mirror of
https://github.com/phpbb/phpbb.git
synced 2025-06-28 06:08:52 +00:00
Changed: while validating quotes usernames, the loop will end at the first incorrect bbcode pair
git-svn-id: file:///svn/phpbb/trunk@4085 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Ludovic Arnaud
parent
3b99c70b2f
commit
7adf890757
1 changed files with 18 additions and 15 deletions
|
|
@ -25,8 +25,7 @@
|
|||
- check that PHP syntax highlightning works well
|
||||
- add other languages?
|
||||
- add validation regexp to [email], [flash]
|
||||
- add validation regexp to [quote] with username
|
||||
- add ACL check for [img]/[flash]/others (what to do when an unauthorised tag is found? do nothing/return an error message? - psoTFX -> do nothing (*correction ... throw an error ... quick change of mind!), leave tag unprocessed ... also need size limit checks on img/flash tags ... probably warrants some discussion)
|
||||
- need size limit checks on img/flash tags ... probably warrants some discussion)
|
||||
*/
|
||||
|
||||
// case-insensitive strpos() - needed for some functions
|
||||
|
|
@ -308,6 +307,8 @@ class parse_message
|
|||
{
|
||||
$str_from[] = '<span class="hl_default"><?php </span>';
|
||||
$str_to[] = '';
|
||||
$str_from[] = '<span class="hl_default"><?php ';
|
||||
$str_to[] = '<span class="hl_default">';
|
||||
$str_from[] = '<span class="hl_default">?></span>';
|
||||
$str_to[] = '';
|
||||
}
|
||||
|
|
@ -381,7 +382,14 @@ class parse_message
|
|||
elseif (preg_match('#list(=?(?:[0-9]|[a-z]|))#i', $buffer, $m))
|
||||
{
|
||||
// sub-list, add a closing tag
|
||||
array_push($list_end_tags, (($m[1]) ? '/list:o:' . $this->bbcode_uid : '/list:u:' . $this->bbcode_uid));
|
||||
if (!$m[1] || preg_match('/^(disc|square|circle)$/i', $m[1]))
|
||||
{
|
||||
array_push($list_end_tags, '/list:u:' . $this->bbcode_uid);
|
||||
}
|
||||
else
|
||||
{
|
||||
array_push($list_end_tags, '/list:o:' . $this->bbcode_uid);
|
||||
}
|
||||
$out .= $buffer . ':' . $this->bbcode_uid . ']';
|
||||
$tok = '[';
|
||||
}
|
||||
|
|
@ -513,11 +521,9 @@ class parse_message
|
|||
}
|
||||
else
|
||||
{
|
||||
while ($end_tag = array_pop($end_tags))
|
||||
{
|
||||
$end_tag = array_pop($end_tags);
|
||||
if ($end_tag != $tag)
|
||||
{
|
||||
// echo "$end_tag != $tag<br />";
|
||||
$error = TRUE;
|
||||
}
|
||||
else
|
||||
|
|
@ -526,11 +532,8 @@ class parse_message
|
|||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
if ($error)
|
||||
{
|
||||
// TODO: return error? it would prevent from using usernames like "Foo[u]bar"
|
||||
// altough this kind of usernames aren't likely to be seen a lot
|
||||
$username = str_replace('[', '[', str_replace(']', ']', $m[1]));
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue