Browse Source

Updating copyright date

Putting together a mobile development setup.

* Renamed websafe.php to utf8safe.php
master
Kroc Camen 6 years ago
parent
commit
0f41f6f93c
26 changed files with 64 additions and 58 deletions
  1. +1
    -1
      .htaccess
  2. +1
    -1
      HISTORY.txt
  3. +1
    -1
      INSTALL.txt
  4. +1
    -1
      LICENCE.txt
  5. +1
    -1
      README.txt
  6. +1
    -1
      config.default.php
  7. +1
    -1
      index.php
  8. +1
    -1
      lib/.gitignore
  9. +2
    -2
      lib/domtemplate/LICENCE.txt
  10. +1
    -1
      lib/domtemplate/domtemplate.php
  11. +2
    -2
      lib/functions.php
  12. +33
    -27
      lib/utf8safe.php
  13. +1
    -1
      markup.php
  14. +1
    -1
      privacy.php
  15. +5
    -5
      start.php
  16. +1
    -1
      themes/greyscale/append.html
  17. +1
    -1
      themes/greyscale/delete.html
  18. +1
    -1
      themes/greyscale/index.html
  19. +1
    -1
      themes/greyscale/lang.example.php
  20. +1
    -1
      themes/greyscale/markup.html
  21. +1
    -1
      themes/greyscale/privacy.html
  22. +1
    -1
      themes/greyscale/theme.config.default.php
  23. +1
    -1
      themes/greyscale/theme.css
  24. +1
    -1
      themes/greyscale/theme.php
  25. +1
    -1
      themes/greyscale/thread.html
  26. +1
    -1
      thread.php

+ 1
- 1
.htaccess View File

@@ -1,4 +1,4 @@
# NoNonsense Forum v26 © Copyright (CC-BY) Kroc Camen 2010-2013
# NoNonsense Forum v26 © Copyright (CC-BY) Kroc Camen 2010-2015
# licenced under Creative Commons Attribution 3.0 <creativecommons.org/licenses/by/3.0/deed.en_GB>
# you may do whatever you want to this code as long as you give credit to Kroc Camen, <camendesign.com>


+ 1
- 1
HISTORY.txt View File

@@ -9,7 +9,7 @@ v26
* Corrupted posts will now be removed entirely when deleted instead of being blanked first
(this may break some permalinks if deleting a corrupted post before the last page)
* Delete and Append buttons have new icons to look less like voting buttons!
* Moved some functions into a new "web safe" library for sanitising input / output
* Moved some functions into a new "utf-8 safe" library for sanitising input / output
- Declared UTF-8 in the content-type header to prevent UTF-7 attacks
- a `safeTrim` function to trim all kinds of whitespace outside of TAB / SPACE / CRLF
- the superglobals (`$_GET` / `$_POST` &c.) are preprocessed with `stripslashes`, `safeTrim` & UTF-8 safety

+ 1
- 1
INSTALL.txt View File

@@ -1,4 +1,4 @@
NoNonsense Forum v26 © Copyright (CC-BY) Kroc Camen 2010-2013
NoNonsense Forum v26 © Copyright (CC-BY) Kroc Camen 2010-2015
========================================================================



+ 1
- 1
LICENCE.txt View File

@@ -1,4 +1,4 @@
NoNonsense Forum v26 © Copyright (CC-BY) Kroc Camen 2010-2013
NoNonsense Forum v26 © Copyright (CC-BY) Kroc Camen 2010-2015
=============================================================
The PHP / HTML / CSS and other resources of this project are licensed
under a Creative Commons 3.0 Attribution Unported licence (unless

+ 1
- 1
README.txt View File

@@ -1,4 +1,4 @@
NoNonsense Forum v26 © Copyright (CC-BY) Kroc Camen 2010-2013
NoNonsense Forum v26 © Copyright (CC-BY) Kroc Camen 2010-2015
========================================================================
A simple forum that focuses on discussion and simplicity.
http://camendesign.com/nononsense_forum

+ 1
- 1
config.default.php View File

@@ -1,6 +1,6 @@
<?php //site configuration defaults
/* ====================================================================================================================== */
/* NoNonsense Forum v26 © Copyright (CC-BY) Kroc Camen 2010-2013
/* NoNonsense Forum v26 © Copyright (CC-BY) Kroc Camen 2010-2015
licenced under Creative Commons Attribution 3.0 <creativecommons.org/licenses/by/3.0/deed.en_GB>
you may do whatever you want to this code as long as you give credit to Kroc Camen, <camendesign.com>
*/

+ 1
- 1
index.php View File

@@ -1,6 +1,6 @@
<?php //display the index of threads in a folder
/* ====================================================================================================================== */
/* NoNonsense Forum v26 © Copyright (CC-BY) Kroc Camen 2010-2013
/* NoNonsense Forum v26 © Copyright (CC-BY) Kroc Camen 2010-2015
licenced under Creative Commons Attribution 3.0 <creativecommons.org/licenses/by/3.0/deed.en_GB>
you may do whatever you want to this code as long as you give credit to Kroc Camen, <camendesign.com>
*/

+ 1
- 1
lib/.gitignore View File

@@ -8,7 +8,7 @@

# code
!functions.php
!websafe.php
!utf8safe.php

# error messages
!error_apachever.php

+ 2
- 2
lib/domtemplate/LICENCE.txt View File

@@ -1,5 +1,5 @@
DOMTemplate © Copyright (CC-BY) Kroc Camen 2012
===============================================
DOMTemplate © Copyright (CC-BY) Kroc Camen 2012-2015
====================================================
The code and other resources of this project are licensed under a
Creative Commons 3.0 Attribution Unported licence (unless otherwise
stated), viewable here:

+ 1
- 1
lib/domtemplate/domtemplate.php View File

@@ -1,6 +1,6 @@
<?php

//DOM Templating classes v18 © copyright (cc-by) Kroc Camen 2013
//DOM Templating classes v18 © copyright (cc-by) Kroc Camen 2012-2015
//you may do whatever you want with this code as long as you give credit
//documentation at <camendesign.com/dom_templating>


+ 2
- 2
lib/functions.php View File

@@ -1,6 +1,6 @@
<?php //shared functions
/* ====================================================================================================================== */
/* NoNonsense Forum v26 © Copyright (CC-BY) Kroc Camen 2010-2013
/* NoNonsense Forum v26 © Copyright (CC-BY) Kroc Camen 2010-2015
licenced under Creative Commons Attribution 3.0 <creativecommons.org/licenses/by/3.0/deed.en_GB>
you may do whatever you want to this code as long as you give credit to Kroc Camen, <camendesign.com>
*/
@@ -181,7 +181,7 @@ function formatText (
/* preformatted text (code blocks):
-------------------------------------------------------------------------------------------------------------- */
/* example: or: (latex in partiular since it uses % as a comment marker)
/* example: or: (latex in particular since it uses % as a comment marker)
% title $ title
⋮ ⋮

lib/websafe.php → lib/utf8safe.php View File

@@ -1,23 +1,23 @@
<?php //WARNING: this is very much under construction, trust no one ¬_¬

/* making strings web safe: a library for PHP 5.2+
v1 copyright © Kroc Camen <kroc@camendesign.com> 2012, licenced under Creative Commons Attribution 3.0 licence
/* utf8safe.php : a library for PHP 5.2+
v1 copyright © Kroc Camen <kroc@camendesign.com> 2012-2015, licenced under Creative Commons Attribution 3.0 licence
you may do whatever you want with this code as long as you give credit
special thanks to Zegnat for help and support with UTF-8
*//*
who / what is the web safe library for?
who / what is the utf8safe library for?
====================================================================================================================== */
/* this set of functions applies to all developers of all skill levels, but especially those new to PHP

in an ideal world there would be a programming language that had separate String types for HTML strings and SQL strings
and plain-text strings and therefore any time the programmer joined or manipulated strings, the proper escaping would
happen behind the scenes and no matter how uneducated on safety the programmer was, the output would, without fail, be
safe -- but, since we live in 2013 and nobody has yet thought that it would be a good idea to make a programming
safe -- but, since we live in 2014 and nobody has yet thought that it would be a good idea to make a programming
language that actually understood that there was this thing out there called the World Wide Web and that it's actually
quite popular and that, if you don't escape things properly, bad things happen -- we must instead fret over every input
and output just like the days before buffer overflow protections in C/C++
the web safe library therefore provides *help* (but only where the developer is wise enough to use it) in making sure
the utf8safe library therefore provides *help* (but only where the developer is wise enough to use it) in making sure
your inputs are safe to begin with and that when you output to HTML, some nasty won't manage to flow through your code,
tucked away in a string, and land on the page intact & dangerous
*/
@@ -25,6 +25,10 @@

/* pre-emptive measures
====================================================================================================================== */
//default to UTF-8 in multi-byte functions throughout PHP
mb_internal_encoding ('UTF-8');
mb_regex_encoding ('UTF-8');
/* UTF-7 XSS protection
---------------------------------------------------------------------------------------------------------------------- */
//failure to explicitly define a character set, either by HTTP header or meta tag, can result in IE defaulting to UTF-7
@@ -70,7 +74,7 @@ function preprocess_superglobals () {
preprocess_superglobals ();


/* begin web safe functions
/* begin utf8 safe functions
====================================================================================================================== */
/* safeUTF8 : ensure any text given comes out as web-safe UTF-8
---------------------------------------------------------------------------------------------------------------------- */
@@ -78,7 +82,7 @@ function safeUTF8 (
//the source-text has to be by-reference so that when we process the superglobals the change sticks
&$text
) {
//what's given could be any imaginable encoding, normalise it into UTF-8 though it may not yet be web-safe
//what's given could be any imaginable encoding, normalise it into UTF-8 though it may not yet be web-safe.
//adapted from <php.net/mb_check_encoding#89286>, with thanks to Zegnat. this works by importing the current byte
//stream into UTF-32 which has enough scope to contain any other encoding, then downsizing in to UTF-8
$text = mb_convert_encoding (mb_convert_encoding ($text, 'UTF-32', 'UTF-8'), 'UTF-8', 'UTF-32');
@@ -126,19 +130,12 @@ function safeTrim (&$text) {
return $text = preg_replace ('/^[\pZ\p{Cc}\p{Cf}\p{Cn}\p{Cs}]+|[\pZ\p{Cc}\p{Cf}\p{Cn}\p{Cs}]+$/u', '', $text);
}

/* safeSpaces: normalise space-like characters
/* normaliseText : reduce unnecessary oddities in the text, such as converting special spaces to regular spaces
---------------------------------------------------------------------------------------------------------------------- */
//user names can be spoofed by including invisible space characters, or replacing normal spaces with space-like characters
//that appear as a space. this function removes invisible characters and replaces space-like characters with regular spaces
//(there are any other number of characters that can be spoofed, so this is by no means meant to solve all problems)
/*function safeSpaces ($text) {
//1. characters to remove
$text = preg_replace (
'', '',
$text);
//2. characters to replace with a regular space
return $text;
}*/
/* when is a space not a space? when it's the hundreds of space-like characters available in unicode! */
/*function normaliseText ($text) {
}
*/

/* safeHTML : encode a string for insertion into an HTML element
---------------------------------------------------------------------------------------------------------------------- */
@@ -157,10 +154,10 @@ function safeURL ($text) {
/* safeTransliterate : generate a safe (a-z0-9_) string, for use as filenames or URLs, from an arbitrary string
---------------------------------------------------------------------------------------------------------------------- */
function safeTransliterate ($text) {
//if available, this function uses PHP5.4's transliterater, which is capable of converting arabic, hebrew, greek,
//chinese, japanese and more into ASCII! however, we use our manual (and crude) fallback *first* instead because
//we will take the liberty of transliterating some things into more readable ASCII-friendly forms,
//e.g. "100℃" > "100degc" instead of "100oc"
/* if available, this function uses PHP5.4's transliterater, which is capable of converting Arabic, Hebrew, Greek,
Chinese, Japanese and more into ASCII! however, we use our manual (and crude) fallback *first* instead because
we will take the liberty of transliterating some things into more readable ASCII-friendly forms,
e.g. "100℃" > "100degc" instead of "100oc" */
/* manual transliteration list:
-------------------------------------------------------------------------------------------------------------- */
@@ -218,10 +215,19 @@ function safeTransliterate ($text) {
array ('/[^_a-z0-9-]/i', '/-{2,}/', '/^-|-$/'),
array ('-', '-', '' ),
//attempt transliteration with PHP5.4's transliteration engine (best):
//(this method can handle near anything, including converting chinese and arabic letters to ASCII.
// requires the 'intl' extension to be enabled)
function_exists ('transliterator_transliterate') ? transliterator_transliterate (
/* attempt transliteration with PHP5.4's transliteration engine (best):
(this method can handle near anything, including converting Chinese and Arabic letters to ASCII.
requires the 'intl' extension to be enabled) */
//check if the transliterator is present (PHP 5.4+)
function_exists ('transliterator_transliterate')
/* even though the server might be on PHP5.4+ the server might not have the transliteration libraries
installed (happens on free / shared hosts). check to see if the transliteration we want is even
possible and */
&& count (array_intersect (
array ('Any-NFKD', 'Any-Latin', 'Latin-ASCII', 'Any-Remove', 'Any-Lower'),
transliterator_list_ids ()
)) === 5 ? transliterator_transliterate (
//split unicode accents and symbols, e.g. "Å" > "A°":
'NFKD; '.
//convert everything to the Latin charset e.g. "ま" > "ma":

+ 1
- 1
markup.php View File

@@ -1,6 +1,6 @@
<?php //just display the markup documentation
/* ====================================================================================================================== */
/* NoNonsense Forum v26 © Copyright (CC-BY) Kroc Camen 2010-2013
/* NoNonsense Forum v26 © Copyright (CC-BY) Kroc Camen 2010-2015
licenced under Creative Commons Attribution 3.0 <creativecommons.org/licenses/by/3.0/deed.en_GB>
you may do whatever you want to this code as long as you give credit to Kroc Camen, <camendesign.com>
*/

+ 1
- 1
privacy.php View File

@@ -1,6 +1,6 @@
<?php //just display the privacy policy
/* ====================================================================================================================== */
/* NoNonsense Forum v26 © Copyright (CC-BY) Kroc Camen 2010-2013
/* NoNonsense Forum v26 © Copyright (CC-BY) Kroc Camen 2010-2015
licenced under Creative Commons Attribution 3.0 <creativecommons.org/licenses/by/3.0/deed.en_GB>
you may do whatever you want to this code as long as you give credit to Kroc Camen, <camendesign.com>
*/

+ 5
- 5
start.php View File

@@ -1,6 +1,6 @@
<?php //bootstraps the forum
/* ====================================================================================================================== */
/* NoNonsense Forum v26 © Copyright (CC-BY) Kroc Camen 2010-2013
/* NoNonsense Forum v26 © Copyright (CC-BY) Kroc Camen 2010-2015
licenced under Creative Commons Attribution 3.0 <creativecommons.org/licenses/by/3.0/deed.en_GB>
you may do whatever you want to this code as long as you give credit to Kroc Camen, <camendesign.com>
*//*
@@ -66,10 +66,10 @@
THEME_DEL_USER the HTML message used when a user deletes their own post, in the forum's default language
THEME_DEL_MOD the HTML message used when a mod deletes a post, in the forum's default langugae
THEME_HTML_ERROR the HTML message used when a post is corrupt (malformed HTML), in the forum's default lang.
*/
*/


/* server configutation
/* server configuration
====================================================================================================================== */
//default UTF-8 throughout
mb_internal_encoding ('UTF-8');
@@ -96,9 +96,9 @@ if (function_exists ('apache_get_version')) if (!preg_match (
) require FORUM_LIB.'error_apachever.php';

//shared / library code
require_once FORUM_LIB.'websafe.php'; //import the websafe (sanitised I/O) functions
require_once FORUM_LIB.'utf8safe.php'; //import the websafe (sanitised I/O) functions
require_once FORUM_LIB.'domtemplate/domtemplate.php'; //import the templating engine
require_once FORUM_LIB.'functions.php'; //import NNF's shared functions
require_once FORUM_LIB.'functions.php'; //import NNF's shared functions

//location of NNF relative to the webroot, i.e. if NNF is in a sub-folder or not
//we URL-encode this as it’s never used for server-side paths, `FORUM_ROOT` / `FORUM_LIB` are for that

+ 1
- 1
themes/greyscale/append.html View File

@@ -1,7 +1,7 @@
<!DOCTYPE html>
<html lang="en" class="append"><head>
<meta charset="utf-8">
<!-- NoNonsense Forum v26 © Copyright (CC-BY) Kroc Camen 2010-2013
<!-- NoNonsense Forum v26 © Copyright (CC-BY) Kroc Camen 2010-2015
licensed under Creative Commons Attribution 3.0 <creativecommons.org/licenses/by/3.0/deed.en_GB>
you may do whatever you want to this code as long as you give credit to Kroc Camen, <camendesign.com> -->
<title>Append to Thread Title</title>

+ 1
- 1
themes/greyscale/delete.html View File

@@ -1,7 +1,7 @@
<!DOCTYPE html>
<html lang="en" class="delete"><head>
<meta charset="utf-8">
<!-- NoNonsense Forum v26 © Copyright (CC-BY) Kroc Camen 2010-2013
<!-- NoNonsense Forum v26 © Copyright (CC-BY) Kroc Camen 2010-2015
licensed under Creative Commons Attribution 3.0 <creativecommons.org/licenses/by/3.0/deed.en_GB>
you may do whatever you want to this code as long as you give credit to Kroc Camen, <camendesign.com> -->
<title>Delete Thread Title?</title>

+ 1
- 1
themes/greyscale/index.html View File

@@ -1,7 +1,7 @@
<!DOCTYPE html>
<html lang="en" class="index"><head>
<meta charset="utf-8">
<!-- NoNonsense Forum v26 © Copyright (CC-BY) Kroc Camen 2010-2013
<!-- NoNonsense Forum v26 © Copyright (CC-BY) Kroc Camen 2010-2015
licensed under Creative Commons Attribution 3.0 <creativecommons.org/licenses/by/3.0/deed.en_GB>
you may do whatever you want to this code as long as you give credit to Kroc Camen, <camendesign.com> -->
<title>NoNonsense Forum</title>

+ 1
- 1
themes/greyscale/lang.example.php View File

@@ -1,6 +1,6 @@
<?php //translation file
/* ====================================================================================================================== */
/* NoNonsense Forum v26 © Copyright (CC-BY) Kroc Camen 2010-2013
/* NoNonsense Forum v26 © Copyright (CC-BY) Kroc Camen 2010-2015
licenced under Creative Commons Attribution 3.0 <creativecommons.org/licenses/by/3.0/deed.en_GB>
you may do whatever you want to this code as long as you give credit to Kroc Camen, <camendesign.com>
*//*

+ 1
- 1
themes/greyscale/markup.html View File

@@ -1,7 +1,7 @@
<!DOCTYPE html>
<html lang="en" class="markup"><head>
<meta charset="utf-8">
<!-- NoNonsense Forum v26 © Copyright (CC-BY) Kroc Camen 2010-2013
<!-- NoNonsense Forum v26 © Copyright (CC-BY) Kroc Camen 2010-2015
licensed under Creative Commons Attribution 3.0 <creativecommons.org/licenses/by/3.0/deed.en_GB>
you may do whatever you want to this code as long as you give credit to Kroc Camen, <camendesign.com> -->
<title>Markup</title>

