From c125ae12761e99a0f11703bbbec0defb29ad90c4 Mon Sep 17 00:00:00 2001 From: David M Date: Tue, 20 Jun 2006 00:21:16 +0000 Subject: oops? git-svn-id: file:///svn/phpbb/trunk@6106 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/message_parser.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes/message_parser.php') diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index a0dcd821fd..a4d003c3a2 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -97,7 +97,7 @@ class bbcode_firstpass extends bbcode 'url' => array('bbcode_id' => 3, 'regexp' => array('#\[url(=(.*))?\](.*)\[/url\]#iUe' => "\$this->validate_url('\$2', '\$3')")), 'img' => array('bbcode_id' => 4, 'regexp' => array('#\[img\](https?://)([a-z0-9\-\.,\?!%\*_:;~\\&$@/=\+]+)\[/img\]#ie' => "\$this->bbcode_img('\$1\$2')")), 'size' => array('bbcode_id' => 5, 'regexp' => array('#\[size=([\-\+]?[1-2]?[0-9])\](.*?)\[/size\]#ise' => "\$this->bbcode_size('\$1', '\$2')")), - 'color' => array('bbcode_id' => 6, 'regexp' => array('!\[color=(#[0-9A-F]{6}|[a-z\-]+)\](.*?)\[/color\]!ise' => "\$this->bbcode_color('\$1', '\$2')")), + 'color' => array('bbcode_id' => 6, 'regexp' => array('!\[color=(#[0-9A-Fa-f]{6}|[a-z\-]+)\](.*?)\[/color\]!ise' => "\$this->bbcode_color('\$1', '\$2')")), 'u' => array('bbcode_id' => 7, 'regexp' => array('#\[u\](.*?)\[/u\]#ise' => "\$this->bbcode_underline('\$1')")), 'list' => array('bbcode_id' => 9, 'regexp' => array('#\[list(=[a-z|0-9|(?:disc|circle|square))]+)?\].*\[/list\]#ise' => "\$this->bbcode_parse_list('\$0')")), 'email' => array('bbcode_id' => 10, 'regexp' => array('#\[email=?(.*?)?\](.*?)\[/email\]#ise' => "\$this->validate_email('\$1', '\$2')")), -- cgit v1.2.1 From 725b21f2d206efb4b34eb95ec3329bc81f66b805 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Thu, 22 Jun 2006 15:14:03 +0000 Subject: time to squash some bugs git-svn-id: file:///svn/phpbb/trunk@6114 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/message_parser.php | 49 ++++++++++++++++++++++++++------------- 1 file changed, 33 insertions(+), 16 deletions(-) (limited to 'phpBB/includes/message_parser.php') diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index a4d003c3a2..d74a58524f 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -78,6 +78,23 @@ class bbcode_firstpass extends bbcode } } + /** + * Prepare some bbcodes for better parsing + */ + function prepare_bbcodes() + { + // Add newline at the end and in front of each quote block to prevent parsing errors (urls, smilies, etc.) + if (strpos($this->message, '[quote') !== false) + { + $in = str_replace("\r\n", "\n", $this->message); + + $this->message = preg_replace(array('#\[quote(=".*?")?\]([^\n])#is', '#([^\n])\[\/quote\]#is'), array("[quote\\1]\n\\2", "\\1\n[/quote]"), $this->message); + $this->message = preg_replace(array('#\[quote(=".*?")?\]([^\n])#is', '#([^\n])\[\/quote\]#is'), array("[quote\\1]\n\\2", "\\1\n[/quote]"), $this->message); + } + + // Add other checks which needs to be placed before actually parsing anything (be it bbcodes, smilies, urls...) + } + /** * Init bbcode data for later parsing */ @@ -565,12 +582,6 @@ class bbcode_firstpass extends bbcode $tok = ']'; $out = '['; - // Add newline at the end and in front of each quote block to prevent parsing errors (urls, smilies, etc.) - $in = preg_replace(array('#\[quote(=".*?")?\]([^\n])#is', '#([^\n])\[\/quote\]#is'), array("[quote\\1]\n\\2", "\\1\n[/quote]"), $in); - $in = preg_replace(array('#\[quote(=".*?")?\]([^\n])#is', '#([^\n])\[\/quote\]#is'), array("[quote\\1]\n\\2", "\\1\n[/quote]"), $in); - - $in = str_replace("\r\n", "\n", str_replace('\"', '"', trim($in))); - $in = substr($in, 1); $close_tags = $error_ary = array(); $buffer = ''; @@ -897,15 +908,7 @@ class parse_message extends bbcode_firstpass } } - // Parse smilies - if ($allow_smilies) - { - $this->smilies($config['max_' . $mode . '_smilies']); - } - - $num_urls = 0; - - // Parse BBCode + // Prepare BBcode (just prepares some tags for better parsing) if ($allow_bbcode && strpos($this->message, '[') !