aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--phpBB/adm/admin_attachments.php2
-rw-r--r--phpBB/adm/admin_users.php7
-rw-r--r--phpBB/includes/functions_posting.php16
-rw-r--r--phpBB/includes/message_parser.php202
-rw-r--r--phpBB/includes/ucp/ucp_profile.php7
-rw-r--r--phpBB/posting.php4
6 files changed, 137 insertions, 101 deletions
diff --git a/phpBB/adm/admin_attachments.php b/phpBB/adm/admin_attachments.php
index e26cd7ddb8..bedef5885a 100644
--- a/phpBB/adm/admin_attachments.php
+++ b/phpBB/adm/admin_attachments.php
@@ -422,7 +422,7 @@ if ($submit && $mode == 'orphan')
<h2><?php echo $user->lang['UPLOADING_FILES']; ?></h2>
<?php
include($phpbb_root_path . 'includes/message_parser.' . $phpEx);
- $message_parser = new parse_message(0);
+ $message_parser = new parse_message();
$sql = 'SELECT forum_id, forum_name
FROM ' . FORUMS_TABLE;
diff --git a/phpBB/adm/admin_users.php b/phpBB/adm/admin_users.php
index 506c8452fd..4dac8f1673 100644
--- a/phpBB/adm/admin_users.php
+++ b/phpBB/adm/admin_users.php
@@ -833,9 +833,7 @@ if ($submit || $preview || $deleteall || $deletemark)
{
include($phpbb_root_path . 'includes/message_parser.'.$phpEx);
- $message_parser = new parse_message();
-
- $message_parser->message = $signature;
+ $message_parser = new parse_message($signature);
$message_parser->parse($enable_html, $enable_bbcode, $enable_urls, $enable_smilies);
$sql_ary = array(
@@ -1545,8 +1543,7 @@ function marklist(match, status)
// Fudge-o-rama ...
include($phpbb_root_path . 'includes/message_parser.'.$phpEx);
- $message_parser = new parse_message();
- $message_parser->message = $signature_preview;
+ $message_parser = new parse_message($signature_preview);
$message_parser->parse($enable_html, $enable_bbcode, $enable_urls, $enable_smilies);
$signature_preview = $message_parser->message;
diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php
index 2ac76064fe..9a0aa1bd48 100644
--- a/phpBB/includes/functions_posting.php
+++ b/phpBB/includes/functions_posting.php
@@ -533,6 +533,7 @@ function decode_text(&$message, $bbcode_uid)
":o:$bbcode_uid",
":$bbcode_uid"
);
+
$replace = array(
"\n",
'',
@@ -543,6 +544,19 @@ function decode_text(&$message, $bbcode_uid)
$message = ($bbcode_uid) ? str_replace($search, $replace, $message) : str_replace('<br />', "\n", $message);
+ // HTML
+ if ($config['allow_html_tags'])
+ {
+ // If $html is true then "allowed_tags" are converted back from entity
+ // form, others remain
+ $allowed_tags = split(',', $config['allow_html_tags']);
+
+ if (sizeof($allowed_tags))
+ {
+ $message = preg_replace('#\<(\/?)(' . str_replace('*', '.*?', implode('|', $allowed_tags)) . ')\>#is', '&lt;$1$2&gt;', $message);
+ }
+ }
+
$match = array(
'#<!\-\- e \-\-><a href="mailto:(.*?)">.*?</a><!\-\- e \-\->#',
'#<!\-\- m \-\-><a href="(.*?)" target="_blank">.*?</a><!\-\- m \-\->#',
@@ -551,6 +565,7 @@ function decode_text(&$message, $bbcode_uid)
'#<!\-\- s(.*?) \-\-><img src="\{SMILE_PATH\}\/.*? \/><!\-\- s\1 \-\->#',
'#<.*?>#s'
);
+
$replace = array(
'\1',
'\1',
@@ -559,6 +574,7 @@ function decode_text(&$message, $bbcode_uid)
'\1',
''
);
+
$message = preg_replace($match, $replace, $message);
return;
diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php
