makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-29 06:38:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

$message is now processed in its unslashed form. Should not break anything...

Browse source 
git-svn-id: file:///svn/phpbb/trunk@3831 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Ludovic Arnaud 2003-04-13 23:20:26 +00:00
parent 39dd567f90
commit 25711806b3
3 changed files with 13 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
phpBB/includes/functions_posting.php
View file

@ -783,7 +783,7 @@ function submit_post($mode, $message, $subject, $username, $topic_type, $bbcode_
{ {
$post_sql = array_merge($post_sql, array( $post_sql = array_merge($post_sql, array(
'post_checksum' => $post_data['message_md5'], 'post_checksum' => $post_data['message_md5'],
'post_text' => stripslashes($message), 'post_text' => $message,
'post_encoding' => $user->lang['ENCODING'] 'post_encoding' => $user->lang['ENCODING']
)); ));
} }

11
phpBB/includes/message_parser.php
View file

@ -155,8 +155,10 @@ class parse_message
function bbcode_init() function bbcode_init()
{ {
// Always parse [code] first // Always parse [code] first
// [quote] moved to the second position
$this->bbcode_array = array( $this->bbcode_array = array(
8 => array('#\[code\](.+\[/code\])#ise' => '$this->bbcode_code("\1")'), 8 => array('#\[code\](.+\[/code\])#ise' => '$this->bbcode_code("\1")'),
0 => array('#\[quote(=".*?")?\](.+?)\[/quote\]#ise' => '"[quote:$this->bbcode_uid" . $this->bbcode_quote("\1") . "]\2[/quote:$this->bbcode_uid]"'),
10 => array('#\[email(=.*?)?\](.*?)\[/email\]#ise' => '$this->validate_email("\1", "\2")'), 10 => array('#\[email(=.*?)?\](.*?)\[/email\]#ise' => '$this->validate_email("\1", "\2")'),
9 => array('#\[list(=[a-z|0-1]+)?\].*\[/list\]#ise' => '$this->bbcode_list("\0")'), 9 => array('#\[list(=[a-z|0-1]+)?\].*\[/list\]#ise' => '$this->bbcode_list("\0")'),
7 => array('#\[u\](.*?)\[/u\]#is' => '[u:' . $this->bbcode_uid . ']\1[/u:' . $this->bbcode_uid . ']'), 7 => array('#\[u\](.*?)\[/u\]#is' => '[u:' . $this->bbcode_uid . ']\1[/u:' . $this->bbcode_uid . ']'),
@ -168,8 +170,7 @@ class parse_message
=> '[img:' . $this->bbcode_uid . ']\1\2[/img:' . $this->bbcode_uid . ']'), => '[img:' . $this->bbcode_uid . ']\1\2[/img:' . $this->bbcode_uid . ']'),
3 => array('#\[url=?(.*?)?\](.*?)\[/url\]#ise' => '$this->validate_url("\1", "\2")'), 3 => array('#\[url=?(.*?)?\](.*?)\[/url\]#ise' => '$this->validate_url("\1", "\2")'),
2 => array('#\[i\](.*?)\[/i\]#is' => '[i:' . $this->bbcode_uid . ']\1[/i:' . $this->bbcode_uid . ']'), 2 => array('#\[i\](.*?)\[/i\]#is' => '[i:' . $this->bbcode_uid . ']\1[/i:' . $this->bbcode_uid . ']'),
1 => array('#\[b\](.*?)\[/b\]#is' => '[b:' . $this->bbcode_uid . ']\1[/b:' . $this->bbcode_uid . ']'), 1 => array('#\[b\](.*?)\[/b\]#is' => '[b:' . $this->bbcode_uid . ']\1[/b:' . $this->bbcode_uid . ']')
0 => array('#\[quote(=".*?")?\](.*?)\[/quote\]#is' => '[quote:' . $this->bbcode_uid . '\1]\2[/quote:' . $this->bbcode_uid . ']')
); );
/************** /**************
@ -183,6 +184,12 @@ class parse_message
} }
function bbcode_quote($username)
{
// Will do some stuff at some point (will hopefully prevent from breaking out quotes)
return $username;
}
function bbcode_code($in) function bbcode_code($in)
{ {
$str_from = array('<', '>', '"', ':', '[', ']', '(', ')', '{', '}', '.', '@'); $str_from = array('<', '>', '"', ':', '[', ']', '(', ')', '{', '}', '.', '@');

6
phpBB/posting.php
View file

@ -445,7 +445,7 @@ if (($submit) || ($preview) || ($refresh))
$subject = phpbb_strtolower($subject); $subject = phpbb_strtolower($subject);
} }
$message_parser->message = (!empty($_POST['message'])) ? trim($_POST['message']) : ''; $message_parser->message = (!empty($_POST['message'])) ? trim(stripslashes($_POST['message'])) : '';
$username = (!empty($_POST['username'])) ? trim($_POST['username']) : ''; $username = (!empty($_POST['username'])) ? trim($_POST['username']) : '';
$topic_type = (!empty($_POST['topic_type'])) ? intval($_POST['topic_type']) : POST_NORMAL; $topic_type = (!empty($_POST['topic_type'])) ? intval($_POST['topic_type']) : POST_NORMAL;
$icon_id = (!empty($_POST['icon'])) ? intval($_POST['icon']) : 0; $icon_id = (!empty($_POST['icon'])) ? intval($_POST['icon']) : 0;
@ -649,7 +649,7 @@ if (($submit) || ($preview) || ($refresh))
submit_post($mode, $message_parser->message, $subject, $username, $topic_type, $message_parser->bbcode_uid, $poll, $attachment_data, $post_data); submit_post($mode, $message_parser->message, $subject, $username, $topic_type, $message_parser->bbcode_uid, $poll, $attachment_data, $post_data);
} }
$post_text = stripslashes($message_parser->message); $post_text = $message_parser->message;
$post_subject = $topic_title = stripslashes($subject); $post_subject = $topic_title = stripslashes($subject);
} }
@ -674,7 +674,7 @@ if ($preview)
include($phpbb_root_path . 'includes/bbcode.' . $phpEx); include($phpbb_root_path . 'includes/bbcode.' . $phpEx);
$bbcode = new bbcode($message_parser->bbcode_uid, $message_parser->bbcode_bitfield); $bbcode = new bbcode($message_parser->bbcode_uid, $message_parser->bbcode_bitfield);
$preview_message = format_display(stripslashes($message_parser->message), $enable_html, $enable_bbcode, $message_parser->bbcode_uid, $enable_urls, $enable_smilies, $enable_sig); $preview_message = format_display($message_parser->message, $enable_html, $enable_bbcode, $message_parser->bbcode_uid, $enable_urls, $enable_smilies, $enable_sig);
$preview_subject = (sizeof($censors)) ? preg_replace($censors['match'], $censors['replace'], $subject) : $subject; $preview_subject = (sizeof($censors)) ? preg_replace($censors['match'], $censors['replace'], $subject) : $subject;