diff options
Diffstat (limited to 'phpBB/includes/message_parser.php')
| -rw-r--r-- | phpBB/includes/message_parser.php | 33 |
1 files changed, 18 insertions, 15 deletions
diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index 8e55855eaa..81f67f533d 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -25,8 +25,7 @@ - check that PHP syntax highlightning works well - add other languages? - add validation regexp to [email], [flash] - - add validation regexp to [quote] with username - - add ACL check for [img]/[flash]/others (what to do when an unauthorised tag is found? do nothing/return an error message? - psoTFX -> do nothing (*correction ... throw an error ... quick change of mind!), leave tag unprocessed ... also need size limit checks on img/flash tags ... probably warrants some discussion) + - need size limit checks on img/flash tags ... probably warrants some discussion) */ // case-insensitive strpos() - needed for some functions @@ -308,6 +307,8 @@ class parse_message { $str_from[] = '<span class="hl_default"><?php </span>'; $str_to[] = ''; + $str_from[] = '<span class="hl_default"><?php '; + $str_to[] = '<span class="hl_default">'; $str_from[] = '<span class="hl_default">?></span>'; $str_to[] = ''; } @@ -381,7 +382,14 @@ class parse_message elseif (preg_match('#list(=?(?:[0-9]|[a-z]|))#i', $buffer, $m)) { // sub-list, add a closing tag - array_push($list_end_tags, (($m[1]) ? '/list:o:' . $this->bbcode_uid : '/list:u:' . $this->bbcode_uid)); + if (!$m[1] || preg_match('/^(disc|square|circle)$/i', $m[1])) + { + array_push($list_end_tags, '/list:u:' . $this->bbcode_uid); + } + else + { + array_push($list_end_tags, '/list:o:' . $this->bbcode_uid); + } $out .= $buffer . ':' . $this->bbcode_uid . ']'; $tok = '['; } @@ -513,24 +521,19 @@ class parse_message } else { - while ($end_tag = array_pop($end_tags)) + $end_tag = array_pop($end_tags); + if ($end_tag != $tag) + { + $error = TRUE; + } + else { - if ($end_tag != $tag) - { -// echo "$end_tag != $tag<br />"; - $error = TRUE; - } - else - { - $error = FALSE; - } + $error = FALSE; } } } if ($error) { - // TODO: return error? it would prevent from using usernames like "Foo[u]bar" - // altough this kind of usernames aren't likely to be seen a lot $username = str_replace('[', '[', str_replace(']', ']', $m[1])); } |