== false) { $this->bbcode_init(); @@ -917,8 +920,22 @@ class parse_message extends bbcode_firstpass $this->bbcodes[$bool]['disabled'] = true; } } - $this->parse_bbcode(); + $this->prepare_bbcodes(); + } + + // Parse smilies + if ($allow_smilies) + { + $this->smilies($config['max_' . $mode . '_smilies']); + } + + $num_urls = 0; + + // Parse BBCode + if ($allow_bbcode && strpos($this->message, '[') !== false) + { + $this->parse_bbcode(); $num_urls += $this->parsed_items['url']; } -- cgit v1.2.1 From 6df6eb0e601d459544b0cbcee063cf19c01bb37d Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Sat, 1 Jul 2006 19:11:52 +0000 Subject: - add additional auth check to the permission roles modules - added new function to return globally used expressions (get_preg_expression($mode)). This should be very helpful in getting wide spread similar checks (regular expressions) to one place reducing the risk of forgetting to change every location if you fix one. ;) We will add additional ones later, at the moment only the email check is retrieved... - added "active module" var to the module class returning the current active module - changed call to image magick - add administrator to global moderators group by default - extend auth_option column a little bit - other bugfixes git-svn-id: file:///svn/phpbb/trunk@6135 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/message_parser.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes/message_parser.php') diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index d74a58524f..85f99d349b 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -720,7 +720,7 @@ class bbcode_firstpass extends bbcode $validated = true; - if (!preg_match('!([a-z0-9]+[a-z0-9\-\._]*@(?:(?:[0-9]{1,3}\.){3,5}[0-9]{1,3}|[a-z0-9]+[a-z0-9\-\._]*\.[a-z]+))!i', $email)) + if (!preg_match('/^' . get_preg_expression('email') . '$/i', $email)) { $validated = false; } -- cgit v1.2.1 From 462dc69b8e8568f4656675b31b99a31ad98e1331 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Thu, 6 Jul 2006 16:46:53 +0000 Subject: some bugfixes git-svn-id: file:///svn/phpbb/trunk@6149 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/message_parser.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'phpBB/includes/message_parser.php') diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index 85f99d349b..26e754033a 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -803,8 +803,10 @@ class bbcode_firstpass extends bbcode { global $config, $phpEx, $user; + $check_path = ($user->page['root_script_path'] != '/') ? substr($user->page['root_script_path'], 0, -1) : '/'; + // Is the user trying to link to a php file in this domain and script path? - if (strpos($url, ".{$phpEx}") !== false && strpos($url, substr($user->page['root_script_path'], 0, -1)) !== false) + if (strpos($url, ".{$phpEx}") !== false && strpos($url, $check_path) !== false) { $server_name = (!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'); @@ -816,7 +818,7 @@ class bbcode_firstpass extends bbcode // Check again in correct order... $pos_ext = strpos($url, ".{$phpEx}"); - $pos_path = strpos($url, substr($user->page['root_script_path'], 0, -1)); + $pos_path = strpos($url, $check_path); $pos_domain = strpos($url, $server_name); if ($pos_domain !== false && $pos_path >= $pos_domain && $pos_ext >= $pos_path) -- cgit v1.2.1 From 46af817cb058e2eecd89081af4a40075426a32ef Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Sun, 9 Jul 2006 16:23:57 +0000 Subject: - tackle some usability issues - fix bug #3147 - added the lock-images made by SHS` - fixed MSSQL errors (adding the correct ESCAPE sequence) git-svn-id: file:///svn/phpbb/trunk@6161 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/message_parser.