Added support for the `steam://` protocol, unified schema processing

diff --git a/wcfsetup/install/files/js/3rdParty/redactor2/plugins/WoltLabLink.js b/wcfsetup/install/files/js/3rdParty/redactor2/plugins/WoltLabLink.js
index de68d1c3fabfe6edbf7afdabbf24894ee0baa72e..6805cbef00d8272ac3b213b8f29461686b01790e 100644 (file)
--- a/wcfsetup/install/files/js/3rdParty/redactor2/plugins/WoltLabLink.js
+++ b/wcfsetup/install/files/js/3rdParty/redactor2/plugins/WoltLabLink.js
@@ -10,8 +10,8 @@ $.Redactor.prototype.WoltLabLink = function() {
                                // WoltLab modification: prevent catastrophic backtracing
                                var pattern = '((xn--)?[\\W\\w\\D\\d]+(-(?!-[\\W\\w\\D\\d])+)*\\.)+[\\W\\w]{2,}';
                                
-                               // WoltLab modification: added `ts3server`
-                               var re1 = new RegExp('^(http|ftp|https|ts3server)://' + pattern, 'i');
+                               // WoltLab modification: added `steam` and `ts3server`
+                               var re1 = new RegExp('^(http|ftp|https|steam|ts3server)://' + pattern, 'i');
                                var re2 = new RegExp('^' + pattern, 'i');
                                var re3 = new RegExp('\.(html|php)$', 'i');
                                var re4 = new RegExp('^/', 'i');

diff --git a/wcfsetup/install/files/lib/system/html/input/filter/HTMLPurifier_URIScheme_steam.php b/wcfsetup/install/files/lib/system/html/input/filter/HTMLPurifier_URIScheme_steam.php
new file mode 100644 (file)
index 0000000..92e7043
--- /dev/null
+++ b/wcfsetup/install/files/lib/system/html/input/filter/HTMLPurifier_URIScheme_steam.php
@@ -0,0 +1,22 @@
+<?php
+// @codingStandardsIgnoreFile
+/**
+ * Steam direct join protocol
+ */
+class HTMLPurifier_URIScheme_steam extends HTMLPurifier_URIScheme
+{
+    /**
+     * @param HTMLPurifier_URI $uri
+     * @param HTMLPurifier_Config $config
+     * @param HTMLPurifier_Context $context
+     * @return bool
+     */
+    public function doValidate(&$uri, $config, $context)
+    {
+        $uri->userinfo = null;
+        
+        return true;
+    }
+}
+
+// vim: et sw=4 sts=4

diff --git a/wcfsetup/install/files/lib/system/html/input/filter/MessageHtmlInputFilter.class.php b/wcfsetup/install/files/lib/system/html/input/filter/MessageHtmlInputFilter.class.php
index 7bf4884ac2b6a6d481ce4bad58ff732fd147e4bd..3d5bdcf516864fec774c6b9daba87ab6b17eb183 100644 (file)
--- a/wcfsetup/install/files/lib/system/html/input/filter/MessageHtmlInputFilter.class.php
+++ b/wcfsetup/install/files/lib/system/html/input/filter/MessageHtmlInputFilter.class.php
@@ -42,6 +42,7 @@ class MessageHtmlInputFilter implements IHtmlInputFilter {
         */
        protected function getPurifier() {
                if (self::$purifier === null) {
+                       require_once(WCF_DIR . 'lib/system/html/input/filter/HTMLPurifier_URIScheme_steam.php');
                        require_once(WCF_DIR . 'lib/system/html/input/filter/HTMLPurifier_URIScheme_ts3server.php');
                        
                        $config = \HTMLPurifier_Config::createDefault();
@@ -54,6 +55,7 @@ class MessageHtmlInputFilter implements IHtmlInputFilter {
                        $config->set('HTML.ForbiddenAttributes', ['*@lang', '*@xml:lang']);
                        
                        $allowedSchemes = $config->get('URI.AllowedSchemes');
+                       $allowedSchemes['steam'] = true;
                        $allowedSchemes['ts3server'] = true;
                        $config->set('URI.AllowedSchemes', $allowedSchemes);
                        

diff --git a/wcfsetup/install/files/lib/system/html/metacode/converter/UrlMetacodeConverter.class.php b/wcfsetup/install/files/lib/system/html/metacode/converter/UrlMetacodeConverter.class.php
index 5742faaf51b857aae36cfade7ec07509495f30ad..029894b7f5711d9b6c253797072fedc795e6bb8c 100644 (file)
--- a/wcfsetup/install/files/lib/system/html/metacode/converter/UrlMetacodeConverter.class.php
+++ b/wcfsetup/install/files/lib/system/html/metacode/converter/UrlMetacodeConverter.class.php
@@ -12,6 +12,12 @@ use wcf\util\StringUtil;
  * @since       3.0
  */
 class UrlMetacodeConverter extends AbstractMetacodeConverter {
+       /**
+        * list of allowed schemas as defined by HTMLPurifier
+        * @var string[] 
+        */
+       public static $allowedSchemes = ['http', 'https', 'mailto', 'ftp', 'nntp', 'news', 'tel', 'steam', 'ts3server'];
+       
        /**
         * @inheritDoc
         */
@@ -24,6 +30,20 @@ class UrlMetacodeConverter extends AbstractMetacodeConverter {
                }
                
                $href = StringUtil::decodeHTML($href);
+               if (mb_strpos($href, '//') === 0) {
+                       // dynamic protocol, treat as https
+                       $href = "https:{$href}";
+               }
+               else if (preg_match('~^(?P<schema>[a-z0-9]+)://~', $href, $match)) {
+                       if (!in_array($match['schema'], self::$allowedSchemes)) {
+                               // invalid schema, replace it with `http`
+                               $href = 'http' . mb_substr($href, strlen($match['schema']));
+                       }
+               }
+               else if (mb_strpos($href, 'index.php') === false) {
+                       // unless it's a relative `index.php` link, assume it is missing the protocol
+                       $href = "http://{$href}";
+               }
                
                // check if the link is empty, use the href value instead
                $useHrefAsValue = false;