geon · May 12, 2013 11:56
diff --git a/url_linking.php b/url_linking.php
 <?php

 $content = '
 Text with newlines, possible XSS attacks and URLs.

 <script type="text/javascript">alert("this could be an XSS attack.");</script>

 The URL to my github page is https://github.com/geon.
 ';


 /*

  0 - The URL as written in the text.
 	|-------------------------------------------------|

 	     2 - The "s" in "https". 
 	     |--|
 	
 	              3 - Aything after "http://".
 	              |-------------|

 	                               4 - URL without heading "http://", but with "www.".
 	                               |------------------|

 	(http(s)?:\/\/([^\s]*[^\s\.]))|(www\.[^\s]*[^\s\.])
 	
 	The "body" of the URL is matched with "[^\s]*[^\s\.]", meaning anything until
 	whitespace, but not including trailing dots. (A URL is commonly written in the
 	end of a scentence.)
 	
 	Reconstruct the URL with "http${2}://${3}${4}".
 	The backreference to 2 means we can write out the "http" to make the
 	URLs missing it work, and still make https work.
 	Both 3 and 4 are used, since only either one will will ever match.

 */


 // Wrap the content in a p-tag.
 $content_htmlized = '<p>'.
 	// Replace double newlines with a new p-tag and single newlines with a br-tag.
 	strtr(
 		// Add link-tags to URLs.
 		preg_replace(
 			'/(http(s)?:\/\/([^\s]*[^\s\.]))|(www\.[^\s]*[^\s\.])/uis',
 			'<a target="_blank" href="http${2}://${3}${4}">${0}</a>',
 			htmlspecialchars($content)
 		),
 		array("\n\n" => "</p>\n<p>", "\n" => "<br />\n")
 	).
 '</p>';


 // The htmlized content can be printed straight out on the page.
 print($content_htmlized);
	<?php

	$content = '
	Text with newlines, possible XSS attacks and URLs.

	<script type="text/javascript">alert("this could be an XSS attack.");</script>

	The URL to my github page is https://github.com/geon.
	';


	/*

	0 - The URL as written in the text.
	\|-------------------------------------------------\|

	2 - The "s" in "https".
	\|--\|

	3 - Aything after "http://".
	\|-------------\|

	4 - URL without heading "http://", but with "www.".
	\|------------------\|

	(http(s)?:\/\/([^\s][^\s\.]))\|(www\.[^\s][^\s\.])

	The "body" of the URL is matched with "[^\s]*[^\s\.]", meaning anything until
	whitespace, but not including trailing dots. (A URL is commonly written in the
	end of a scentence.)

	Reconstruct the URL with "http${2}://${3}${4}".
	The backreference to 2 means we can write out the "http" to make the
	URLs missing it work, and still make https work.
	Both 3 and 4 are used, since only either one will will ever match.

	*/


	// Wrap the content in a p-tag.
	$content_htmlized = '<p>'.
	// Replace double newlines with a new p-tag and single newlines with a br-tag.
	strtr(
	// Add link-tags to URLs.
	preg_replace(
	'/(http(s)?:\/\/([^\s][^\s\.]))\|(www\.[^\s][^\s\.])/uis',
	'<a target="_blank" href="http${2}://${3}${4}">${0}</a>',
	htmlspecialchars($content)
	),
	array("\n\n" => "</p>\n<p>", "\n" => "<br />\n")
	).
	'</p>';


	// The htmlized content can be printed straight out on the page.
	print($content_htmlized);