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes/message_parser.php') diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index 26e754033a..b5090d3950 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -164,7 +164,7 @@ class bbcode_firstpass extends bbcode $in = str_replace("\r\n", "\n", str_replace('\"', '"', $in)); // Trimming here to make sure no empty bbcodes are parsed accidently - if (!trim($in)) + if (trim($in) == '') { return false; } -- cgit v1.2.1 From c4f2430645dbc8cba38c1ea3f08366034bba7127 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Thu, 13 Jul 2006 12:51:56 +0000 Subject: - renamed the following columns: comment -> attach_comment new, forwarded, unread, marked, deleted -> pm_new, pm_forwarded, pm_unread, pm_marked, pm_deleted module_name -> module_basename value -> lang_value - every column is now NOT NULL - every column is now having a DEFAULT value - hopefully mostly consistent across every db schema - untested schemas: sqlite, oracle, firebird git-svn-id: file:///svn/phpbb/trunk@6177 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/message_parser.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'phpBB/includes/message_parser.php') diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index b5090d3950..a44a11d566 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -1148,7 +1148,7 @@ class parse_message extends bbcode_firstpass { $new_entry = array( 'physical_filename' => $filedata['physical_filename'], - 'comment' => $this->filename_data['filecomment'], + 'attach_comment' => $this->filename_data['filecomment'], 'real_filename' => $filedata['real_filename'], 'extension' => $filedata['extension'], 'mimetype' => $filedata['mimetype'], @@ -1218,7 +1218,7 @@ class parse_message extends bbcode_firstpass $edit_comment = request_var('edit_comment', array(0 => '')); $edit_comment = key($edit_comment); - $this->attachment_data[$edit_comment]['comment'] = $actual_comment_list[$edit_comment]; + $this->attachment_data[$edit_comment]['attach_comment'] = $actual_comment_list[$edit_comment]; } if (($add_file || $preview) && $upload_file) @@ -1232,7 +1232,7 @@ class parse_message extends bbcode_firstpass { $new_entry = array( 'physical_filename' => $filedata['physical_filename'], - 'comment' => $this->filename_data['filecomment'], + 'attach_comment' => $this->filename_data['filecomment'], 'real_filename' => $filedata['real_filename'], 'extension' => $filedata['extension'], 'mimetype' => $filedata['mimetype'], @@ -1308,7 +1308,7 @@ class parse_message extends bbcode_firstpass { $pos = $attach_ids[$row['attach_id']]; $this->attachment_data[$pos] = $row; - set_var($this->attachment_data[$pos]['comment'], $_POST['attachment_data'][$pos]['comment'], 'string', true); + set_var($this->attachment_data[$pos]['attach_comment'], $_POST['attachment_data'][$pos]['attach_comment'], 'string', true); unset($attach_ids[$row['attach_id']]); } @@ -1348,7 +1348,7 @@ class parse_message extends bbcode_firstpass 'thumbnail' => (file_exists($phpbb_root_path . $config['upload_path'] . '/thumb_' . $physical_filename)) ? 1 : 0, ); - set_var($this->attachment_data[$pos]['comment'], $_POST['attachment_data'][$pos]['comment'], 'string', true); + set_var($this->attachment_data[$pos]['attach_comment'], $_POST['attachment_data'][$pos]['attach_comment'], 'string', true); set_var($this->attachment_data[$pos]['real_filename'], $_POST['attachment_data'][$pos]['real_filename'], 'string', true); set_var($this->attachment_data[$pos]['filetime'], $_POST['attachment_data'][$pos]['filetime'], 'int'); -- cgit v1.2.1 From 9532514c2a566437a9524af1dfca298da58fd40a Mon Sep 17 00:00:00 2001 From: David M Date: Mon, 24 Jul 2006 