index bfd50c54cb..9fc85b683f 100644
--- a/phpBB/includes/message_parser.php
+++ b/phpBB/includes/message_parser.php
@@ -36,7 +36,6 @@ if (!function_exists('stripos'))
// and parses it for attachments, html, bbcode and smilies
class parse_message
{
- var $message_mode = 0; // MSG_POST/MSG_PM
var $message = '';
var $warn_msg = array();
@@ -49,10 +48,15 @@ class parse_message
var $smilies = '';
- function parse_message($message_type)
+ function parse_message($message = '')
{
- $this->message_mode = $message_type;
+ // Init BBCode UID
$this->bbcode_uid = substr(md5(time()), 0, BBCODE_UID_LEN);
+
+ if ($message)
+ {
+ $this->message = $message;
+ }
}
function parse($html, $bbcode, $url, $smilies, $allow_img = true, $allow_flash = true, $allow_quote = true)
@@ -64,16 +68,19 @@ class parse_message
// Transform \r\n and \r into \n
$match = array('#\r\n?#', '#sid=[a-z0-9]*?&amp;?#', "#([\n][\s]+){3,}#");
$replace = array("\n", '', "\n\n");
- $this->message = trim(preg_replace($match, $replace, $this->message));
+ $this->message = preg_replace($match, $replace, $this->message);
// Message length check
- if (!strlen($this->message) || (intval($config['max_post_chars']) && strlen($this->message) > intval($config['max_post_chars'])))
+ if (!strlen($this->message) || ($config['max_post_chars'] && strlen($this->message) > $config['max_post_chars']))
{
$this->warn_msg[] = (!strlen($this->message)) ? $user->lang['TOO_FEW_CHARS'] : $user->lang['TOO_MANY_CHARS'];
return $this->warn_msg;
}
+ // Parse HTML
$this->html($html);
+
+ // Parse BBCode
if ($bbcode && strpos($this->message, '[') !== false)
{
$this->bbcode_init();
@@ -87,24 +94,27 @@ class parse_message
}
$this->bbcode();
}
+
+ // Parse Emoticons
$this->emoticons($smilies);
+
+ // Parse URL's
$this->magic_url($url);
return implode('<br />', $this->warn_msg);
}
+ // Parse HTML
function html($html)
{
global $config;
- $this->message = str_replace(array('<', '>'), array('&lt;', '&gt;'), $this->message);
-
if ($html && $config['allow_html_tags'])
{
// If $html is true then "allowed_tags" are converted back from entity
// form, others remain
$allowed_tags = split(',', $config['allow_html_tags']);
-
+
if (sizeof($allowed_tags))
{
$this->message = preg_replace('#&lt;(\/?)(' . str_replace('*', '.*?', implode('|', $allowed_tags)) . ')&gt;#is', '<$1$2>', $this->message);
@@ -112,6 +122,86 @@ class parse_message
}
}
+ // Replace magic urls of form http://xxx.xxx., www.xxx. and xxx@xxx.xxx.
+ // Cuts down displayed size of link if over 50 chars, turns absolute links
+ // into relative versions when the server/script path matches the link
+ function magic_url($url)
+ {
+ global $config;
+
+ if ($url)
+ {
+ $server_protocol = ( $config['cookie_secure'] ) ? 'https://' : 'http://';
+ $server_port = ( $config['server_port'] <> 80 ) ? ':' . trim($config['server_port']) . '/' : '/';
+
+ $match = array();
+ $replace = array();
+
+ // relative urls for this board
+ $match[] = '#(^|[\n ])' . $server_protocol . trim($config['server_name']) . $server_port . preg_replace('/^\/?(.*?)(\/)?$/', '$1', trim($config['script_path'])) . '/([^ \t\n\r<"\']+)#i';
+ $replace[] = '<!-- l --><a href="$1" target="_blank">$1</a><!-- l -->';
+
+ // matches a xxxx://aaaaa.bbb.cccc. ...
+ $match[] = '#(^|[\n ])([\w]+?://.*?[^ \t\n\r<"\']*)#ie';
+ $replace[] = "'\$1<!-- m --><a href=\"\$2\" target=\"_blank\">' . ((strlen('\$2') > 55) ? substr('\$2', 0, 39) . ' ... ' . substr('\$2', -10) : '\$2') . '</a><!-- m -->'";
+
+ // matches a "www.xxxx.yyyy[/zzzz]" kinda lazy URL thing
+ $match[] = '#(^|[\n ])(www\.[\w\-]+\.[\w\-.\~]+(?:/[^ \t\n\r<"\']*)?)#ie';
+ $replace[] = "'\$1<!-- w --><a href=\"http://\$2\" target=\"_blank\">' . ((strlen('\$2') > 55) ? substr(str_replace(' ', '%20', '\$2'), 0, 39) . ' ... ' . substr('\$2', -10) : '\$2') . '</a><!-- w -->'";
+
+ // matches an email@domain type address at the start of a line, or after a space.
+ $match[] = '#(^|[\n ])([a-z0-9&\-_.]+?@[\w\-]+\.([\w\-\.]+\.)?[\w]+)#ie';
+ $replace[] = "'\$1<!-- e --><a href=\"mailto:\$2\">' . ((strlen('\$2') > 55) ? substr('\$2', 0, 39) . ' ... ' . substr('\$2', -10) : '\$2') . '</a><!-- e -->'";
+
+ $this->message = preg_replace($match, $replace, $this->message);
+ }
+ }
+
+ function emoticons($smilie)
+ {
+ global $db, $user, $phpbb_root_path, $config;
+
+ if (!$smilie)
+ {
+ return;
+ }
+
+ $sql = 'SELECT *
+ FROM ' . SMILIES_TABLE;
+ $result = $db->sql_query($sql);
+
+ // TEMP - maybe easier regular expression processing... at the moment two newlines prevents smilie substitution.
+ $this->message = str_replace("\n", "\\n", $this->message);
+
+ if ($row = $db->sql_fetchrow($result))
+ {
+ $match = $replace = array();
+
+ do
+ {
+ $match[] = "#(?<=.\W|\W.|\W)" . preg_quote($row['code'], '#') . "(?=.\W|\W.|\W$)#";
+ $replace[] = '<!-- s' . $row['code'] . ' --><img src="{SMILE_PATH}/' . $row['smile_url'] . '" border="0" alt="' . $row['emoticon'] . '" title="' . $row['emoticon'] . '" /><!-- s' . $row['code'] . ' -->';
+ }
+ while ($row = $db->sql_fetchrow($result));
+
+ if ($config['max_post_smilies'])
+ {
+ $num_matches = preg_match_all('#' . str_replace('#', '', implode('|', $match)) . '#', $this->message, $matches);
+
+ if ($num_matches !== false && $num_matches > intval($config['max_post_smilies']))
+ {
+ $this->message = str_replace("\\n", "\n", $this->message);
+ $this->warn_msg[] = $user->lang['TOO_MANY_SMILIES'];
+ return;
+ }
+ }
+
+ $this->message = trim(preg_replace($match, $replace, ' ' . $this->message . ' '));
+ $this->message = str_replace("\\n", "\n", $this->message);
+ }
+ }
+
+ // Parse BBCode
function bbcode()
{
if (!$this->bbcodes)
@@ -584,100 +674,36 @@ class parse_message
function validate_url($var1, $var2)
{
- $url = ($var1) ? stripslashes($var1) : stripslashes($var2);
-
- // Put validation regexps here
- $valid = false;
- if (preg_match('#^http(s?)://#i', $url))
- {
- $valid = true;
- }
- if ($valid)
- {
- return (!$url) ? '[url:' . $this->bbcode_uid . ']' . $url . '[/url:' . $this->bbcode_uid . ']' : "[url=$url:" . $this->bbcode_uid . ']' . stripslashes($var2) . '[/url:' . $this->bbcode_uid . ']';
- }
- return '[url' . (($var1) ? '=' . stripslashes($var1) : '') . ']' . stripslashes($var2) . '[/url]';
- }
-
- // Replace magic urls of form http://xxx.xxx., www.xxx. and xxx@xxx.xxx.
- // Cuts down displayed size of link if over 50 chars, turns absolute links
- // into relative versions when the server/script path matches the link
- function magic_url($url)
- {
global $config;
- if ($url)
- {
- $server_protocol = ( $config['cookie_secure'] ) ? 'https://' : 'http://';
- $server_port = ( $config['server_port'] <> 80 ) ? ':' . trim($config['server_port']) . '/' : '/';
-
- $match = array();
- $replace = array();
-
- // relative urls for this board
- $match[] = '#(^|[\n ])' . $server_protocol . trim($config['server_name']) . $server_port . preg_replace('/^\/?(.*?)(\/)?$/', '$1', trim($config['script_path'])) . '/([^ \t\n\r <"\']+)#i';
- $replace[] = '<!-- l --><a href="$1" target="_blank">$1</a><!-- l -->';
-
- // matches a xxxx://aaaaa.bbb.cccc. ...
- $match[] = '#(^|[\n ])([\w]+?://.*?[^ \t\n\r<"]*)#ie';
- $replace[] = "'\$1<!-- m --><a href=\"\$2\" target=\"_blank\">' . ((strlen('\$2') > 55) ? substr('\$2', 0, 39) . ' ... ' . substr('\$2', -10) : '\$2') . '</a><!-- m -->'";
-
- // matches a "www.xxxx.yyyy[/zzzz]" kinda lazy URL thing
- $match[] = '#(^|[\n ])(www\.[\w\-]+\.[\w\-.\~]+(?:/[^ \t\n\r<"]*)?)#ie';
- $replace[] = "'\$1<!-- w --><a href=\"http://\$2\" target=\"_blank\">' . ((strlen('\$2') > 55) ? substr(str_replace(' ', '%20', '\$2'), 0, 39) . ' ... ' . substr('\$2', -10) : '\$2') . '</a><!-- w -->'";
-
- // matches an email@domain type address at the start of a line, or after a space.
- $match[] = '#(^|[\n ])([a-z0-9&\-_.]+?@[\w\-]+\.([\w\-\.]+\.)?[\w]+)#ie';
- $replace[] = "'\$1<!-- e --><a href=\"mailto:\$2\">' . ((strlen('\$2') > 55) ? substr('\$2', 0, 39) . ' ... ' . substr('\$2', -10) : '\$2') . '</a><!-- e -->'";
-
- $this->message = preg_replace($match, $replace, $this->message);
- }
- }
+ $url = ($var1) ? stripslashes($var1) : stripslashes($var2);
+ $valid = false;
- function emoticons($smilie)
- {
- global $db, $user, $phpbb_root_path, $config;
+ $server_protocol = ( $config['cookie_secure'] ) ? 'https://' : 'http://';
+ $server_port = ( $config['server_port'] <> 80 ) ? ':' . trim($config['server_port']) . '/' : '/';
- if (!$smilie)
+ // relative urls for this board
+ if (preg_match('#' . $server_protocol . trim($config['server_name']) . $server_port . preg_replace('/^\/?(.*?)(\/)?$/', '$1', trim($config['script_path'])) . '/([^ \t\n\r<"\']+)#i', $url) ||
+ preg_match('#([\w]+?://.*?[^ \t\n\r<"\']*)#i', $url) ||
+ preg_match('#(www\.[\w\-]+\.[\w\-.\~]+(?:/[^ \t\n\r<"\']*)?)#i', $url))
{
- return;
+ $valid = true;
}
- $sql = 'SELECT *
- FROM ' . SMILIES_TABLE;
- $result = $db->sql_query($sql);
-
- // TEMP - maybe easier regular expression processing... at the moment two newlines prevents smilie substitution.
