From 817db2f13526842e04aeabe4fcd6d809dce2d0a2 Mon Sep 17 00:00:00 2001 From: JoshyPHP Date: Sat, 30 May 2015 01:02:12 +0200 Subject: [ticket/13880] Automatically remove quotes that are nested too deep PHPBB3-13880 --- phpBB/includes/message_parser.php | 72 +++++++++++++++++++++++++++------------ 1 file changed, 50 insertions(+), 22 deletions(-) (limited to 'phpBB/includes/message_parser.php') diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index 42ca9bf09d..6f462b7a9e 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -791,28 +791,6 @@ class bbcode_firstpass extends bbcode else if (preg_match('#^quote(?:="(.*?)")?$#is', $buffer, $m) && substr($out, -1, 1) == '[') { $this->parsed_items['quote']++; - - // the buffer holds a valid opening tag - if ($config['max_quote_depth'] && sizeof($close_tags) >= $config['max_quote_depth']) - { - if ($config['max_quote_depth'] == 1) - { - // Depth 1 - no nesting is allowed - $error_ary['quote_depth'] = $user->lang('QUOTE_NO_NESTING'); - } - else - { - // There are too many nested quotes - $error_ary['quote_depth'] = $user->lang('QUOTE_DEPTH_EXCEEDED', (int) $config['max_quote_depth']); - } - - $out .= $buffer . $tok; - $tok = '[]'; - $buffer = ''; - - continue; - } - array_push($close_tags, '/quote:' . $this->bbcode_uid); if (isset($m[1]) && $m[1]) @@ -1277,6 +1255,12 @@ class parse_message extends bbcode_firstpass return $update_this_message ? $this->warn_msg : $return_message; } + // Remove quotes that are nested too deep + if ($config['max_quote_depth'] > 0) + { + $this->remove_nested_quotes($config['max_quote_depth']); + } + // Check for "empty" message. We do not check here for maximum length, because bbcode, smilies, etc. can add to the length. // The maximum length check happened before any parsings. if ($mode === 'post' && utf8_clean_string($this->message) === '') @@ -1855,6 +1839,50 @@ class parse_message extends bbcode_firstpass $poll['poll_max_options'] = ($poll['poll_max_options'] < 1) ? 1 : (($poll['poll_max_options'] > $config['max_poll_options']) ? $config['max_poll_options'] : $poll['poll_max_options']); } + /** + * Remove nested quotes at given depth in current parsed message + * + * @param integer $max_depth Depth limit + * @return null + */ + public function remove_nested_quotes($max_depth) + { + // Capture all [quote] and [/quote] tags + preg_match_all('(\\[/?quote(?:=[^]]+)?:' . $this->bbcode_uid . '\\])', $this->message, $matches, PREG_OFFSET_CAPTURE); + + // Iterate over the quote tags to mark the ranges that must be removed + $depth = 0; + $ranges = array(); + $start_pos = 0; + foreach ($matches[0] as $match) + { + if ($match[0][1] === '/') + { + --$depth; + if ($depth == $max_depth) + { + $end_pos = $match[1] + strlen($match[0]); + $length = $end_pos - $start_pos; + $ranges[] = array($start_pos, $length); + } + } + else + { + ++$depth; + if ($depth == $max_depth + 1) + { + $start_pos = $match[1]; + } + } + } + + foreach (array_reverse($ranges) as $range) + { + list($start_pos, $length) = $range; + $this->message = substr_replace($this->message, '', $start_pos, $length); + } + } + /** * Setter function for passing the plupload object * -- cgit v1.2.1 From ae2237f640c5f08924b01e780d9549dddcb1b7da Mon Sep 17 00:00:00 2001 From: JoshyPHP Date: Sat, 27 Jun 2015 04:25:54 +0200 Subject: [ticket/13880] Replaced the quote regexp to allow brackets This matches the regexp used in bbcode::bbcode_cache_init() PHPBB3-13880 --- phpBB/includes/message_parser.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes/message_parser.php') diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index 6f462b7a9e..8b3d8d9fd5 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -1848,7 +1848,7 @@ class parse_message extends bbcode_firstpass public function remove_nested_quotes($max_depth) { // Capture all [quote] and [/quote] tags - preg_match_all('(\\[/?quote(?:=[^]]+)?:' . $this->bbcode_uid . '\\])', $this->message, $matches, PREG_OFFSET_CAPTURE); + preg_match_all('(\\[/?quote(?:="(.*?)")?:' . $this->bbcode_uid . '\\])', $this->message, $matches, PREG_OFFSET_CAPTURE); // Iterate over the quote tags to mark the ranges that must be removed $depth = 0; -- cgit v1.2.1