diff --git a/e107_admin/newspost.php b/e107_admin/newspost.php index ef9eb75a0..8d323a308 100644 --- a/e107_admin/newspost.php +++ b/e107_admin/newspost.php @@ -1260,7 +1260,7 @@ class news_admin_ui extends e_admin_ui if ($sql->select("submitnews", "*", "submitnews_id=".intval($id))) { $row = $sql->fetch(); - $data['news_title'] = $tp->dataFilter($row['submitnews_title']); + $data['news_title'] = $tp->filter($row['submitnews_title']); $data['news_body'] = $row['submitnews_item']; $data['news_category'] = intval( $row['submitnews_category']); $data['news_body'] .= "\n[[b]".NWSLAN_49." {$row['submitnews_name']}[/b]]"; diff --git a/e107_core/bbcodes/bb_code.php b/e107_core/bbcodes/bb_code.php index edc839d47..124932f04 100644 --- a/e107_core/bbcodes/bb_code.php +++ b/e107_core/bbcodes/bb_code.php @@ -101,7 +101,7 @@ class bb_code extends e_bb_base // $highlighted_text = highlight_string($code_text, TRUE); // highlighted_text = str_replace(array("",""),"",$highlighted_text); $divClass = ($parm) ? $parm : 'code_highlight'; - $ret = "
".$code_text."
"; + $ret = "
".$code_text."
"; } diff --git a/e107_core/bbcodes/bb_img.php b/e107_core/bbcodes/bb_img.php index b3832b467..5450ccb96 100644 --- a/e107_core/bbcodes/bb_img.php +++ b/e107_core/bbcodes/bb_img.php @@ -163,7 +163,7 @@ $text = ''; foreach($imgParms as $key => $val) { - $text .= $key . "='" . $tp->toAttribute($val) . "' "; + $text .= $key . "='" . e107::getParser()->toAttribute($val) . "' "; } return $text; @@ -223,7 +223,7 @@ $code_text = str_replace($search, $replace, $code_text); - $code_text = $tp->toAttribute($code_text); + $code_text = e107::getParser()->toAttribute($code_text); $img_file = pathinfo($code_text); // 'External' file name. N.B. - might still contain a constant such as e_IMAGE diff --git a/e107_core/bbcodes/bb_youtube.php b/e107_core/bbcodes/bb_youtube.php index e48499ffd..e13c9e738 100644 --- a/e107_core/bbcodes/bb_youtube.php +++ b/e107_core/bbcodes/bb_youtube.php @@ -202,8 +202,11 @@ class bb_youtube extends e_bb_base { if(empty($code_text)) return ''; - list($dimensions,$tmp) = explode('|', $parm, 2); - + $t = explode('|', $parm, 2); + + $dimensions = varset($t[0]); + $tmp = varset($t[1]); + if($tmp) { parse_str(varset($tmp, ''), $bbparm); diff --git a/e107_core/bbcodes/email.bb b/e107_core/bbcodes/email.bb index 6114b5b7e..aed62755d 100644 --- a/e107_core/bbcodes/email.bb +++ b/e107_core/bbcodes/email.bb @@ -23,7 +23,7 @@ if($pref['make_clickable']) } // Old method that attracts SPAM. if ($parm) { - return "".$code_text.""; + return "".$code_text.""; } else { - return "".$code_text.""; + return "".$code_text.""; } \ No newline at end of file diff --git a/e107_core/bbcodes/file.bb b/e107_core/bbcodes/file.bb index 16d77fab6..42fa9bd62 100644 --- a/e107_core/bbcodes/file.bb +++ b/e107_core/bbcodes/file.bb @@ -48,5 +48,5 @@ if ((e_PAGE === 'page.php') || (array_key_exists('forum_attach', $pref) && $pref { $fname = str_replace('{e_BASE}', SITEURL, $fname); // Translate into an absolute URL } - return " ".$code_text.""; + return " ".$code_text.""; } diff --git a/e107_core/bbcodes/flash.bb b/e107_core/bbcodes/flash.bb index fc66dfdee..67f28b87c 100644 --- a/e107_core/bbcodes/flash.bb +++ b/e107_core/bbcodes/flash.bb @@ -3,7 +3,7 @@ $class = e107::getBB()->getClass('flash'); // USAGE: [flash=width,height,param_name=value¶m_name=value]http://www.example.com/file.swf[/flash] -$movie_path = $tp->toAttribute($code_text); +$movie_path = e107::getParser()->toAttribute($code_text); $parm_array = explode(',', $parm); $width = preg_replace('#[^0-9%]#', '', varsettrue($parm_array[0], 50)); diff --git a/e107_core/bbcodes/justify.bb b/e107_core/bbcodes/justify.bb index 29fa8f6b8..773f9d896 100644 --- a/e107_core/bbcodes/justify.bb +++ b/e107_core/bbcodes/justify.bb @@ -1,4 +1,4 @@ //getClass('justify'); -return "
