From 1ff3a936568d67ef8612a8c4eb4e20ffd8415763 Mon Sep 17 00:00:00 2001 From: "Paul S. Owen" Date: Thu, 9 Aug 2001 22:38:39 +0000 Subject: [PATCH] Allows only certain tags ... seems broken again which is annoying since I fixed it the day before yesterday git-svn-id: file:///svn/phpbb/trunk@826 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/post.php | 51 +++++++++++++++++++++++++++++++++-------- 1 file changed, 42 insertions(+), 9 deletions(-) diff --git a/phpBB/includes/post.php b/phpBB/includes/post.php index d5963bd542..57c6255653 100644 --- a/phpBB/includes/post.php +++ b/phpBB/includes/post.php @@ -28,11 +28,50 @@ // function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid = 0) { + global $board_config; + + // + // Clean up the message + // $message = trim($message); - if(!$html_on) + if($html_on) { - $message = htmlspecialchars($message); + $start = -1; + $end = 0; + + for($h = 0; $h < strlen($message); $h++) + { + $start = strpos($message, "<", $h); + + if($start > -1) + { + $end = strpos($message, ">", $start); + + if($end) + { + $length = $end - $start + 1; + $tagallowed = 0; + + for($i = 0; $i < sizeof($board_config['allow_html_tags']); $i++) + { + $match_tag = trim($board_config['allow_html_tags'][$i]); + list($match_tag_split) = explode(" ", $match_tag); + + if( preg_match("/^((\/$match_tag_split$)|($match_tag))[ \=]+/i", substr($message, $start + 1, $length - 2) . " ") ) + { + $tagallowed = 1; + } + } + + if($length && !$tagallowed) + { + $message = str_replace(substr($message, $start, $length), "", $message); + } + } + $start = -1; + } + } } if($bbcode_on) @@ -40,15 +79,9 @@ function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid $message = bbencode_first_pass($message, $bbcode_uid); } - if($smile_on) - { - // No smile() function yet, write one... - //$message = smile($message); - } - $message = addslashes($message); return($message); } -?> +?> \ No newline at end of file