diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php
index 927a6436f3..af9918ea37 100644
--- a/phpBB/includes/acp/acp_users.php
+++ b/phpBB/includes/acp/acp_users.php
@@ -46,7 +46,8 @@ class acp_users
if ($ipwhois = user_ipwhois($user_ip))
{
- $ipwhois = trim(preg_replace('#(\s+?)([\w\-\._\+]+?@[\w\-\.]+?)(\s+?)#s', '\1\2\3', $ipwhois));
+ $ipwhois = preg_replace('#(\s)([\w\-\._\+]+@[\w\-\.]+)(\s)#', '\1\2\3', $ipwhois);
+ $ipwhois = preg_replace('#(\s)(http:/{2}[^\s]*)(\s)#', '\1\2\3', $ipwhois);
}
$template->assign_vars(array(
diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php
index 1aa18b467f..4221ac0cdc 100644
--- a/phpBB/includes/functions_admin.php
+++ b/phpBB/includes/functions_admin.php
@@ -1704,7 +1704,7 @@ function split_sql_file($sql, $delimiter)
$total_quotes = preg_match_all("#'#", $tokens[$i], $matches);
// Counts single quotes that are preceded by an odd number of backslashes,
// which means they're escaped quotes.
- $escaped_quotes = preg_match_all("#(?\\\\{2})*\\\\'/", $tokens[$i], $matches);
$unescaped_quotes = $total_quotes - $escaped_quotes;
@@ -1733,7 +1733,7 @@ function split_sql_file($sql, $delimiter)
$total_quotes = preg_match_all("#'#", $tokens[$j], $matches);
// Counts single quotes that are preceded by an odd number of backslashes,
// which means they're escaped quotes.
- $escaped_quotes = preg_match_all("#(?\\\\{2})*\\\\'/", $tokens[$j], $matches);
$unescaped_quotes = $total_quotes - $escaped_quotes;
diff --git a/phpBB/includes/functions_template.php b/phpBB/includes/functions_template.php
index 88ea84d41d..05e1d5e2b6 100644
--- a/phpBB/includes/functions_template.php
+++ b/phpBB/includes/functions_template.php
@@ -213,13 +213,13 @@ class template_compile
$varrefs = array();
// This one will handle varrefs WITH namespaces
- preg_match_all('#\{(([a-z0-9\-_]+?\.)+?)(\$)?([A-Z0-9\-_]+?)\}#', $text_blocks, $varrefs);
+ preg_match_all('#\{((?:[a-z0-9\-_]+\.)+)(\$)?([A-Z0-9\-_]+)\}#', $text_blocks, $varrefs);
for ($j = 0, $size = sizeof($varrefs[1]); $j < $size; $j++)
{
$namespace = $varrefs[1][$j];
- $varname = $varrefs[4][$j];
- $new = $this->generate_block_varref($namespace, $varname, true, $varrefs[3][$j]);
+ $varname = $varrefs[3][$j];
+ $new = $this->generate_block_varref($namespace, $varname, true, $varrefs[2][$j]);
$text_blocks = str_replace($varrefs[0][$j], $new, $text_blocks);
}
@@ -227,17 +227,17 @@ class template_compile
// This will handle the remaining root-level varrefs
if (!$this->template->static_lang)
{
- $text_blocks = preg_replace('#\{L_([a-z0-9\-_]*?)\}#is', "_tpldata['.'][0]['L_\\1'])) ? \$this->_tpldata['.'][0]['L_\\1'] : ((isset(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '{ ' . ucfirst(strtolower(str_replace('_', ' ', '\\1'))) . ' }')); ?>", $text_blocks);
+ $text_blocks = preg_replace('#\{L_([\w\-_]*)\}#is', "_tpldata['.'][0]['L_\\1'])) ? \$this->_tpldata['.'][0]['L_\\1'] : ((isset(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '{ ' . ucfirst(strtolower(str_replace('_', ' ', '\\1'))) . ' }')); ?>", $text_blocks);
}
