diff options
| author | Ludovic Arnaud <ludovic_arnaud@users.sourceforge.net> | 2003-06-05 19:17:36 +0000 |
|---|---|---|
| committer | Ludovic Arnaud <ludovic_arnaud@users.sourceforge.net> | 2003-06-05 19:17:36 +0000 |
| commit | 7adf8907573a6c50306d893b4f0a697c07bc1957 (patch) | |
| tree | 76c09750a21d38ae199390e39e34236955f87230 /phpBB/includes/message_parser.php | |
| parent | 3b99c70b2f380a99a8b01836e7d08b087bd5dc88 (diff) | |
| download | forums-7adf8907573a6c50306d893b4f0a697c07bc1957.tar forums-7adf8907573a6c50306d893b4f0a697c07bc1957.tar.gz forums-7adf8907573a6c50306d893b4f0a697c07bc1957.tar.bz2 forums-7adf8907573a6c50306d893b4f0a697c07bc1957.tar.xz forums-7adf8907573a6c50306d893b4f0a697c07bc1957.zip | |
Changed: while validating quotes usernames, the loop will end at the first incorrect bbcode pair
git-svn-id: file:///svn/phpbb/trunk@4085 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes/message_parser.php')
| -rw-r--r-- | phpBB/includes/message_parser.php | 33 |
1 files changed, 18 insertions, 15 deletions
diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index 8e55855eaa..81f67f533d 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -25,8 +25,7 @@ - check that PHP syntax highlightning works well - add other languages? - add validation regexp to [email], [flash] - - add validation regexp to [quote] with username - - add ACL check for [img]/[flash]/others (what to do when an unauthorised tag is found? do nothing/return an error message? - psoTFX -> do nothing (*correction ... throw an error ... quick change of mind!), leave tag unprocessed ... also need size limit checks on img/flash tags ... probably warrants some discussion) + - need size limit checks on img/flash tags ... probably warrants some discussion) */ // case-insensitive strpos() - needed for some functions @@ -308,6 +307,8 @@ class parse_message { $str_from[] = '<span class="hl_default"><?php </span>'; $str_to[] = ''; + $str_from[] = '<span class="hl_default"><?php '; + $str_to[] = '<span class="hl_default">'; $str_from[] = '<span class="hl_default">?></span>'; $str_to[] = ''; } @@ -381,7 +382,14 @@ class parse_message elseif (preg_match('#list(=?(?:[0-9]|[a-z]|))#i', $buffer, $m)) { // sub-list, add a closing tag - array_push($list_end_tags, (($m[1]) ? '/list:o:' . $this->bbcode_uid : '/list:u:' . $this->bbcode_uid)); + if (!$m[1] || preg_match('/^(disc|square|circle)$/i', $m[1])) + { + array_push($list_end_tags, '/list:u:' . $this->bbcode_uid); + } + else + { + array_push($list_end_tags, '/list:o:' . $this->bbcode_uid); + } $out .= $buffer . ':' . $this->bbcode_uid . ']'; $tok = '['; } @@ -513,24 +521,19 @@ class parse_message } else { - while ($end_tag = array_pop($end_tags)) + $end_tag = array_pop($end_tags); + if ($end_tag != $tag) + { + $error = TRUE; + } + else { - if ($end_tag != $tag) - { -// echo "$end_tag != $tag<br />"; - $error = TRUE; - } - else - { - $error = FALSE; - } + $error = FALSE; } } } if ($error) { - // TODO: return error? it would prevent from using usernames like "Foo[u]bar" - // altough this kind of usernames aren't likely to be seen a lot $username = str_replace('[', '[', str_replace(']', ']', $m[1])); } |