Allows only certain tags ... seems broken again which is annoying since I fixed it the day before yesterday

git-svn-id: file:///svn/phpbb/trunk@826 89ea8834-ac86-4346-8a33-228a782c2dd0

phpBB/includes/post.php

@@ -28,11 +28,50 @@
 //
 function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid = 0)
 {
+	global $board_config;
+
+	//
+	// Clean up the message
+	//
 	$message = trim($message);
 
-	if(!$html_on)
+	if($html_on)
 	{
-		$message = htmlspecialchars($message);
+		$start = -1;
+		$end = 0;
+
+		for($h = 0; $h < strlen($message); $h++)
+		{
+			$start = strpos($message, "<", $h);
+
+			if($start > -1)
+			{
+				$end = strpos($message, ">", $start);
+
+				if($end)
+				{
+					$length = $end - $start + 1;
+					$tagallowed = 0;
+
+					for($i = 0; $i < sizeof($board_config['allow_html_tags']); $i++)
+					{
+						$match_tag = trim($board_config['allow_html_tags'][$i]);
+						list($match_tag_split) = explode(" ", $match_tag);
+
+						if( preg_match("/^((\/$match_tag_split$)|($match_tag))[ \=]+/i", substr($message, $start + 1, $length - 2) . " ") )
+						{
+							$tagallowed = 1;
+						}
+					}
+
+					if($length && !$tagallowed) 
+					{
+						$message = str_replace(substr($message, $start, $length), "", $message);
+					}
+				}
+				$start = -1;
+			}
+		}
 	}
 
 	if($bbcode_on)
@@ -40,15 +79,9 @@ function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid
 		$message = bbencode_first_pass($message, $bbcode_uid);
 	}
 
-	if($smile_on)
-	{
-		// No smile() function yet, write one...
-		//$message = smile($message);
-	}
-
 	$message = addslashes($message);
 
 	return($message);
 }
 
-?>
+?>