$code_text
"; \ No newline at end of file +return "
$code_text
"; \ No newline at end of file diff --git a/e107_core/bbcodes/link.bb b/e107_core/bbcodes/link.bb index db2083103..cba18249e 100644 --- a/e107_core/bbcodes/link.bb +++ b/e107_core/bbcodes/link.bb @@ -3,7 +3,7 @@ $class = "bbcode ".e107::getBB()->getClass('link'); -global $pref; +global $pref, $parm; /** * e107 BBCodes @@ -28,7 +28,8 @@ global $pref; */ $tp = e107::getParser(); - $parm = $tp->dataFilter(trim($parm),'link'); + + $parm = $tp->filter(trim($parm)); /* Fix for people using link=external= */ if(strpos($parm,"external=") !== FALSE) @@ -70,5 +71,5 @@ global $pref; $insert = ($pref['links_new_window'] && strpos($link,"{e_")===FALSE && substr($link,0,1) != "#" && substr($link,0,1) != "/" && strpos($extras,"rel=internal")===FALSE) ? "rel='external' " : ""; } if (strtolower(substr($link,0,11)) == 'javascript:') return ''; - return "".$code_text.""; + return "".$code_text.""; diff --git a/e107_core/bbcodes/list.bb b/e107_core/bbcodes/list.bb index a22e71c9e..a5e4165a9 100644 --- a/e107_core/bbcodes/list.bb +++ b/e107_core/bbcodes/list.bb @@ -33,7 +33,7 @@ if (empty($parm)) } else { - $type = $tp -> toAttribute($parm); + $type = e107::getParser()->toAttribute($parm); $listtext = "\n
    "; $trailer = "
"; } diff --git a/e107_core/bbcodes/stream.bb b/e107_core/bbcodes/stream.bb index 3dd697858..9c6e69e4e 100755 --- a/e107_core/bbcodes/stream.bb +++ b/e107_core/bbcodes/stream.bb @@ -32,17 +32,19 @@ if (isset($stream_parms['height'])) { } $parmStr=""; +$MozparmStr = ''; +$IEparmStr = ''; foreach($stream_parms as $k => $v) { - $MozparmStr .= "\n"; - $IEparmStr .= $tp -> toAttribute($k)."='".$tp -> toAttribute($v)."' "; + $MozparmStr .= "\n"; + $IEparmStr .= e107::getParser()->toAttribute($k)."='".e107::getParser()->toAttribute($v)."' "; } $ret = " -\n"; -$ret .= "\n"; +\n"; +$ret .= "\n"; $ret .= $MozparmStr; -$ret .= " +$ret .= " "; diff --git a/e107_core/bbcodes/textarea.bb b/e107_core/bbcodes/textarea.bb index ab9724bfd..c8d3fa665 100644 --- a/e107_core/bbcodes/textarea.bb +++ b/e107_core/bbcodes/textarea.bb @@ -8,6 +8,6 @@ parse_str($parm, $tmp); foreach($tmp as $key => $p) { - $tastr .= $tp -> toAttribute($key)." = '".$tp -> toAttribute($p)."' "; + $tastr .= e107::getParser()->toAttribute($key)." = '".e107::getParser()->toAttribute($p)."' "; } return ""; diff --git a/e107_core/bbcodes/url.bb b/e107_core/bbcodes/url.bb index 40f53f910..3d4f18a97 100644 --- a/e107_core/bbcodes/url.bb +++ b/e107_core/bbcodes/url.bb @@ -10,12 +10,12 @@ if ($parm && $parm != 'external' && strpos($parm, ' ') === FALSE) $parm = preg_replace('#^external.#is', '', $parm); if (strtolower(substr($parm, 0, 11)) === 'javascript:') return ''; - return ''.$code_text.''; + return ''.$code_text.''; } else { if (strtolower(substr($code_text, 0, 11)) === 'javascript:') return ''; - return ''.$code_text.''; + return ''.$code_text.''; } diff --git a/e107_handlers/bbcode_handler.php b/e107_handlers/bbcode_handler.php index 508ea7fd3..788994ba1 100644 --- a/e107_handlers/bbcode_handler.php +++ b/e107_handlers/bbcode_handler.php @@ -27,7 +27,7 @@ if (!defined('e107_INIT')) { exit; } class e_bbcode { var $bbList; // Caches the file contents for each bbcode processed - var $bbLocation; // Location for each file - 'core' or a plugin name + var $bbLocation = array(); // Location for each file - 'core' or a plugin name var $preProcess = FALSE; // Set when processing bbcodes prior to saving var $core_bb = array(); var $class = FALSE; @@ -224,7 +224,7 @@ class e_bbcode else { // Opening code to process // If its a single code, we can process it now. Otherwise just stack the value - if (array_key_exists('_'.