diff options
| author | Paul S. Owen <psotfx@users.sourceforge.net> | 2002-03-18 13:35:23 +0000 |
|---|---|---|
| committer | Paul S. Owen <psotfx@users.sourceforge.net> | 2002-03-18 13:35:23 +0000 |
| commit | 502e4aceeae897a2098d22042a1ce7cb8dfdeb1b (patch) | |
| tree | 2baf355c5346df7beec1194b2f142a52becececb /phpBB/includes/bbcode.php | |
| parent | 21ab952fe2d838cc02bd60bb6be109283b185db9 (diff) | |
| download | forums-502e4aceeae897a2098d22042a1ce7cb8dfdeb1b.tar forums-502e4aceeae897a2098d22042a1ce7cb8dfdeb1b.tar.gz forums-502e4aceeae897a2098d22042a1ce7cb8dfdeb1b.tar.bz2 forums-502e4aceeae897a2098d22042a1ce7cb8dfdeb1b.tar.xz forums-502e4aceeae897a2098d22042a1ce7cb8dfdeb1b.zip | |
Updates to overcome security issue + updates of various functions, initial version of profile registration include ... not completed but should be functional for obvious reasons(!)
git-svn-id: file:///svn/phpbb/trunk@2304 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes/bbcode.php')
| -rw-r--r-- | phpBB/includes/bbcode.php | 30 |
1 files changed, 24 insertions, 6 deletions
diff --git a/phpBB/includes/bbcode.php b/phpBB/includes/bbcode.php index dab52ddf16..6ae35cb036 100644 --- a/phpBB/includes/bbcode.php +++ b/phpBB/includes/bbcode.php @@ -19,6 +19,11 @@ * ***************************************************************************/ +if ( !defined('IN_PHPBB') ) +{ + die("Hacking attempt"); +} + define("BBCODE_UID_LEN", 10); // global that holds loaded-and-prepared bbcode templates, so we only have to do @@ -536,9 +541,6 @@ function bbencode_second_pass_code($text, $uid, $bbcode_tpl) { global $lang; - $html_entities_match = array("#<#", "#>#"); - $html_entities_replace = array("<", ">"); - $code_start_html = $bbcode_tpl['code_open']; $code_end_html = $bbcode_tpl['code_close']; @@ -550,8 +552,6 @@ function bbencode_second_pass_code($text, $uid, $bbcode_tpl) { $before_replace = $matches[1][$i]; $after_replace = $matches[1][$i]; - - $after_replace = preg_replace($html_entities_match, $html_entities_replace, $after_replace); // Replace 2 spaces with " " so non-tabbed code indents without making huge long lines. $after_replace = str_replace(" ", " ", $after_replace); @@ -764,4 +764,22 @@ function smiley_sort($a, $b) return ( strlen($a['code']) > strlen($b['code']) ) ? -1 : 1; } -?> +// +// this does exactly what preg_quote() does in PHP 4-ish: +// http://www.php.net/manual/en/function.preg-quote.php +// +// This function is here because the 2nd paramter to preg_quote was added in some +// version of php 4.0.x.. So we use this in order to maintain compatibility with +// earlier versions of PHP. +// +// If you just need the 1-parameter preg_quote call, then don't bother using this. +// +function phpbb_preg_quote($str, $delimiter) +{ + $text = preg_quote($str); + $text = str_replace($delimiter, "\\" . $delimiter, $text); + + return $text; +} + +?>
\ No newline at end of file |