diff options
Diffstat (limited to 'phpBB/includes')
| -rw-r--r-- | phpBB/includes/post.php | 51 |
1 files changed, 42 insertions, 9 deletions
diff --git a/phpBB/includes/post.php b/phpBB/includes/post.php index d5963bd542..57c6255653 100644 --- a/phpBB/includes/post.php +++ b/phpBB/includes/post.php @@ -28,11 +28,50 @@ // function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid = 0) { + global $board_config; + + // + // Clean up the message + // $message = trim($message); - if(!$html_on) + if($html_on) { - $message = htmlspecialchars($message); + $start = -1; + $end = 0; + + for($h = 0; $h < strlen($message); $h++) + { + $start = strpos($message, "<", $h); + + if($start > -1) + { + $end = strpos($message, ">", $start); + + if($end) + { + $length = $end - $start + 1; + $tagallowed = 0; + + for($i = 0; $i < sizeof($board_config['allow_html_tags']); $i++) + { + $match_tag = trim($board_config['allow_html_tags'][$i]); + list($match_tag_split) = explode(" ", $match_tag); + + if( preg_match("/^((\/$match_tag_split$)|($match_tag))[ \=]+/i", substr($message, $start + 1, $length - 2) . " ") ) + { + $tagallowed = 1; + } + } + + if($length && !$tagallowed) + { + $message = str_replace(substr($message, $start, $length), "", $message); + } + } + $start = -1; + } + } } if($bbcode_on) @@ -40,15 +79,9 @@ function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid $message = bbencode_first_pass($message, $bbcode_uid); } - if($smile_on) - { - // No smile() function yet, write one... - //$message = smile($message); - } - $message = addslashes($message); return($message); } -?> +?>
\ No newline at end of file |