else
{
global $user;
- $text_blocks = preg_replace('#\{L_([A-Z0-9\-_]*?)\}#e', "'_tpldata[\'.\'][0][\'L_\\1\'])) ? \$this->_tpldata[\'.\'][0][\'L_\\1\'] : \'' . ((isset(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '') . '\'); ?>'" , $text_blocks);
+ $text_blocks = preg_replace('#\{L_([A-Z0-9\-_]*)\}#e', "'_tpldata[\'.\'][0][\'L_\\1\'])) ? \$this->_tpldata[\'.\'][0][\'L_\\1\'] : \'' . ((isset(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '') . '\'); ?>'" , $text_blocks);
}
-
- $text_blocks = preg_replace('#\{([a-z0-9\-_]*?)\}#is', "_tpldata['.'][0]['\\1'])) ? \$this->_tpldata['.'][0]['\\1'] : ''; ?>", $text_blocks);
- $text_blocks = preg_replace('#\{\$([a-z0-9\-_]*?)\}#is', "_tpldata['DEFINE']['.']['\\1'])) ? \$this->_tpldata['DEFINE']['.']['\\1'] : ''; ?>", $text_blocks);
+
+ $text_blocks = preg_replace('#\{([a-z0-9\-_]*)\}#is', "_tpldata['.'][0]['\\1'])) ? \$this->_tpldata['.'][0]['\\1'] : ''; ?>", $text_blocks);
+ $text_blocks = preg_replace('#\{\$([a-z0-9\-_]*)\}#is', "_tpldata['DEFINE']['.']['\\1'])) ? \$this->_tpldata['DEFINE']['.']['\\1'] : ''; ?>", $text_blocks);
return;
}
@@ -253,7 +253,7 @@ class template_compile
// foo(-2) : Will start the loop two entries from the end
// foo(3,4) : Will start the loop on the fourth entry and end it on the fifth
// foo(3,-4) : Will start the loop on the fourth entry and end it four from last
- if (preg_match('#^(.*?)\(([\-0-9]+)(,([\-0-9]+))?\)$#', $tag_args, $match))
+ if (preg_match('#^([^()]*)\(([\-\d]+)(?:,([\-\d]+))?\)$#', $tag_args, $match))
{
$tag_args = $match[1];
@@ -266,17 +266,17 @@ class template_compile
$loop_start = '($_' . $tag_args . '_count < ' . $match[2] . ' ? $_' . $tag_args . '_count : ' . $match[2] . ')';
}
- if (strlen($match[4]) < 1 || $match[4] == -1)
+ if (strlen($match[3]) < 1 || $match[3] == -1)
{
$loop_end = '$_' . $tag_args . '_count';
}
- else if ($match[4] >= 0)
+ else if ($match[3] >= 0)
{
- $loop_end = '(' . ($match[4] + 1) . ' > $_' . $tag_args . '_count ? $_' . $tag_args . '_count : ' . ($match[4] + 1) . ')';
+ $loop_end = '(' . ($match[3] + 1) . ' > $_' . $tag_args . '_count ? $_' . $tag_args . '_count : ' . ($match[3] + 1) . ')';
}
- else //if ($match[4] < -1)
+ else //if ($match[3] < -1)
{
- $loop_end = '$_' . $tag_args . '_count' . ($match[4] + 1);
+ $loop_end = '$_' . $tag_args . '_count' . ($match[3] + 1);
}
}
else
@@ -423,11 +423,11 @@ class template_compile
$i = $is_arg_start;
default:
- if (preg_match('#^(([a-z0-9\-_]+?\.)+?)?(\$)?([A-Z]+[A-Z0-9\-_]+)$#s', $token, $varrefs))
+ if (preg_match('#^((?:[a-z0-9\-_]+\.)+)?(\$)?([A-Z0-9\-_]+)$#s', $token, $varrefs))
{
- $token = (!empty($varrefs[1])) ? $this->generate_block_data_ref(substr($varrefs[1], 0, -1), true, $varrefs[3]) . '[\'' . $varrefs[4] . '\']' : (($varrefs[3]) ? '$this->_tpldata[\'DEFINE\'][\'.\'][\'' . $varrefs[4] . '\']' : '$this->_tpldata[\'.\'][0][\'' . $varrefs[4] . '\']');
+ $token = (!empty($varrefs[1])) ? $this->generate_block_data_ref(substr($varrefs[1], 0, -1), true, $varrefs[2]) . '[\'' . $varrefs[3] . '\']' : (($varrefs[2]) ? '$this->_tpldata[\'DEFINE\'][\'.\'][\'' . $varrefs[3] . '\']' : '$this->_tpldata[\'.\'][0][\'' . $varrefs[3] . '\']');
