From f47e35e4e50b88d1f62b374180381183ff150832 Mon Sep 17 00:00:00 2001
From: Shish <shish@shishnet.org>
Date: Sat, 28 Mar 2020 14:11:14 +0000
Subject: [PATCH] make make_link more sane

---
 core/tests/urls.test.php    | 41 +++++++++++++++++++++++++++++++++++++
 core/urls.php               | 23 ++++++++-------------
 core/util.php               |  2 +-
 ext/bbcode/test.php         | 28 +++++++++++++++++++++++++
 ext/comment/main.php        |  2 +-
 ext/comment/theme.php       |  2 +-
 ext/numeric_score/theme.php |  4 ++--
 ext/pm/main.php             |  2 +-
 8 files changed, 84 insertions(+), 20 deletions(-)

diff --git a/core/tests/urls.test.php b/core/tests/urls.test.php
index 0915bdcb..74b952cc 100644
--- a/core/tests/urls.test.php
+++ b/core/tests/urls.test.php
@@ -8,15 +8,35 @@ class UrlsTest extends TestCase
 {
     public function test_make_link()
     {
+        // basic
         $this->assertEquals(
             "/test/foo",
             make_link("foo")
         );
 
+        // remove leading slash from path
         $this->assertEquals(
             "/test/foo",
             make_link("/foo")
         );
+
+        // query
+        $this->assertEquals(
+            "/test/foo?a=1&b=2",
+            make_link("foo", "a=1&b=2")
+        );
+
+        // hash
+        $this->assertEquals(
+            "/test/foo#cake",
+            make_link("foo", null, "cake")
+        );
+
+        // query + hash
+        $this->assertEquals(
+            "/test/foo?a=1&b=2#cake",
+            make_link("foo", "a=1&b=2", "cake")
+        );
     }
 
     public function test_make_http()
@@ -57,4 +77,25 @@ class UrlsTest extends TestCase
             modify_url("/foo/bar?a=1&b=2", ["a"=>null, "b"=>null])
         );
     }
+
+    public function test_referer_or()
+    {
+        unset($_SERVER['HTTP_REFERER']);
+        $this->assertEquals(
+            "foo",
+            referer_or("foo")
+        );
+
+        $_SERVER['HTTP_REFERER'] = "cake";
+        $this->assertEquals(
+            "cake",
+            referer_or("foo")
+        );
+
+        $_SERVER['HTTP_REFERER'] = "cake";
+        $this->assertEquals(
+            "foo",
+            referer_or("foo", ["cake"])
+        );
+    }
 }
diff --git a/core/urls.php b/core/urls.php
index 3f35ebf7..c095e15b 100644
--- a/core/urls.php
+++ b/core/urls.php
@@ -23,32 +23,27 @@ class Link
  *
  * eg make_link("post/list") becomes "/v2/index.php?q=post/list"
  */
-function make_link(?string $page=null, ?string $query=null): string
+function make_link(?string $page=null, ?string $query=null, ?string $fragment=null): string
 {
     global $config;
 
     if (is_null($page)) {
         $page = $config->get_string(SetupConfig::MAIN_PAGE);
     }
+    $page = trim($page, "/");
 
+    $parts = [];
     $install_dir = get_base_href();
     if (SPEED_HAX || $config->get_bool('nice_urls', false)) {
-        $base = $install_dir;
+        $parts['path'] = "$install_dir/$page";
     } else {
-        $base = "$install_dir/index.php?q=";
+        $parts['path'] = "$install_dir/index.php";
+        $query = "q=$page&$query";
     }
+    $parts['query'] = $query;  // http_build_query($query);
+    $parts['fragment'] = $fragment;  // http_build_query($hash);
 
-    if (is_null($query)) {
-        return str_replace("//", "/", $base.'/'.$page);
-    } else {
-        if (strpos($base, "?")) {
-            return $base .'/'. $page .'&'. $query;
-        } elseif (strpos($query, "#") === 0) {
-            return $base .'/'. $page . $query;
-        } else {
-            return $base .'/'. $page .'?'. $query;
-        }
-    }
+    return unparse_url($parts);
 }
 
 
diff --git a/core/util.php b/core/util.php
index 37991093..0c9ecee3 100644
--- a/core/util.php
+++ b/core/util.php
@@ -643,7 +643,7 @@ function show_ip(string $ip, string $ban_reason): string
     global $user;
     $u_reason = url_escape($ban_reason);
     $u_end = url_escape("+1 week");
-    $ban = $user->can(Permissions::BAN_IP) ? ", <a href='".make_link("ip_ban/list", "c_ip=$ip&c_reason=$u_reason&c_expires=$u_end#create")."'>Ban</a>" : "";
+    $ban = $user->can(Permissions::BAN_IP) ? ", <a href='".make_link("ip_ban/list", "c_ip=$ip&c_reason=$u_reason&c_expires=$u_end", "create")."'>Ban</a>" : "";
     $ip = $user->can(Permissions::VIEW_IP) ? $ip.$ban : "";
     return $ip;
 }
diff --git a/ext/bbcode/test.php b/ext/bbcode/test.php
index 3e4256b4..c585c37e 100644
--- a/ext/bbcode/test.php
+++ b/ext/bbcode/test.php
@@ -107,4 +107,32 @@ class BBCodeTest extends ShimmiePHPUnitTestCase
         $bb = new BBCode();
         return $bb->strip($in);
     }
+
+    public function testSiteLinks()
+    {
+        $this->assertEquals(
+            '<a class="shm-clink" data-clink-sel="" href="/test/post/view/123">&gt;&gt;123</a>',
+            $this->filter("&gt;&gt;123")
+        );
+        $this->assertEquals(
+            '<a class="shm-clink" data-clink-sel="#c456" href="/test/post/view/123#c456">&gt;&gt;123#c456</a>',
+            $this->filter("&gt;&gt;123#c456")
+        );
+        $this->assertEquals(
+            '<a class="shm-clink" data-clink-sel="" href="/test/foo/bar">foo/bar</a>',
+            $this->filter("[url]site://foo/bar[/url]")
+        );
+        $this->assertEquals(
+            '<a class="shm-clink" data-clink-sel="#c123" href="/test/foo/bar#c123">foo/bar#c123</a>',
+            $this->filter("[url]site://foo/bar#c123[/url]")
+        );
+        $this->assertEquals(
+            '<a class="shm-clink" data-clink-sel="" href="/test/foo/bar">look at my post</a>',
+            $this->filter("[url=site://foo/bar]look at my post[/url]")
+        );
+        $this->assertEquals(
+            '<a class="shm-clink" data-clink-sel="#c123" href="/test/foo/bar#c123">look at my comment</a>',
+            $this->filter("[url=site://foo/bar#c123]look at my comment[/url]")
+        );
+    }
 }
diff --git a/ext/comment/main.php b/ext/comment/main.php
index c8ac0060..916e4be3 100644
--- a/ext/comment/main.php
+++ b/ext/comment/main.php
@@ -210,7 +210,7 @@ class CommentList extends Extension
                 $cpe = new CommentPostingEvent(int_escape($_POST['image_id']), $user, $_POST['comment']);
                 send_event($cpe);
                 $page->set_mode(PageMode::REDIRECT);
-                $page->set_redirect(make_link("post/view/$i_iid#comment_on_$i_iid"));
+                $page->set_redirect(make_link("post/view/$i_iid", null, "comment_on_$i_iid"));
             } catch (CommentPostingException $ex) {
                 $this->theme->display_error(403, "Comment Blocked", $ex->getMessage());
             }
diff --git a/ext/comment/theme.php b/ext/comment/theme.php
index 9c969783..d33aa134 100644
--- a/ext/comment/theme.php
+++ b/ext/comment/theme.php
@@ -234,7 +234,7 @@ class CommentListTheme extends Themelet
             $html = "
 			<div class=\"comment $hb\">
 				$h_userlink: $h_comment
-				<a href=\"".make_link("post/view/$i_image_id#c$i_comment_id")."\">&gt;&gt;&gt;</a>
+				<a href=\"".make_link("post/view/$i_image_id", null, "c$i_comment_id")."\">&gt;&gt;&gt;</a>
 			</div>
 			";
         } else {
diff --git a/ext/numeric_score/theme.php b/ext/numeric_score/theme.php
index da9b1d9c..8cb01ce2 100644
--- a/ext/numeric_score/theme.php
+++ b/ext/numeric_score/theme.php
@@ -76,8 +76,8 @@ class NumericScoreTheme extends Themelet
             $pop_images .= $this->build_thumb_html($image)."\n";
         }
 
-        $b_dte = make_link("popular_by_".$dte[3]."?".date($dte[2], (strtotime('-1 '.$dte[3], strtotime($dte[0])))));
-        $f_dte = make_link("popular_by_".$dte[3]."?".date($dte[2], (strtotime('+1 '.$dte[3], strtotime($dte[0])))));
+        $b_dte = make_link("popular_by_".$dte[3], date($dte[2], (strtotime('-1 '.$dte[3], strtotime($dte[0])))));
+        $f_dte = make_link("popular_by_".$dte[3], date($dte[2], (strtotime('+1 '.$dte[3], strtotime($dte[0])))));
 
         $html = "\n".
             "<h3 style='text-align: center;'>\n".
diff --git a/ext/pm/main.php b/ext/pm/main.php
index 564d4a5a..74c842d5 100644
--- a/ext/pm/main.php
+++ b/ext/pm/main.php
@@ -114,7 +114,7 @@ class PrivMsg extends Extension
         if ($user->can(Permissions::READ_PM)) {
             $count = $this->count_pms($user);
             $h_count = $count > 0 ? " <span class='unread'>($count)</span>" : "";
-            $event->add_link("Private Messages$h_count", make_link("user#private-messages"));
+            $event->add_link("Private Messages$h_count", make_link("user", null, "private-messages"));
         }
     }