diff --git a/e107_core/bbcodes/bb_img.php b/e107_core/bbcodes/bb_img.php index 69ce7d5f8..051bf9ffb 100644 --- a/e107_core/bbcodes/bb_img.php +++ b/e107_core/bbcodes/bb_img.php @@ -20,15 +20,17 @@ class bb_img extends e_bb_base $parms = eHelper::scParams($parm); $safe = array(); - if(vartrue($parms['class'])) $safe['class'] = eHelper::secureClassAttr($parms['class']); - if(vartrue($parms['id'])) $safe['id'] = eHelper::secureIdAttr($parms['id']); - if(vartrue($parms['style'])) $safe['style'] = eHelper::secureStyleAttr($parms['style']); - if(vartrue($parms['alt'])) $safe['alt'] = e107::getParser()->filter($parms['alt'],'str'); + if(!empty($parms['class'])) $safe['class'] = eHelper::secureClassAttr($parms['class']); + if(!empty($parms['id'])) $safe['id'] = eHelper::secureIdAttr($parms['id']); + if(!empty($parms['style'])) $safe['style'] = eHelper::secureStyleAttr($parms['style']); + if(!empty($parms['alt'])) $safe['alt'] = e107::getParser()->filter($parms['alt'],'str'); + if(isset($parms['width'])) $safe['width'] = (int) $parms['width']; - if($safe) + if(!empty($safe)) { return '[img '.eHelper::buildAttr($safe).']'.$code_text.'[/img]'; } + return '[img]'.$code_text.'[/img]'; } @@ -166,9 +168,7 @@ class bb_img extends e_bb_base return $this->mediaImage($code_text, $parm); } - - var_dump($code_text); - + if (preg_match("#\.php\?.*#",$code_text)){return "";} //XXX Breaks MediaManager Images, so do it after mediaManager check. $addlink = FALSE; diff --git a/e107_handlers/bbcode_handler.php b/e107_handlers/bbcode_handler.php index ea84f98a2..d316141bc 100644 --- a/e107_handlers/bbcode_handler.php +++ b/e107_handlers/bbcode_handler.php @@ -684,7 +684,7 @@ class e_bbcode foreach($arr['img'] as $img) { - if(substr($img['src'],0,4) == 'http' || strpos($img['src'], e_IMAGE_ABS.'emotes/')!==false) // dont resize external images or emoticons. + if(/*substr($img['src'],0,4) == 'http' ||*/ strpos($img['src'], e_IMAGE_ABS.'emotes/')!==false) // dont resize external images or emoticons. { continue; } @@ -693,7 +693,7 @@ class e_bbcode $qr = $tp->thumbUrlDecode($img['src']); // extract width/height and src from thumb URLs. - if(substr($qr['src'],0,4)!=='http' && empty($qr['w']) && empty($qr['aw'])) + if(strpos($qr['src'],'http')!==0 && empty($qr['w']) && empty($qr['aw'])) { $qr['w'] = $img['width']; $qr['h'] = $img['height']; @@ -701,7 +701,7 @@ class e_bbcode $qr['ebase'] = true; - unset($img['src'],$img['srcset'],$img['@value'], $img['caption'], $img['alt']); + if(!empty($img['class'])) { @@ -729,9 +729,14 @@ class e_bbcode } - $parms = !empty($img) ? ' '.str_replace('+', ' ', http_build_query($img,null, '&')) : ""; - $code_text = str_replace($tp->getUrlConstants('raw'), $tp->getUrlConstants('sc'), $qr['src']); + + + + $code_text = (strpos($img['src'],'http') === 0) ? $img['src'] : str_replace($tp->getUrlConstants('raw'), $tp->getUrlConstants('sc'), $qr['src']); + + unset($img['src'],$img['srcset'],$img['@value'], $img['caption'], $img['alt']); + $parms = !empty($img) ? ' '.str_replace('+', ' ', http_build_query($img,null, '&')) : ""; $replacement = '[img'.$parms.']'.$code_text.'[/img]'; diff --git a/e107_handlers/e_parse_class.php b/e107_handlers/e_parse_class.php index ae92f7aed..204a3952b 100644 --- a/e107_handlers/e_parse_class.php +++ b/e107_handlers/e_parse_class.php @@ -2628,7 +2628,7 @@ class e_parse extends e_parser */ public function staticUrl($path=null) { - if(!defined('e_HTTP_STATIC')) + if(!defined('e_HTTP_STATIC') || deftrue('e_ADMIN_AREA')) { // e107::getDebug()->log("e_HTTP_STATIC not defined"); return ($path === null) ? e_HTTP : $path; @@ -5466,7 +5466,7 @@ class e_emotefilter return; } - $base = defined('e_HTTP_STATIC') && is_string(e_HTTP_STATIC) ? e_HTTP_STATIC : SITEURLBASE; + $base = defined('e_HTTP_STATIC') && is_string(e_HTTP_STATIC) ? e_HTTP_STATIC : SITEURLBASE; foreach($this->emotes as $key => $value) { diff --git a/e107_plugins/tinymce4/plugins/e107/parser.php b/e107_plugins/tinymce4/plugins/e107/parser.php index 97394937e..e5b5d3352 100644 --- a/e107_plugins/tinymce4/plugins/e107/parser.php +++ b/e107_plugins/tinymce4/plugins/e107/parser.php @@ -19,6 +19,7 @@ $_E107['no_menus'] = true; $_E107['no_forceuserupdate'] = true; $_E107['no_maintenance'] = true; +define('e_ADMIN_AREA', true); if(!defined('TINYMCE_DEBUG')) { require_once("../../../../class2.php");