diff options
| author | Paul S. Owen <psotfx@users.sourceforge.net> | 2001-08-09 22:38:39 +0000 |
|---|---|---|
| committer | Paul S. Owen <psotfx@users.sourceforge.net> | 2001-08-09 22:38:39 +0000 |
| commit | 1ff3a936568d67ef8612a8c4eb4e20ffd8415763 (patch) | |
| tree | 1b9fd157eec1c21448bb040d6adb0e6af6ce2249 /phpBB/includes/post.php | |
| parent | a8ff6858bcd58ac9e2cd23b36775268a66358a12 (diff) | |
| download | forums-1ff3a936568d67ef8612a8c4eb4e20ffd8415763.tar forums-1ff3a936568d67ef8612a8c4eb4e20ffd8415763.tar.gz forums-1ff3a936568d67ef8612a8c4eb4e20ffd8415763.tar.bz2 forums-1ff3a936568d67ef8612a8c4eb4e20ffd8415763.tar.xz forums-1ff3a936568d67ef8612a8c4eb4e20ffd8415763.zip | |
Allows only certain tags ... seems broken again which is annoying since I fixed it the day before yesterday
git-svn-id: file:///svn/phpbb/trunk@826 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes/post.php')
| -rw-r--r-- | phpBB/includes/post.php | 51 |
1 files changed, 42 insertions, 9 deletions
diff --git a/phpBB/includes/post.php b/phpBB/includes/post.php index d5963bd542..57c6255653 100644 --- a/phpBB/includes/post.php +++ b/phpBB/includes/post.php @@ -28,11 +28,50 @@ // function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid = 0) { + global $board_config; + + // + // Clean up the message + // $message = trim($message); - if(!$html_on) + if($html_on) { - $message = htmlspecialchars($message); + $start = -1; + $end = 0; + + for($h = 0; $h < strlen($message); $h++) + { + $start = strpos($message, "<", $h); + + if($start > -1) + { + $end = strpos($message, ">", $start); + + if($end) + { + $length = $end - $start + 1; + $tagallowed = 0; + + for($i = 0; $i < sizeof($board_config['allow_html_tags']); $i++) + { + $match_tag = trim($board_config['allow_html_tags'][$i]); + list($match_tag_split) = explode(" ", $match_tag); + + if( preg_match("/^((\/$match_tag_split$)|($match_tag))[ \=]+/i", substr($message, $start + 1, $length - 2) . " ") ) + { + $tagallowed = 1; + } + } + + if($length && !$tagallowed) + { + $message = str_replace(substr($message, $start, $length), "", $message); + } + } + $start = -1; + } + } } if($bbcode_on) @@ -40,15 +79,9 @@ function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid $message = bbencode_first_pass($message, $bbcode_uid); } - if($smile_on) - { - // No smile() function yet, write one... - //$message = smile($message); - } - $message = addslashes($message); return($message); } -?> +?>
\ No newline at end of file |