makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 06:08:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

fixed another cross-browser scripting issue, thanks to cristiro for noting the problem

Browse source 
git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@3076 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen 2002-11-21 22:24:32 +00:00
parent b288e4a352
commit e8a901c6e8
1 changed files with 58 additions and 136 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

106
phpBB/viewtopic.php
View file

@ -443,32 +443,22 @@ if ( count($orig_word) )
}
//
// Was a highlight request part of the URI? Yes, this idea was
// taken from vB but we did already have a highlighter in place
// in search itself ... it's just been extended a bit!
// Was a highlight request part of the URI?
//
if ( isset($HTTP_GET_VARS['highlight']) )
$highlight_match = '';
if (isset($HTTP_GET_VARS['highlight']))
{
$highlight_match = array();
//
// Split words and phrases
//
$words = explode(' ', trim(urldecode($HTTP_GET_VARS['highlight'])));
$words = explode(' ', trim(htmlspecialchars(urldecode($HTTP_GET_VARS['highlight']))));
for($i = 0; $i < count($words); $i++)
foreach ($words as $word)
{
if ( trim($words[$i]) != '' )
if (trim($word) != '')
{
$highlight_match[] = '#\b(' . str_replace("*", "([\w]+)?", $words[$i]) . ')\b#is';
$highlight_match .= (($highlight_match != '') ? '|' : '') . str_replace('*', '\w*', preg_quote($word, '#'));
}
}
$highlight_active = ( count($highlight_match) ) ? true : false;
}
else
{
$highlight_active = false;
unset($words);
}
//
@ -594,7 +584,7 @@ if ( $can_watch_topic )
// If we've got a hightlight set pass it on to pagination,
// I get annoyed when I lose my highlight after the first page.
//
$pagination = ( $highlight_active ) ? generate_pagination("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id&amp;postdays=$post_days&amp;postorder=$post_order&amp;highlight=" . $HTTP_GET_VARS['highlight'], $total_replies, $board_config['posts_per_page'], $start) : generate_pagination("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id&amp;postdays=$post_days&amp;postorder=$post_order", $total_replies, $board_config['posts_per_page'], $start);
$pagination = ( $highlight_active ) ? generate_pagination("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id&amp;postdays=$post_days&amp;postorder=$post_order&amp;highlight=" . urlencode($HTTP_GET_VARS['highlight']), $total_replies, $board_config['posts_per_page'], $start) : generate_pagination("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id&amp;postdays=$post_days&amp;postorder=$post_order", $total_replies, $board_config['posts_per_page'], $start);
//
// Send vars to template
@ -635,7 +625,7 @@ $template->assign_vars(array(
'S_TOPIC_ADMIN' => $topic_mod,
'S_WATCH_TOPIC' => $s_watching_topic,
'U_VIEW_TOPIC' => append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id&amp;start=$start&amp;postdays=$post_days&amp;postorder=$post_order&amp;highlight=" . $HTTP_GET_VARS['highlight']),
'U_VIEW_TOPIC' => append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id&amp;start=$start&amp;postdays=$post_days&amp;postorder=$post_order&amp;highlight=" . urlencode($HTTP_GET_VARS['highlight'])),
'U_VIEW_FORUM' => $view_forum_url,
'U_VIEW_OLDER_TOPIC' => $view_prev_topic_url,
'U_VIEW_NEWER_TOPIC' => $view_next_topic_url,
@ -1055,79 +1045,11 @@ for($i = 0; $i < $total_posts; $i++)
//
// Highlight active words (primarily for search)
//
if ( $highlight_active )
if ($highlight_match)
{
if ( preg_match('/<.*>/', $message) )
{
$message = preg_replace($highlight_match, '<!-- #sh -->\1<!-- #eh -->', $message);
$end_html = 0;
$start_html = 1;
$temp_message = '';
$message = ' ' . $message . ' ';
while( $start_html = strpos($message, '<', $start_html) )
{
$grab_length = $start_html - $end_html - 1;
$temp_message .= substr($message, $end_html + 1, $grab_length);
if ( $end_html = strpos($message, '>', $start_html) )
{
$length = $end_html - $start_html + 1;
$hold_string = substr($message, $start_html, $length);
if ( strrpos(' ' . $hold_string, '<') != 1 )
{
$end_html = $start_html + 1;
$end_counter = 1;
while ( $end_counter && $end_html < strlen($message) )
{
if ( substr($message, $end_html, 1) == '>' )
{
$end_counter--;
}
else if ( substr($message, $end_html, 1) == '<' )
{
$end_counter++;
}
$end_html++;
}
$length = $end_html - $start_html + 1;
$hold_string = substr($message, $start_html, $length);
$hold_string = str_replace('<!-- #sh -->', '', $hold_string);
$hold_string = str_replace('<!-- #eh -->', '', $hold_string);
}
else if ( $hold_string == '<!-- #sh -->' )
{
$hold_string = str_replace('<!-- #sh -->', '<span style="color:#' . $theme['fontcolor3'] . '"><b>', $hold_string);
}
else if ( $hold_string == '<!-- #eh -->' )
{
$hold_string = str_replace('<!-- #eh -->', '</b></span>', $hold_string);
}
$temp_message .= $hold_string;
$start_html += $length;
}
else
{
$start_html = strlen($message);
}
}
$grab_length = strlen($message) - $end_html - 1;
$temp_message .= substr($message, $end_html + 1, $grab_length);
$message = trim($temp_message);
}
else
{
$message = preg_replace($highlight_match, '<span style="color:#' . $theme['fontcolor3'] . '"><b>\1</b></span>', $message);
}
// This was shamelessly 'borrowed' from volker at multiartstudio dot de
// via php.net's annotated manual
$message = str_replace('\"', '"', substr(preg_replace('#(\>(((?>([^><]+|(?R)))*)\<))#se', "preg_replace('#\b(" . $highlight_match . ")\b#i', '<span style=\"color:#" . $theme['fontcolor3'] . "\"><b>\\\\1</b></span>', '\\0')", '>' . $message . '<'), 1, -1));
}
//