diff options
Diffstat (limited to 'phpBB/includes')
| -rw-r--r-- | phpBB/includes/bbcode.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/post.php | 12 |
2 files changed, 5 insertions, 9 deletions
diff --git a/phpBB/includes/bbcode.php b/phpBB/includes/bbcode.php index 70599a6c60..528c00eba0 100644 --- a/phpBB/includes/bbcode.php +++ b/phpBB/includes/bbcode.php @@ -364,7 +364,7 @@ function bbencode_first_pass_pda($text, $uid, $open_tag, $close_tag, $close_tag_ function bbencode_second_pass_code($text, $uid) { // If HTML is turned on we undo any HTML special chars that were created by the viewtopic code. - $text = undo_htmlspecialchars($text); +// $text = undo_htmlspecialchars($text); $code_start_html = '<TABLE BORDER="0" ALIGN="CENTER" WIDTH="85%"><TR><TD><font size="-1">Code:</font><HR></TD></TR><TR><TD><FONT SIZE="-1"><PRE>'; $code_end_html = '</PRE></FONT></TD></TR><TR><TD><HR></TD></TR></TABLE>'; diff --git a/phpBB/includes/post.php b/phpBB/includes/post.php index 9e135a259c..b66bf8c0bb 100644 --- a/phpBB/includes/post.php +++ b/phpBB/includes/post.php @@ -35,11 +35,7 @@ function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid // $message = trim($message); - if( !$html_on ) - { - $message = htmlspecialchars($message); - } -/* else if($html_on) + if( $html_on ) { $start = -1; $end = 0; @@ -62,7 +58,7 @@ function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid $match_tag = trim($board_config['allow_html_tags'][$i]); list($match_tag_split) = explode(" ", $match_tag); - if( preg_match("/^((\/$match_tag_split$)|($match_tag))[ \=]+/i", substr($message, $start + 1, $length - 2) . " ") ) + if( preg_match("/^((\/" . $match_tag_split . ")|(" . $match_tag . "))[ \=]+/i", trim(substr($message, $start + 1, $length - 2)) . " ") ) { $tagallowed = 1; } @@ -70,14 +66,14 @@ function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid if($length && !$tagallowed) { - $message = str_replace(substr($message, $start, $length), "", $message); + $message = str_replace(substr($message, $start, $length), htmlspecialchars(substr($message, $start, $length)), $message); } } $start = -1; } } } -*/ + if($bbcode_on) { $message = bbencode_first_pass($message, $bbcode_uid); |