- $this->message = str_replace("\n", "\\n", $this->message);
-
- if ($row = $db->sql_fetchrow($result))
+ if ($valid)
{
- $match = $replace = array();
-
- do
- {
- $match[] = "#(?<=.\W|\W.|\W)" . preg_quote($row['code'], '#') . "(?=.\W|\W.|\W$)#";
- $replace[] = '<!-- s' . $row['code'] . ' --><img src="{SMILE_PATH}/' . $row['smile_url'] . '" border="0" alt="' . $row['emoticon'] . '" title="' . $row['emoticon'] . '" /><!-- s' . $row['code'] . ' -->';
- }
- while ($row = $db->sql_fetchrow($result));
-
- if ($config['max_post_smilies'])
+ if (!preg_match('#^[\w]+?://.*?#i', $url))
{
- $num_matches = preg_match_all('#' . str_replace('#', '', implode('|', $match)) . '#', $this->message, $matches);
-
- if ($num_matches !== false && $num_matches > intval($config['max_post_smilies']))
- {
- $this->message = str_replace("\\n", "\n", $this->message);
- $this->warn_msg[] = $user->lang['TOO_MANY_SMILIES'];
- return;
- }
+ $url = 'http://' . $url;
}
- $this->message = trim(preg_replace($match, $replace, ' ' . $this->message . ' '));
- $this->message = str_replace("\\n", "\n", $this->message);
+ return ($var1) ? '[url=' . $url . ':' . $this->bbcode_uid . ']' . stripslashes($var2) . '[/url:' . $this->bbcode_uid . ']' : '[url:' . $this->bbcode_uid . ']' . $url . '[/url:' . $this->bbcode_uid . ']';
}
+
+ return '[url' . (($var1) ? '=' . stripslashes($var1) : '') . ']' . stripslashes($var2) . '[/url]';
}
+ // Parse Attachments
function parse_attachments($mode, $post_id, $submit, $preview, $refresh)
{
global $config, $auth, $user;
diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php
index dc577878e2..4e7ccc7d23 100644
--- a/phpBB/includes/ucp/ucp_profile.php
+++ b/phpBB/includes/ucp/ucp_profile.php
@@ -382,9 +382,7 @@ class ucp_profile extends module
{
include($phpbb_root_path . 'includes/message_parser.'.$phpEx);
- $message_parser = new parse_message();
-
- $message_parser->message = $signature;
+ $message_parser = new parse_message($signature);
$message_parser->parse($enable_html, $enable_bbcode, $enable_urls, $enable_smilies);
$sql_ary = array(
@@ -411,8 +409,7 @@ class ucp_profile extends module
// Fudge-o-rama ...
include($phpbb_root_path . 'includes/message_parser.'.$phpEx);
- $message_parser = new parse_message();
- $message_parser->message = $signature_preview;
+ $message_parser = new parse_message($signature_preview);
$message_parser->parse($enable_html, $enable_bbcode, $enable_urls, $enable_smilies);
$signature_preview = $message_parser->message;
diff --git a/phpBB/posting.php b/phpBB/posting.php
index 97d170586e..325a5f07c9 100644
--- a/phpBB/posting.php
+++ b/phpBB/posting.php
@@ -160,7 +160,7 @@ if ($sql)
$db->sql_freeresult($result);
}
- $message_parser = new parse_message(0);
+ $message_parser = new parse_message();
$message_parser->filename_data['filecomment'] = preg_replace('#&amp;(\#[0-9]+;)#', '&\1', request_var('filecomment', ''));
@@ -489,7 +489,7 @@ if ($submit || $preview || $refresh)
$subject = preg_replace('#&amp;(\#[0-9]+;)#', '&\1', $subject);
- $message_parser->message = (isset($_POST['message'])) ? htmlspecialchars(trim(str_replace(array('\\\'', '\\"', '\\0', '\\\\'), array('\'', '"', '\0', '\\'), $_POST['message']))) : '';
+ $message_parser->message = (isset($_POST['message'])) ? htmlspecialchars(str_replace(array('\\\'', '\\"', '\\0', '\\\\'), array('\'', '"', '\0', '\\'), $_POST['message'])) : '';
$message_parser->message = preg_replace('#&amp;(\#[0-9]+;)#', '&\1', $message_parser->message);
$username = ($_POST['username']) ? request_var('username', '') : $username;
generated by cgit v1.2.1 (git 2.21.0) at 2025-06-20 11:31:37 +0000