diff options
Diffstat (limited to 'phpBB/includes/post.php')
| -rw-r--r-- | phpBB/includes/post.php | 56 |
1 files changed, 33 insertions, 23 deletions
diff --git a/phpBB/includes/post.php b/phpBB/includes/post.php index 9d41b85f28..ac364f6472 100644 --- a/phpBB/includes/post.php +++ b/phpBB/includes/post.php @@ -35,50 +35,60 @@ function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid if( $html_on ) { - $start = -1; - $end = 0; + $html_entities_match = array("#<#", "#>#", "#& #"); + $html_entities_replace = array("<", ">", "& "); - for($h = 0; $h < strlen($message); $h++) - { - $start = strpos($message, "<", $h); + $start_html = 1; - if($start > -1) + $message = " " . $message; + while( $start_html = strpos($message, "<", $start_html) ) + { + if( $end_html = strpos($message, ">", $start_html) ) { - $end = strpos($message, ">", $start); + $length = $end_html - $start_html + 1; - if($end) + $tagallowed = 0; + for($i = 0; $i < sizeof($board_config['allow_html_tags']); $i++) { - $length = $end - $start + 1; - $tagallowed = 0; + $match_tag = trim($board_config['allow_html_tags'][$i]); - for($i = 0; $i < sizeof($board_config['allow_html_tags']); $i++) + if( preg_match("/^[\/]?" . $match_tag . "( .*?)*$/i", trim(substr($message, $start_html + 1, $length - 2))) ) { - $match_tag = trim($board_config['allow_html_tags'][$i]); - list($match_tag_split) = explode(" ", $match_tag); - - if( preg_match("/^((\/" . $match_tag_split . ")|(" . $match_tag . "))[ \=]+/i", trim(substr($message, $start + 1, $length - 2)) . " ") ) + if( !preg_match("/(^\?)|(\?$)/", trim(substr($message, $start_html + 1, $length - 2))) ) { $tagallowed = 1; } } + } - if($length && !$tagallowed) - { - $message = str_replace(substr($message, $start, $length), htmlspecialchars(substr($message, $start, $length)), $message); - } + if( $length && !$tagallowed ) + { + $message = str_replace(substr($message, $start_html, $length), preg_replace($html_entities_match, $html_entities_replace, substr($message, $start_html, $length)), $message); } - $start = -1; + + $start_html += $length; + } + else + { + $message = str_replace(substr($message, $start_html, 1), preg_replace($html_entities_match, $html_entities_replace, substr($message, $start_html, 1)), $message); + + $start_html = strlen($message); } } + $message = trim($message); + } + else + { + $html_entities_match = array("#<#", "#>#", "#& #"); + $html_entities_replace = array("<", ">", "& "); + $message = preg_replace($html_entities_match, $html_entities_replace, $message); } - if($bbcode_on) + if( $bbcode_on && $bbcode_uid != "" ) { $message = bbencode_first_pass($message, $bbcode_uid); } - $message = addslashes($message); - return($message); } |