Adding links to Advanced Blog

davenoise · Post by **davenoise** » Thu Jan 26, 2006 6:25 pm

I need a way to add links to advanced blog. A blog has links - and I see no way to add this with the program. Teh Aplus network is no help at all - and are confused by the question. They say there is no way to add links with the program.

THis is wholly unnacceptable.

Help here? Am I missing something?

judebert · Post by **judebert** » Thu Jan 26, 2006 9:28 pm

Links like URLs? If you're not using the WYSIWYG editor, you can make URL links just like in HTML: <a href="wherever">link text</a>.

If you want links to your articles, you can either use the Serendipity direct URL -- serendipity_dir/index.php?url=id-article.html -- or a permalink, or a pattern link, like serendipity_dir/id_anything.html.

You can even create links to your articles using Serendipity markup if you install the " Markup: Include entry data/templates/blocks" plugin.

Matthias · Post by **Matthias** » Sun Mar 05, 2006 12:07 am

Ich habe nun eine ganze Weile das Forum durchsucht, aber nichts weiter gefunden.

Gibt es eine Möglichkeit, dass Links, die in Kommentare (ohne BBCODE) eingegeben werden, automatisch umgewandelt werden und dann klickbar sind, also zB automatische [url][/url] angefügt wird?

Is there any way automatically convert links in comments from www.test.de to [url]www.test.de[/url] so that visitors don´t habe to put url-Tags manually?
As it this forum (and other Blogs) do?

Post by **garvinhicking** » Sun Mar 05, 2006 8:46 pm

No, we don't have that yet because automatic link conversion can introduce any sort of problems with destroying HTML markup. The regEx to use can be pretty hard to find.

If you know a good regex code to replace links to HTML links I can build you a markup plugin pretty easily...

Regards,
Garvin

Matthias · Post by **Matthias** » Wed Mar 15, 2006 11:57 am

Do so mean such a code?

Code: Select all

function format_url($url) {
  if (!preg_match("/^http:\/\//i", $url)) {
    $url = "http://".$url;
  }
  if (!preg_match("/^https?\\:\\/\\/[a-z0-9\-]+\.([a-z0-9\-]+\.)?[a-z]+/i", $url)) {
    $url = "";
  }
  return $url;
}

function replace_url($text) {
  $text = " ".$text." ";
  $url_search_array = array(
    "#([^]_a-z0-9-=\"'\/])([a-z]+?)://([^, \(\)<>\n\r]+)#si",
    "#([^]_a-z0-9-=\"'\/])www\.([a-z0-9\-]+)\.([a-z0-9\-.\~]+)((?:/[^, \(\)<>\n\r]*)?)#si"
  );

  $url_replace_array = array(
    "\\1<a href=\"\\2://\\3\" target=\"_blank\">\\2://\\3</a>",
    "\\1<a href=\"http://www.\\2.\\3\\4\" target=\"_blank\">www.\\2.\\3\\4</a>"
  );
  $text = preg_replace($url_search_array, $url_replace_array, $text);

  if (strpos($text, "@")) {
    $text = preg_replace("#([\n ])([a-z0-9\-_.]+?)@([\w\-]+\.([\w\-\.]+\.)?[\w]+)#i", "\\1<a href=\"mailto:\\2@\\3\">\\2@\\3</a>", $text);
  }
  return trim($text);
}

Post by **garvinhicking** » Wed Mar 15, 2006 12:15 pm

Hi Matthias!

This is actually an excellent example of how many scripts are out there, and how problematic they are to implementö.

Your code allows arbitrary XSS injection, if I enter this text:

Code: Select all

echo replace_url('www.garv.in/" onclick="self.href=\'www.google.de\'');

Note that the space is not a space, but a protected space "ALT+255" which would still work in a browser.

So the problem with this heavy regexing: It often introduces security concerns...

Best regards,
Garvin