more fixes
This commit is contained in:
62
app/Support/CoverUrl.php
Normal file
62
app/Support/CoverUrl.php
Normal file
@@ -0,0 +1,62 @@
|
||||
<?php
|
||||
|
||||
namespace App\Support;
|
||||
|
||||
class CoverUrl
|
||||
{
|
||||
private const DEFAULT_FILES_CDN = 'https://files.skinbase.org';
|
||||
|
||||
public static function forUser(?string $hash, ?string $ext, ?int $version = null): ?string
|
||||
{
|
||||
$coverHash = trim((string) $hash);
|
||||
$coverExt = strtolower(trim((string) $ext));
|
||||
|
||||
if ($coverHash === '' || $coverExt === '') {
|
||||
return null;
|
||||
}
|
||||
|
||||
$base = self::resolveBaseUrl();
|
||||
$p1 = substr($coverHash, 0, 2);
|
||||
$p2 = substr($coverHash, 2, 2);
|
||||
$v = $version ?? time();
|
||||
|
||||
return sprintf('%s/covers/%s/%s/%s.%s?v=%s', $base, $p1, $p2, $coverHash, $coverExt, $v);
|
||||
}
|
||||
|
||||
private static function resolveBaseUrl(): string
|
||||
{
|
||||
$configured = trim((string) config('cdn.files_url', self::DEFAULT_FILES_CDN));
|
||||
|
||||
// If a non-default CDN/files host is configured, always respect it.
|
||||
if ($configured !== '' && $configured !== self::DEFAULT_FILES_CDN) {
|
||||
return rtrim($configured, '/');
|
||||
}
|
||||
|
||||
// Local/dev fallback: derive a web path from uploads.storage_root when it lives under public/.
|
||||
$local = self::deriveLocalBaseFromStorageRoot();
|
||||
if ($local !== null) {
|
||||
return $local;
|
||||
}
|
||||
|
||||
return rtrim($configured !== '' ? $configured : self::DEFAULT_FILES_CDN, '/');
|
||||
}
|
||||
|
||||
private static function deriveLocalBaseFromStorageRoot(): ?string
|
||||
{
|
||||
$storageRoot = str_replace('\\', '/', rtrim((string) config('uploads.storage_root'), DIRECTORY_SEPARATOR));
|
||||
$publicRoot = str_replace('\\', '/', rtrim((string) public_path(), DIRECTORY_SEPARATOR));
|
||||
$appUrl = rtrim((string) config('app.url'), '/');
|
||||
|
||||
if ($storageRoot === '' || $publicRoot === '' || $appUrl === '') {
|
||||
return null;
|
||||
}
|
||||
|
||||
if (! str_starts_with(strtolower($storageRoot), strtolower($publicRoot))) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$suffix = trim((string) substr($storageRoot, strlen($publicRoot)), '/');
|
||||
|
||||
return $suffix === '' ? $appUrl : ($appUrl . '/' . $suffix);
|
||||
}
|
||||
}
|
||||
@@ -2,35 +2,12 @@
|
||||
|
||||
namespace App\Support;
|
||||
|
||||
use cPad\Plugins\Forum\Services\ForumContentRenderer;
|
||||
|
||||
class ForumPostContent
|
||||
{
|
||||
public static function render(?string $raw): string
|
||||
{
|
||||
$content = (string) ($raw ?? '');
|
||||
|
||||
if ($content === '') {
|
||||
return '';
|
||||
}
|
||||
|
||||
$allowedTags = '<p><br><strong><em><b><i><u><ul><ol><li><blockquote><code><pre><a><img>';
|
||||
$sanitized = strip_tags($content, $allowedTags);
|
||||
|
||||
$sanitized = preg_replace('/\son\w+\s*=\s*"[^"]*"/i', '', $sanitized) ?? $sanitized;
|
||||
$sanitized = preg_replace('/\son\w+\s*=\s*\'[^\']*\'/i', '', $sanitized) ?? $sanitized;
|
||||
$sanitized = preg_replace('/\s(href|src)\s*=\s*"\s*javascript:[^"]*"/i', ' $1="#"', $sanitized) ?? $sanitized;
|
||||
$sanitized = preg_replace('/\s(href|src)\s*=\s*\'\s*javascript:[^\']*\'/i', ' $1="#"', $sanitized) ?? $sanitized;
|
||||
|
||||
$linked = preg_replace_callback(
|
||||
'/(?<!["\'>])(https?:\/\/[^\s<]+)/i',
|
||||
static function (array $matches): string {
|
||||
$url = $matches[1] ?? '';
|
||||
$escapedUrl = e($url);
|
||||
|
||||
return '<a href="' . $escapedUrl . '" target="_blank" rel="noopener noreferrer" class="text-sky-300 hover:text-sky-200 underline">' . $escapedUrl . '</a>';
|
||||
},
|
||||
$sanitized,
|
||||
);
|
||||
|
||||
return (string) ($linked ?? $sanitized);
|
||||
return app(ForumContentRenderer::class)->render($raw);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -23,7 +23,7 @@ final class UsernamePolicy
|
||||
|
||||
public static function regex(): string
|
||||
{
|
||||
return (string) config('usernames.regex', '/^[a-zA-Z0-9_-]+$/');
|
||||
return (string) config('usernames.regex', '/^[a-zA-Z0-9_]{3,20}$/');
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -31,7 +31,12 @@ final class UsernamePolicy
|
||||
*/
|
||||
public static function reserved(): array
|
||||
{
|
||||
return array_values(array_unique(array_map(static fn (string $v): string => strtolower(trim($v)), (array) config('usernames.reserved', []))));
|
||||
$pool = [
|
||||
...(array) config('usernames.reserved', []),
|
||||
...(array) config('skinbase.reserved_usernames', []),
|
||||
];
|
||||
|
||||
return array_values(array_unique(array_map(static fn (string $v): string => strtolower(trim($v)), $pool)));
|
||||
}
|
||||
|
||||
public static function normalize(string $value): string
|
||||
|
||||
Reference in New Issue
Block a user