mirror of
https://github.com/phpbb/phpbb.git
synced 2025-06-28 14:18:52 +00:00
More fixes, bbcode size, html script issue
git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@3145 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen
parent
6824099d44
commit
bea96c8cdf
3 changed files with 23 additions and 57 deletions
|
|
@ -121,6 +121,9 @@ h3 {font-size:12pt;color:blue}
|
|||
<li>Added check for IE6.x to viewtopic ICQ indicator javascript</li>
|
||||
<li>Fixed empty username quoting owith MS-SQL</li>
|
||||
<li>Fixed BBCode url, magic url and img tags to allow most chars beyond domain names</li>
|
||||
<li>Prevent parsing of -ve size values in BBCode size tag</li>
|
||||
<li>Back ported HTML handler from 2.2, this may impact some boards which allow complex HTML</li>
|
||||
<li></li>
|
||||
<li></li>
|
||||
</ul>
|
||||
|
||||
|
|
|
|||
|
|
@ -165,7 +165,7 @@ function bbencode_second_pass($text, $uid)
|
|||
$text = str_replace("[/color:$uid]", $bbcode_tpl['color_close'], $text);
|
||||
|
||||
// size
|
||||
$text = preg_replace("/\[size=([\-\+]?[1-2]?[0-9]):$uid\]/si", $bbcode_tpl['size_open'], $text);
|
||||
$text = preg_replace("/\[size=([1-2]?[0-9]):$uid\]/si", $bbcode_tpl['size_open'], $text);
|
||||
$text = str_replace("[/size:$uid]", $bbcode_tpl['size_close'], $text);
|
||||
|
||||
// [QUOTE] and [/QUOTE] for posting replies with quote, or just for quoting stuff.
|
||||
|
|
@ -270,7 +270,7 @@ function bbencode_first_pass($text, $uid)
|
|||
$text = preg_replace("#\[color=(\#[0-9A-F]{6}|[a-z\-]+)\](.*?)\[/color\]#si", "[color=\\1:$uid]\\2[/color:$uid]", $text);
|
||||
|
||||
// [size] and [/size] for setting text size
|
||||
$text = preg_replace("#\[size=([\-\+]?[1-2]?[0-9])\](.*?)\[/size\]#si", "[size=\\1:$uid]\\2[/size:$uid]", $text);
|
||||
$text = preg_replace("#\[size=([1-2]?[0-9])\](.*?)\[/size\]#si", "[size=\\1:$uid]\\2[/size:$uid]", $text);
|
||||
|
||||
// [b] and [/b] for bolding text.
|
||||
$text = preg_replace("#\[b\](.*?)\[/b\]#si", "[b:$uid]\\1[/b:$uid]", $text);
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ if ( !defined('IN_PHPBB') )
|
|||
die('Hacking attempt');
|
||||
}
|
||||
|
||||
$html_entities_match = array('#&#', '#<#', '#>#');
|
||||
$html_entities_match = array('#&[a-z]+?;#', '#<#', '#>#');
|
||||
$html_entities_replace = array('&', '<', '>');
|
||||
|
||||
$unhtml_specialchars_match = array('#>#', '#<#', '#"#', '#&#');
|
||||
|
|
@ -45,64 +45,27 @@ function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid
|
|||
// Clean up the message
|
||||
//
|
||||
$message = trim($message);
|
||||
$message = preg_replace($html_entities_match, $html_entities_replace, $message);
|
||||
|
||||
if ($html_on)
|
||||
{
|
||||
$allowed_html_tags = split(',', $board_config['allow_html_tags']);
|
||||
// ported from 2.2
|
||||
// If $html is true then "allowed_tags" are converted back from entity
|
||||
// form, others remain ... note this differs from the old version where you
|
||||
// only needed to specify the first part of the tag ... with this version
|
||||
// you need to specify either the exact layout of the tag or use preg_
|
||||
// pattern matches ... this should prevent users from abusing simple
|
||||
// tags by adding styles with javascript, etc. but may complicate the lives
|
||||
// of those who use things like flash etc. ... it also won't close tags
|
||||
// which have previously been left in entity form, e.g. <b style="fdsfs">dfsdf</b>
|
||||
// assuming b was in the allowed tags it would leave the <b style ...> but convert
|
||||
// the </b> ... will look into tightening this up for 2.0.5 (and 2.2 of course)
|
||||
$allowed_tags = split(',', $board_config['allow_html_tags']);
|
||||
|
||||
$end_html = 0;
|
||||
$start_html = 1;
|
||||
$tmp_message = '';
|
||||
$message = ' ' . $message . ' ';
|
||||
|
||||
while ( $start_html = strpos($message, '<', $start_html) )
|
||||
if (sizeof($allowed_tags))
|
||||
{
|
||||
$tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1, ( $start_html - $end_html - 1 )));
|
||||
|
||||
if ( $end_html = strpos($message, '>', $start_html) )
|
||||
{
|
||||
$length = $end_html - $start_html + 1;
|
||||
$hold_string = substr($message, $start_html, $length);
|
||||
|
||||
if ( ( $unclosed_open = strrpos(' ' . $hold_string, '<') ) != 1 )
|
||||
{
|
||||
$tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($hold_string, 0, $unclosed_open - 1));
|
||||
$hold_string = substr($hold_string, $unclosed_open - 1);
|
||||
$message = preg_replace('#<(\/?)(' . str_replace('*', '.*?', implode('|', $allowed_tags)) . ')>#is', '<\1\2>', $message);
|
||||
}
|
||||
|
||||
$tagallowed = false;
|
||||
for($i = 0; $i < sizeof($allowed_html_tags); $i++)
|
||||
{
|
||||
$match_tag = trim($allowed_html_tags[$i]);
|
||||
if ( preg_match('/^<\/?' . $match_tag . '(?!(\s*)style(\s*)\\=)/i', $hold_string) )
|
||||
{
|
||||
$tagallowed = true;
|
||||
}
|
||||
}
|
||||
|
||||
$tmp_message .= ( $length && !$tagallowed ) ? preg_replace($html_entities_match, $html_entities_replace, $hold_string) : $hold_string;
|
||||
|
||||
$start_html += $length;
|
||||
}
|
||||
else
|
||||
{
|
||||
$tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $start_html, strlen($message)));
|
||||
|
||||
$start_html = strlen($message);
|
||||
$end_html = $start_html;
|
||||
}
|
||||
}
|
||||
|
||||
if ( $end_html != strlen($message) && $tmp_message != '' )
|
||||
{
|
||||
$tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1));
|
||||
}
|
||||
|
||||
$message = ( $tmp_message != '' ) ? trim($tmp_message) : trim($message);
|
||||
}
|
||||
else
|
||||
{
|
||||
$message = preg_replace($html_entities_match, $html_entities_replace, $message);
|
||||
}
|
||||
|
||||
if( $bbcode_on && $bbcode_uid != '' )
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue