phpBB/includes/post.php


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97

<?php
/***************************************************************************
 *
 *                            -------------------
 *   begin                : Saturday, Feb 13, 2001
 *   copyright            : (C) 2001 The phpBB Group
 *   email                : support@phpbb.com
 *
 *   $Id$
 *
 *
 ***************************************************************************/

/***************************************************************************
 *
 *   This program is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation; either version 2 of the License, or
 *   (at your option) any later version.
 *
 ***************************************************************************/

//
// This function will prepare a posted message for
// entry into the database.
//
function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid = 0)
{
	global $board_config;

	$allowed_html_tags = split(",", $board_config['allow_html_tags']);

	//
	// Clean up the message
	//
	$message = trim($message);

	if( $html_on )
	{
		$html_entities_match = array("#<#", "#>#", "#& #");
		$html_entities_replace = array("&lt;", "&gt;", "&amp; ");

		$start_html = 1;

		$message = " " . $message;
		while( $start_html = strpos($message, "<", $start_html) )
		{
			if( $end_html = strpos($message, ">", $start_html) )
			{
				$length = $end_html - $start_html + 1;

				$tagallowed = 0;
				for($i = 0; $i < sizeof($allowed_html_tags); $i++)
				{
					$match_tag = trim($allowed_html_tags[$i]);

					if( preg_match("/^[\/]?" . $match_tag . "( .*?)*$/i", trim(substr($message, $start_html + 1, $length - 2))) )
					{
						if( !preg_match("/(^\?)|(\?$)/", trim(substr($message, $start_html + 1, $length - 2))) )
						{
							$tagallowed = 1;
						}
					}
				}

				if( $length && !$tagallowed )
				{
					$message = str_replace(substr($message, $start_html, $length), preg_replace($html_entities_match, $html_entities_replace, substr($message, $start_html, $length)), $message);
				}

				$start_html += $length;
			}
			else
			{
				$message = str_replace(substr($message, $start_html, 1), preg_replace($html_entities_match, $html_entities_replace, substr($message, $start_html, 1)), $message);

				$start_html = strlen($message);
			}
		}
		$message = trim($message);
	}
	else
	{
		$html_entities_match = array("#<#", "#>#", "#& #");
		$html_entities_replace = array("&lt;", "&gt;", "&amp; ");
		$message = preg_replace($html_entities_match, $html_entities_replace, $message);
	}

	if( $bbcode_on && $bbcode_uid != "" )
	{
		$message = bbencode_first_pass($message, $bbcode_uid);
	}

	return($message);
}

?>