}
- else if (preg_match('#^\.((([a-z0-9\-_]+)?\.?)+?)$#s', $token, $varrefs))
+ else if (preg_match('#^\.([a-z0-9\-_.]+)$#s', $token, $varrefs))
{
$_tok = $this->generate_block_data_ref($varrefs[1], false);
$token = "(isset($_tok) && sizeof($_tok))";
@@ -446,49 +446,49 @@ class template_compile
*/
function compile_tag_define($tag_args, $op)
{
- preg_match('#^(([a-z0-9\-_]+?\.)+?)?\$([A-Z][A-Z0-9_\-]*?)( = (\'?)(.*?)(\'?))?$#', $tag_args, $match);
+ preg_match('#^((?:[a-z0-9\-_]+\.)+)?\$([A-Z][A-Z0-9_\-]*)(?: = (\'?)([^\']*)(\'?))?$#', $tag_args, $match);
- if (empty($match[3]) || (empty($match[6]) && $op))
+ if (empty($match[2]) || (empty($match[4]) && $op))
{
return;
}
if (!$op)
{
- return 'unset(' . (($match[1]) ? $this->generate_block_data_ref(substr($match[1], 0, -1), true, true) . '[\'' . $match[3] . '\']' : '$this->_tpldata[\'DEFINE\'][\'.\'][\'' . $match[3] . '\']') . ');';
+ return 'unset(' . (($match[1]) ? $this->generate_block_data_ref(substr($match[1], 0, -1), true, true) . '[\'' . $match[2] . '\']' : '$this->_tpldata[\'DEFINE\'][\'.\'][\'' . $match[2] . '\']') . ');';
}
// Are we a string?
- if ($match[5] && $match[7])
+ if ($match[3] && $match[5])
{
- $match[6] = addslashes(str_replace(array('\\\'', '\\\\'), array('\'', '\\'), $match[6]));
+ $match[4] = addslashes(str_replace(array('\\\'', '\\\\'), array('\'', '\\'), $match[4]));
// Compile reference, we allow template variables in defines...
- $match[6] = $this->compile($match[6]);
+ $match[4] = $this->compile($match[4]);
// Now replace the php code
- $match[6] = "'" . str_replace(array(''), array("' . ", " . '"), $match[6]) . "'";
+ $match[4] = "'" . str_replace(array(''), array("' . ", " . '"), $match[4]) . "'";
}
else
{
- preg_match('#(true|false|\.)#i', $match[6], $type);
+ preg_match('#true|false|\.#i', $match[4], $type);
switch (strtolower($type[1]))
{
case 'true':
case 'false':
- $match[6] = strtoupper($match[6]);
+ $match[4] = strtoupper($match[4]);
break;
case '.';
- $match[6] = doubleval($match[6]);
+ $match[4] = doubleval($match[4]);
break;
default:
- $match[6] = intval($match[6]);
+ $match[4] = intval($match[4]);
break;
}
}
- return (($match[1]) ? $this->generate_block_data_ref(substr($match[1], 0, -1), true, true) . '[\'' . $match[3] . '\']' : '$this->_tpldata[\'DEFINE\'][\'.\'][\'' . $match[3] . '\']') . ' = ' . $match[6] . ';';
+ return (($match[1]) ? $this->generate_block_data_ref(substr($match[1], 0, -1), true, true) . '[\'' . $match[2] . '\']' : '$this->_tpldata[\'DEFINE\'][\'.\'][\'' . $match[2] . '\']') . ' = ' . $match[4] . ';';
}
/**
diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php
index 5668fee1d0..0ed104d9f1 100644
--- a/phpBB/includes/functions_user.php
+++ b/phpBB/includes/functions_user.php
@@ -34,7 +34,7 @@ function user_get_id_name(&$user_id_ary, &$username_ary)
$$which_ary = array($$which_ary);
}
