post_text('q_title'); $in['title']=qa_get_post_title('q_title');
qa_get_post_content('q_editor', 'q_content', $in['editor'], $in['content'], $in['format'], $in['text']); qa_get_post_content('q_editor', 'q_content', $in['editor'], $in['content'], $in['format'], $in['text']);
$in['extra']=qa_opt('extra_field_active') ? qa_post_text('q_extra') : null; $in['extra']=qa_opt('extra_field_active') ? qa_post_text('q_extra') : null;
} }
......
...@@ -32,7 +32,7 @@ ...@@ -32,7 +32,7 @@
if (!strlen($handle)) { if (!strlen($handle)) {
$handle = qa_get_logged_in_handle(); $handle = qa_get_logged_in_handle();
qa_redirect(isset($handle) ? 'user/'.$handle : 'users'); qa_redirect(!empty($handle) ? 'user/'.$handle : 'users');
} }
......
...@@ -534,6 +534,20 @@ ...@@ -534,6 +534,20 @@
return $string; return $string;
} }
/**
* Removes 4-byte Unicode characters (e.g. emoji) from a string due to missing support in MySQL < 5.5.3.
* @param string $string
* @return string
*/
function qa_remove_utf8mb4($string)
{
return preg_replace('%(?:
\xF0[\x90-\xBF][\x80-\xBF]{2} # planes 1-3
| [\xF1-\xF3][\x80-\xBF]{3} # planes 4-15
| \xF4[\x80-\x8F][\x80-\xBF]{2} # plane 16
)%xs', '', $string);
}
function qa_block_words_explode($wordstring) function qa_block_words_explode($wordstring)
/* /*
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment