From 8b096e770c1ba7e44424794860d89e46013932a7 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Thu, 7 Dec 2017 11:02:10 +0900
Subject: [PATCH] =?UTF-8?q?=EC=8A=A4=ED=8C=B8=EA=B8=80=EB=8C=93=EA=B8=80?=
 =?UTF-8?q?=20=EC=9C=A0=EC=9E=85=EC=9D=84=20=EC=A4=84=EC=9D=B4=EB=A0=A4?=
 =?UTF-8?q?=EA=B3=A0=20=EB=A7=81=ED=81=AC=EC=97=90=20nofollow=20=EC=B6=94?=
 =?UTF-8?q?=EA=B0=80=ED=95=A8?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 lib/common.lib.php                   | 22 +++++++---
 plugin/htmlpurifier/extend.video.php | 66 ++++++++++++++++++++++++++++
 2 files changed, 82 insertions(+), 6 deletions(-)
 create mode 100644 plugin/htmlpurifier/extend.video.php

diff --git a/lib/common.lib.php b/lib/common.lib.php
index 5192d3b02..978050c8f 100644
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@@ -216,11 +216,12 @@ function url_auto_link($str)
     // 140326 유창화님 제안코드로 수정
     // http://sir.kr/pg_lecture/461
     // http://sir.kr/pg_lecture/463
+    $attr_nofollow = (function_exists('check_html_link_nofollow') && check_html_link_nofollow('url_auto_link')) ? ' rel="nofollow"' : '';
     $str = str_replace(array("&lt;", "&gt;", "&amp;", "&quot;", "&nbsp;", "&#039;"), array("\t_lt_\t", "\t_gt_\t", "&", "\"", "\t_nbsp_\t", "'"), $str);
     //$str = preg_replace("`(?:(?:(?:href|src)\s*=\s*(?:\"|'|)){0})((http|https|ftp|telnet|news|mms)://[^\"'\s()]+)`", "<A HREF=\"\\1\" TARGET='{$config['cf_link_target']}'>\\1</A>", $str);
-    $str = preg_replace("/([^(href=\"?'?)|(src=\"?'?)]|\(|^)((http|https|ftp|telnet|news|mms):\/\/[a-zA-Z0-9\.-]+\.[가-힣\xA1-\xFEa-zA-Z0-9\.:&#!=_\?\/~\+%@;\-\|\,\(\)]+)/i", "\\1<A HREF=\"\\2\" TARGET=\"{$config['cf_link_target']}\">\\2</A>", $str);
-    $str = preg_replace("/(^|[\"'\s(])(www\.[^\"'\s()]+)/i", "\\1<A HREF=\"http://\\2\" TARGET=\"{$config['cf_link_target']}\">\\2</A>", $str);
-    $str = preg_replace("/[0-9a-z_-]+@[a-z0-9._-]{4,}/i", "<a href=\"mailto:\\0\">\\0</a>", $str);
+    $str = preg_replace("/([^(href=\"?'?)|(src=\"?'?)]|\(|^)((http|https|ftp|telnet|news|mms):\/\/[a-zA-Z0-9\.-]+\.[가-힣\xA1-\xFEa-zA-Z0-9\.:&#!=_\?\/~\+%@;\-\|\,\(\)]+)/i", "\\1<A HREF=\"\\2\" TARGET=\"{$config['cf_link_target']}\" $attr_nofollow>\\2</A>", $str);
+    $str = preg_replace("/(^|[\"'\s(])(www\.[^\"'\s()]+)/i", "\\1<A HREF=\"http://\\2\" TARGET=\"{$config['cf_link_target']}\" $attr_nofollow>\\2</A>", $str);
+    $str = preg_replace("/[0-9a-z_-]+@[a-z0-9._-]{4,}/i", "<a href=\"mailto:\\0\" $attr_nofollow>\\0</a>", $str);
     $str = str_replace(array("\t_nbsp_\t", "\t_lt_\t", "\t_gt_\t", "'"), array("&nbsp;", "&lt;", "&gt;", "&#039;"), $str);
 
     /*
@@ -538,6 +539,9 @@ function conv_content($content, $html, $filter=true)
     return $content;
 }
 
+function check_html_link_nofollow($type=''){
+    return true;
+}
 
 // http://htmlpurifier.org/
 // Standards-Compliant HTML Filtering
@@ -561,6 +565,7 @@ function html_purifier($html)
     $safeiframe = implode('|', $domains);
 
     include_once(G5_PLUGIN_PATH.'/htmlpurifier/HTMLPurifier.standalone.php');
+    include_once(G5_PLUGIN_PATH.'/htmlpurifier/extend.video.php');
     $config = HTMLPurifier_Config::createDefault();
     // data/cache 디렉토리에 CSS, HTML, URI 디렉토리 등을 만든다.
     $config->set('Cache.SerializerPath', G5_DATA_PATH.'/cache');
@@ -568,8 +573,13 @@ function html_purifier($html)
     $config->set('HTML.SafeObject', false);
     $config->set('Output.FlashCompat', false);
     $config->set('HTML.SafeIframe', true);
+    if( (function_exists('check_html_link_nofollow') && check_html_link_nofollow('html_purifier')) ){
+        $config->set('HTML.Nofollow', true);    // rel=nofollow 으로 스팸유입을 줄임
+    }
     $config->set('URI.SafeIframeRegexp','%^(https?:)?//('.$safeiframe.')%');
     $config->set('Attr.AllowedFrameTargets', array('_blank'));
+    //유튜브, 비메오 전체화면 가능하게 하기
+    $config->set('Filter.Custom', array(new HTMLPurifier_Filter_Iframevideo()));
     $purifier = new HTMLPurifier($config);
     return $purifier->purify($html);
 }
@@ -1213,8 +1223,8 @@ function get_sideview($mb_id, $name='', $email='', $homepage='')
 
     $tmp_name = "";
     if ($mb_id) {
-        //$tmp_name = "<a href=\"".G5_BBS_URL."/profile.php?mb_id=".$mb_id."\" class=\"sv_member\" title=\"$name 자기소개\" target=\"_blank\" onclick=\"return false;\">$name</a>";
-        $tmp_name = '<a href="'.G5_BBS_URL.'/profile.php?mb_id='.$mb_id.'" class="sv_member" title="'.$name.' 자기소개" target="_blank" onclick="return false;">';
+        //$tmp_name = "<a href=\"".G5_BBS_URL."/profile.php?mb_id=".$mb_id."\" class=\"sv_member\" title=\"$name 자기소개\" rel="nofollow" target=\"_blank\" onclick=\"return false;\">$name</a>";
+        $tmp_name = '<a href="'.G5_BBS_URL.'/profile.php?mb_id='.$mb_id.'" class="sv_member" title="'.$name.' 자기소개" target="_blank" rel="nofollow" onclick="return false;">';
 
         if ($config['cf_use_member_icon']) {
             $mb_dir = substr($mb_id,0,2);
@@ -1241,7 +1251,7 @@ function get_sideview($mb_id, $name='', $email='', $homepage='')
         if(!$bo_table)
             return $name;
 
-        $tmp_name = '<a href="'.G5_BBS_URL.'/board.php?bo_table='.$bo_table.'&amp;sca='.$sca.'&amp;sfl=wr_name,1&amp;stx='.$name.'" title="'.$name.' 이름으로 검색" class="sv_guest" onclick="return false;">'.$name.'</a>';
+        $tmp_name = '<a href="'.G5_BBS_URL.'/board.php?bo_table='.$bo_table.'&amp;sca='.$sca.'&amp;sfl=wr_name,1&amp;stx='.$name.'" title="'.$name.' 이름으로 검색" class="sv_guest" rel="nofollow" onclick="return false;">'.$name.'</a>';
         $title_mb_id = '[비회원]';
     }
 
diff --git a/plugin/htmlpurifier/extend.video.php b/plugin/htmlpurifier/extend.video.php
new file mode 100644
index 000000000..df9f2367e
--- /dev/null
+++ b/plugin/htmlpurifier/extend.video.php
@@ -0,0 +1,66 @@
+<?php
+if (!defined('_GNUBOARD_')) exit; // 개별 페이지 접근 불가
+
+//https://stackoverflow.com/questions/4739284/htmlpurifier-iframe-vimeo-and-youtube-video
+/**
+ * Based on: http://sachachua.com/blog/2011/08/drupal-html-purifier-embedding-iframes-youtube/
+ * Iframe filter that does some primitive whitelisting in a somewhat recognizable and tweakable way
+ */
+
+if( !class_exists('HTMLPurifier_Filter_Iframevideo') ){
+	class HTMLPurifier_Filter_iframevideo extends HTMLPurifier_Filter
+	{
+		public $name = 'Iframevideo';
+
+		/**
+		 *
+		 * @param string $html
+		 * @param HTMLPurifier_Config $config
+		 * @param HTMLPurifier_Context $context
+		 * @return string
+		 */
+		public function preFilter($html, $config, $context)
+		{
+			$html = preg_replace('#<iframe#i', '<img class="Iframevideo"', $html);
+			$html = preg_replace('#</iframe>#i', '</img>', $html);
+			return $html;
+		}
+
+		/**
+		 *
+		 * @param string $html
+		 * @param HTMLPurifier_Config $config
+		 * @param HTMLPurifier_Context $context
+		 * @return string
+		 */
+		public function postFilter($html, $config, $context)
+		{
+			$post_regex = '#<img class="Iframevideo"([^>]+?)>#';
+			return preg_replace_callback($post_regex, array($this, 'postFilterCallback'), $html);
+		}
+
+		/**
+		 *
+		 * @param array $matches
+		 * @return string
+		 */
+		protected function postFilterCallback($matches)
+		{
+			// Domain Whitelist
+			$youTubeMatch = preg_match('#src="https?://www.youtube(-nocookie)?.com/#i', $matches[1]);
+			$vimeoMatch = preg_match('#src="http://player.vimeo.com/#i', $matches[1]);
+			if ($youTubeMatch || $vimeoMatch) {
+				$extra = ' frameborder="0"';
+				if ($youTubeMatch) {
+					$extra .= ' allowfullscreen';
+				} elseif ($vimeoMatch) {
+					$extra .= ' webkitAllowFullScreen mozallowfullscreen allowFullScreen';
+				}
+				return '<iframe ' . $matches[1] . $extra . '></iframe>';
+			} else {
+				return '';
+			}
+		}
+	}
+}
+?>
\ No newline at end of file