- $sql_in = ($which_ary == 'user_id_ary') ? array_map('intval', $$which_ary) : preg_replace('#^[\s]*(.*?)[\s]*$#e', "\"'\" . \$db->sql_escape('\\1') . \"'\"", $$which_ary);
+ $sql_in = ($which_ary == 'user_id_ary') ? array_map('intval', $$which_ary) : preg_replace('#^\s*(.*)\s*$#e', "\"'\" . \$db->sql_escape('\\1') . \"'\"", $$which_ary);
unset($$which_ary);
// Grab the user id/username records
diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php
index e8d2a93444..feeeafc4c0 100644
--- a/phpBB/includes/message_parser.php
+++ b/phpBB/includes/message_parser.php
@@ -886,41 +886,32 @@ class parse_message extends bbcode_firstpass
{
static $match;
static $replace;
-
+
$server_port = ($server_port <> 80 ) ? ':' . trim($server_port) . '/' : '/';
if (!is_array($match))
{
$match = $replace = array();
// Be sure to not let the matches cross over. ;)
-
+
// relative urls for this board
- $match[] = '#(^|[\n ]|\()(' . preg_quote($server_protocol . trim($server_name) . $server_port . preg_replace('/^\/?(.*?)(\/)?$/', '$1', trim($script_path)), '#') . ')/(.*?([^ \t\n\r<"\'\)]*)?)#i';
+ $match[] = '#(^|[\n ]|\()(' . preg_quote($server_protocol . trim($server_name) . $server_port . preg_replace('/^\/?(.*?)(\/)?$/', '$1', trim($script_path)), '#') . ')/([^ \t\n\r<"\'\)&]+|&(?!lt;))*)#i';
$replace[] = '$1$3';
-
+
// matches a xxxx://aaaaa.bbb.cccc. ...
- $match[] = '#(^|[\n ]|\()([\w]+?://.*?([^ \t\n\r<"\'\)]*)?)#ie';
+ $match[] = '#(^|[\n ]|\()([\w]+:/{2}.*?([^ \t\n\r<"\'\)&]+|&(?!lt;))*)#ie';
$replace[] = "'\$1' . ((strlen('\$2') > 55) ? substr(str_replace('&', '&', '\$2'), 0, 39) . ' ... ' . substr(str_replace('&', '&', '\$2'), -10) : '\$2') . ''";
-
+
// matches a "www.xxxx.yyyy[/zzzz]" kinda lazy URL thing
- $match[] = '#(^|[\n ]|\()(www\.[\w\-]+\.[\w\-.\~]+(?:/[^ \t\n\r<"\'\)]*)?)#ie';
+ $match[] = '#(^|[\n ]|\()(w{3}\.[\w\-]+\.[\w\-.\~]+(?:[^ \t\n\r<"\'\)&]+|&(?!lt;))*)#ie';
$replace[] = "'\$1' . ((strlen('\$2') > 55) ? substr(str_replace('&', '&', '\$2'), 0, 39) . ' ... ' . substr(str_replace('&', '&', '\$2'), -10) : '\$2') . ''";
-
+
// matches an email@domain type address at the start of a line, or after a space.
- $match[] = '#(^|[\n ]|\()([a-z0-9&\-_.]+?@[\w\-]+\.([\w\-\.]+\.)?[\w]+)#ie';
+ $match[] = '#(^|[\n ]|\()([a-z0-9&\-_.]+?@[\w\-]+\.(?:[\w\-\.]+\.)?[\w]+)#ie';
$replace[] = "'\$1' . ((strlen('\$2') > 55) ? substr('\$2', 0, 39) . ' ... ' . substr('\$2', -10) : '\$2') . ''";
}
-
- /* IMPORTANT NOTE (Developer inability to do advanced regular expressions) - Acyd Burn:
- Transforming < (<) to << in order to bypass the inability of preg_replace
- supporting multi-character sequences (POSIX - [..]). Since all message text is specialchared by
- default a match against < will always fail, since it is a < sequence within the text.
- Replacing with << and switching back thereafter produces no problems, because < will never show up with < in
- the same text (due to this specialcharing). The < is put in front of < to let the url break gracefully.
- I hope someone can lend me a hand here, telling me how to achive the wanted result without switching to ereg_replace.
- */
- $this->message = preg_replace($match, $replace, str_replace('<', '<<', $this->message));
- $this->message = str_replace('<<', '<', $this->message);
+
+ $this->message = preg_replace($match, $replace, $this->message);
}
// Parse Smilies
@@ -954,7 +945,7 @@ class parse_message extends bbcode_firstpass
break;
}
$result = $db->sql_query($sql, 600);
-
+
if ($row = $db->sql_fetchrow($result))
{
$match = $replace = array();
@@ -973,7 +964,7 @@ class parse_message extends bbcode_firstpass
}
$db->sql_freeresult($result);
}
-
+
if (sizeof($match))
{
if ($max_smilies)
diff --git a/phpBB/includes/template.php b/phpBB/includes/template.php
index 3d9d4fec72..a67de99e03 100644
--- a/phpBB/includes/template.php
+++ b/phpBB/includes/template.php
@@ -294,10 +294,11 @@ class template
$str = &$str[sizeof($str) - 1];
}
- $vararray['S_ROW_COUNT'] = isset($str[$blocks[$blockcount]]) ? sizeof($str[$blocks[$blockcount]]) : 0;
+ $s_row_count = isset($str[$blocks[$blockcount]]) ? sizeof($str[$blocks[$blockcount]]) : 0;
+ $vararray['S_ROW_COUNT'] = $s_row_count;
// Assign S_FIRST_ROW
- if (!isset($str[$blocks[$blockcount]]) || sizeof($str[$blocks[$blockcount]]) == 0)
+ if (!$s_row_count)
{
$vararray['S_FIRST_ROW'] = true;
}
@@ -305,9 +306,9 @@ class template
// Now the tricky part, we always assign S_LAST_ROW and remove the entry before
// This is much more clever than going through the complete template data on display (phew)
$vararray['S_LAST_ROW'] = true;
- if (isset($str[$blocks[$blockcount]]) && sizeof($str[$blocks[$blockcount]]) > 0)
+ if ($s_row_count > 0)
{
- unset($str[$blocks[$blockcount]][sizeof($str[$blocks[$blockcount]]) - 1]['S_LAST_ROW']);
+ unset($str[$blocks[$blockcount]][($s_row_count - 1)]['S_LAST_ROW']);
}
// Now we add the block that we're actually assigning to.
@@ -318,19 +319,20 @@ class template
else
{
// Top-level block.
- $vararray['S_ROW_COUNT'] = (isset($this->_tpldata[$blockname])) ? sizeof($this->_tpldata[$blockname]) : 0;
+ $s_row_count = (isset($this->_tpldata[$blockname])) ? sizeof($this->_tpldata[$blockname]) : 0;
+ $vararray['S_ROW_COUNT'] = $s_row_count;
// Assign S_FIRST_ROW
- if (!isset($this->_tpldata[$blockname]) || sizeof($this->_tpldata[$blockname]) == 0)
+ if (!$s_row_count)
{
$vararray['S_FIRST_ROW'] = true;
}
// We always assign S_LAST_ROW and remove the entry before
$vararray['S_LAST_ROW'] = true;
- if (isset($this->_tpldata[$blockname]) && sizeof($this->_tpldata[$blockname]) > 0)
+ if ($s_row_count > 0)
{
- unset($this->_tpldata[$blockname][sizeof($this->_tpldata[$blockname]) - 1]['S_LAST_ROW']);
+ unset($this->_tpldata[$blockname][($s_row_count - 1)]['S_LAST_ROW']);
}
// Add a new iteration to this block with the variable assignments
diff --git a/phpBB/viewonline.php b/phpBB/viewonline.php
index b5ef2d32df..5960b715c6 100644
--- a/phpBB/viewonline.php
+++ b/phpBB/viewonline.php
@@ -49,8 +49,8 @@ if ($mode == 'whois')
{
$whois = user_ipwhois($row['session_ip']);
- $whois = preg_replace('#(\s+?)([\w\-\._\+]+?@[\w\-\.]+?)(\s+?)#s', '\1\2\3', $whois);
- $whois = preg_replace('#(\s+?)(http://.*?)(\s+?)#s', '\1\2\3', $whois);
+ $whois = preg_replace('#(\s)([\w\-\._\+]+@[\w\-\.]+)(\s)#', '\1\2\3', $whois);
+ $whois = preg_replace('#(\s)(http:/{2}[^\s]*)(\s)#', '\1\2\3', $whois);
$template->assign_vars(array(
'WHOIS' => trim($whois))