10:08:36 +0000 Subject: OK... This commit should increase the total number of BBCodes from 31 to 2040. Some things to watch out for: Each database likes to deal with binary data in its own, special way. They are, quite frankly, too cool for school. MySQL, MSSQL and Oracle all allow me to send in a default value for their binary column using a hex number. However, MSSQL forces me to send the specific data as a hex number and thus we must CAST it. PostgreSQL allows me to set a binary column, but with a twist. It demands that the default be in _octal_ and its datatype allows somewhere around a gigabyte's worth of BBCodes ( PGSQL users, we shut you down to 2040 for your own good! ) Firebird has no decent mechanism for allowing me to shuttle in binary data so I must force my way in. By virtue of triggers and a UDF, we ram in our default values. SQLite is the most bizarre of them all. They have no mechanism for turning an ASCII code into a ASCII character. Because of this, we have a trigger and a UDF (just like Firebird!) but with a twist! The UDF is defined on the PHP side of things instead of SQL. SQLite also demands that it's data be encoded before being sent off. Other notes: - SQLite installs again :D - Firebird nearly installs again :P - Database backup is not screwed up :P P.S. I hope nothing broke :D git-svn-id: file:///svn/phpbb/trunk@6209 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/message_parser.php | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) (limited to 'phpBB/includes/message_parser.php') diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index a44a11d566..37376c17e8 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -43,7 +43,9 @@ class bbcode_firstpass extends bbcode } global $user; - $this->bbcode_bitfield = 0; + + $this->bbcode_bitfield = ''; + $bitfield = new bitfield(); $size = strlen($this->message); foreach ($this->bbcodes as $bbcode_name => $bbcode_data) @@ -72,10 +74,12 @@ class bbcode_firstpass extends bbcode $new_size = strlen($this->message); if ($size != $new_size) { - $this->bbcode_bitfield |= (1 << $bbcode_data['bbcode_id']); + $bitfield->set($bbcode_data['bbcode_id']); $size = $new_size; } } + + $this->bbcode_bitfield = $bitfield->get_blob(); } /** @@ -1376,21 +1380,21 @@ class parse_message extends bbcode_firstpass // Parse Poll Option text ;) $tmp_message = $this->message; $this->message = $poll['poll_option_text']; - $bbcode_bitfield = $this->bbcode_bitfield; + $poll['poll_option_text'] = $this->parse($poll['enable_bbcode'], $poll['enable_urls'], $poll['enable_smilies'], $poll['img_status'], false, false, false); - $this->bbcode_bitfield |= $bbcode_bitfield; + $this->message = $tmp_message; // Parse Poll Title $tmp_message = $this->message; $this->message = $poll['poll_title']; - $bbcode_bitfield = $this->bbcode_bitfield; + $poll['poll_title'] = $this->parse($poll['enable_bbcode'], $poll['enable_urls'], $poll['enable_smilies'], $poll['img_status'], false, false, false); - $this->bbcode_bitfield |= $bbcode_bitfield; + $this->message = $tmp_message; unset($tmp_message); -- cgit v1.2.1 From 82f42bb5fa611e790e02bc679b88ce90b3f8156b Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Thu, 3 Aug 2006 15:23:34 +0000 Subject: - custom profile field fixed - fixing sql_fetchfield from cache - changing the quote parser. In my tests i have not seen changed behaviour - but i might have broken something with this change. git-svn-id: file:///svn/phpbb/trunk@6232 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/message_parser.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'phpBB/includes/message_parser.php') diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index 37376c17e8..8d51a195c6 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -692,7 +692,8 @@ class bbcode_firstpass extends bbcode else { $out .