+ 1
- 1
themes/greyscale/privacy.html View File

@@ -1,7 +1,7 @@
<!DOCTYPE html>
<html lang="en" class="privacy"><head>
<meta charset="utf-8">
<!-- NoNonsense Forum v26 © Copyright (CC-BY) Kroc Camen 2010-2013
<!-- NoNonsense Forum v26 © Copyright (CC-BY) Kroc Camen 2010-2015
licensed under Creative Commons Attribution 3.0 <creativecommons.org/licenses/by/3.0/deed.en_GB>
you may do whatever you want to this code as long as you give credit to Kroc Camen, <camendesign.com> -->
<title>Privacy Policy</title>

+ 1
- 1
themes/greyscale/theme.config.default.php View File

@@ -1,6 +1,6 @@
<?php //theme configuration defaults
/* ====================================================================================================================== */
/* NoNonsense Forum v26 © Copyright (CC-BY) Kroc Camen 2010-2013
/* NoNonsense Forum v26 © Copyright (CC-BY) Kroc Camen 2010-2015
licenced under Creative Commons Attribution 3.0 <creativecommons.org/licenses/by/3.0/deed.en_GB>
you may do whatever you want to this code as long as you give credit to Kroc Camen, <camendesign.com>
*/

+ 1
- 1
themes/greyscale/theme.css View File

@@ -1,4 +1,4 @@
/* NoNonsense Forum v26 © Copyright (CC-BY) Kroc Camen 2010-2013
/* NoNonsense Forum v26 © Copyright (CC-BY) Kroc Camen 2010-2015
licenced under Creative Commons Attribution 3.0 <creativecommons.org/licenses/by/3.0/deed.en_GB>
you may do whatever you want to this code as long as you give credit to Kroc Camen, <camendesign.com> */
/* ====================================================================================================================== */

+ 1
- 1
themes/greyscale/theme.php View File

@@ -1,6 +1,6 @@
<?php //theme-specific template strings / functions
/* ====================================================================================================================== */
/* NoNonsense Forum v26 © Copyright (CC-BY) Kroc Camen 2010-2013
/* NoNonsense Forum v26 © Copyright (CC-BY) Kroc Camen 2010-2015
licenced under Creative Commons Attribution 3.0 <creativecommons.org/licenses/by/3.0/deed.en_GB>
you may do whatever you want to this code as long as you give credit to Kroc Camen, <camendesign.com>
*/

+ 1
- 1
themes/greyscale/thread.html View File

@@ -1,7 +1,7 @@
<!DOCTYPE html>
<html lang="en" class="thread"><head>
<meta charset="utf-8">
<!-- NoNonsense Forum v26 © Copyright (CC-BY) Kroc Camen 2010-2013
<!-- NoNonsense Forum v26 © Copyright (CC-BY) Kroc Camen 2010-2015
licensed under Creative Commons Attribution 3.0 <creativecommons.org/licenses/by/3.0/deed.en_GB>
you may do whatever you want to this code as long as you give credit to Kroc Camen, <camendesign.com> -->
<title>Thread Title</title>

+ 1
- 1
thread.php View File

@@ -1,6 +1,6 @@
<?php //display a particular thread’s contents
/* ====================================================================================================================== */
/* NoNonsense Forum v26 © Copyright (CC-BY) Kroc Camen 2010-2013
/* NoNonsense Forum v26 © Copyright (CC-BY) Kroc Camen 2010-2015
licenced under Creative Commons Attribution 3.0 <creativecommons.org/licenses/by/3.0/deed.en_GB>
you may do whatever you want to this code as long as you give credit to Kroc Camen, <camendesign.com>
*/

Loading…
Cancel
Save