= $buffer . $tok; - $tok = ($tok == '[') ? ']' : '[]'; + // $tok = ($tok == '[') ? ']' : '[]'; + $tok = '[]'; $buffer = ''; } } -- cgit v1.2.1 From 86f3d738a0efbf5c50bdf112841aba2c8b859e85 Mon Sep 17 00:00:00 2001 From: David M Date: Fri, 11 Aug 2006 21:52:46 +0000 Subject: so.... what does this thing do? well, the super fast, ultra efficient, massively huge BBCode handling system was implemented differently on each DBMS. Although this provided the best performance, the solution was a bit hacky. So what does this new thing do? We use base64 encoding to make everything nice and shiny, it turns into nice, safe characters that we can just jam into varchars on essentially any database. This has two implications: we must decode every bitfield we get AND we have slightly fewer IDs to work with. It goes down from 2040 BBCodes to 1512. We lose like a quarter of them :P P.S. I hope nothing broke :P git-svn-id: file:///svn/phpbb/trunk@6263 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/message_parser.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes/message_parser.php') diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index 8d51a195c6..94e4d94d04 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -79,7 +79,7 @@ class bbcode_firstpass extends bbcode } } - $this->bbcode_bitfield = $bitfield->get_blob(); + $this->bbcode_bitfield = $bitfield->get_base64(); } /** -- cgit v1.2.1 From 8405f0d324fd42bec2f775986e69e5d8cf548ebf Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Sat, 12 Aug 2006 13:14:39 +0000 Subject: sql_in_set changes git-svn-id: file:///svn/phpbb/trunk@6271 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/message_parser.php | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) (limited to 'phpBB/includes/message_parser.php') diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index 94e4d94d04..6aa78d091f 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -410,12 +410,11 @@ class bbcode_firstpass extends bbcode switch (strtolower($stx)) { case 'php': - $code = trim($code); $remove_tags = false; $code = str_replace(array('<', '>'), array('<', '>'), $code); - if (!preg_match('/^\<\?.*?\?\>/is', $code)) + if (!preg_match('/\<\?.*?\?\>/is', $code)) { $remove_tags = true; $code = ""; @@ -438,7 +437,7 @@ class bbcode_firstpass extends bbcode { $str_from[] = '<?php '; $str_to[] = ''; - $str_from[] = '<?php '; + $str_from[] = '<?php '; $str_to[] = ''; } @@ -453,6 +452,12 @@ class bbcode_firstpass extends bbcode $code = preg_replace('#^(.*)#s', '$2', $code); $code = preg_replace('#(?:[\n\r\s\t]| )*$#', '', $code); + // remove newline at the end + if (!empty($code) && $code{strlen($code)-1} == "\n") + { + $code = substr($code, 0, -1); + } + $out .= "[code=$stx:" . $this->bbcode_uid . ']' . $code . '[/code:' . $this->bbcode_uid . ']'; break; @@ -1303,7 +1308,7 @@ class parse_message extends bbcode_firstpass // Get the data from the attachments $sql = 'SELECT attach_id, physical_filename, real_filename, extension, mimetype, filesize, filetime, thumbnail FROM ' . ATTACHMENTS_TABLE . ' - WHERE attach_id IN (' . implode(', ', array_keys($attach_ids)) . ') + WHERE ' . $db->sql_in_set('attach_id', array_keys($attach_ids)) . ' AND poster_id = ' . $check_user_id; $result = $db->sql_query($sql); @@ -1332,8 +1337,8 @@ class parse_message extends bbcode_firstpass include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx); $sql = 'SELECT attach_id - FROM ' . ATTACHMENTS_TABLE . " - WHERE LOWER(physical_filename) IN ('" . implode("', '", array_map('strtolower', $filenames)) . "')"; + FROM ' . ATTACHMENTS_TABLE . ' + WHERE ' . $db->sql_in_set('LOWER(physical_filename)', array_map('strtolower', $filenames)); $result = $db->sql_query_limit($sql, 1); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); -- cgit v1.2.1