$bbword,$this->bbLocation)) + if (array_key_exists('_'.$bbword, $this->bbLocation)) { // Single code to process if (count($code_stack) == 0) { @@ -387,10 +387,23 @@ class e_bbcode * @todo - capturing output deprecated */ ob_start(); - $bbcode_return = eval($bbcode); //FIXME notice removal + try + { + $bbcode_return = eval($bbcode); //FIXME notice removal + } + catch (ParseError $e) + { + $error = $debugFile." -- ".$e->getMessage(); + } + $bbcode_output = ob_get_contents(); ob_end_clean(); + if(!empty($error)) + { + trigger_error($error, E_USER_NOTICE); + } + /* added to remove possibility of nested bbcode exploits ... */ if(strpos($bbcode_return, "[") !== FALSE) { diff --git a/e107_handlers/e_parse_class.php b/e107_handlers/e_parse_class.php index f69fa557b..4aa76085e 100644 --- a/e107_handlers/e_parse_class.php +++ b/e107_handlers/e_parse_class.php @@ -29,11 +29,6 @@ class e_parse extends e_parser */ protected $utfAction; - // Shortcode processor - see __get() - //var $e_sc; - - // BBCode processor - protected $e_bb; // Profanity filter public $e_pf; @@ -73,6 +68,8 @@ class e_parse extends e_parser // BBcode that contain preformatted code. private $preformatted = array('html', 'markdown'); + private $bbList = array(); + // Set up the defaults protected $e_optDefault = array( @@ -265,6 +262,7 @@ class e_parse extends e_parser $this->e_SuperMods[$key] = array_merge($this->e_optDefault , $this->e_SuperMods[$key]); $this->e_SuperMods[$key]['context'] = $key; } + } @@ -621,151 +619,23 @@ class e_parse extends e_parser */ public function htmlAbuseFilter($data, $tagList = '') { - trigger_error(''.__METHOD__.' is deprecated.', E_USER_DEPRECATED); // NO LAN - - if (empty($tagList)) - { - $checkTags = array('textarea', 'input', 'td', 'tr', 'table'); - } - else - { - $checkTags = explode(',', $tagList); - } - $tagArray = array_flip($checkTags); - foreach ($tagArray as &$v) { $v = 0; } // Data fields become zero; keys are tag names. - $data = strtolower(preg_replace('#\[code\].*?\[\/code\]#i', '', $data)); // Ignore code blocks. All lower case simplifies the rest - $matches = array(); - if (!preg_match_all('#<(\/|)([^<>]*?[^\/])>#', $data, $matches, PREG_SET_ORDER)) - { - //echo "No tags found
"; - return TRUE; // No tags found; so all OK - } - //print_a($matches); - foreach ($matches as $m) - { - // $m[0] is the complete tag; $m[1] is '/' or empty; $m[2] is the tag and any attributes - list ($tag) = explode(' ', $m[2], 2); - if (!isset($tagArray[$tag])) - { - continue; - } // Not a tag of interest - if ($m[1] === '/') - { // Closing tag - if ($tagArray[$tag] == 0) - { - //echo "Close before open: {$tag}
"; - return TRUE; // Closing tag before we've had an opening tag - } - $tagArray[$tag]--; // Obviously had at least one opening tag - } - else - { // Opening tag - $tagArray[$tag]++; - } - } - //print_a($tagArray); - foreach ($tagArray as $t) - { - if ($t > 0) - { - return TRUE; - } // More opening tags than closing tags - } - return FALSE; // OK now + trigger_error(''.__METHOD__.' is deprecated. Use $tp->cleanHtml() instead.', E_USER_WARNING); // NO LAN + return $data; } - - /** - * @DEPRECATED XXX TODO Remove this horrible thing which adds junk to a db. + * @deprecated * Checks a string for potentially dangerous HTML tags, including malformed tags * */ public function dataFilter($data, $mode='bbcode') { - - - $ans = ''; - $vetWords = array('dateFilter() is deprecated. Use $tp->filter() instead.', E_USER_WARNING); + return $data; } - /** - * Check base-64 encoded code - */ - private function proc64($match) - { - $decode = base64_decode($match[2]); - return 'base64'.$match[1].base64_encode($this->dataFilter($decode)).$match[3]; - } - - - // XXX REmove ME. - private function modTag($match) - { - - if (isset($match[1])) - { - $chop = (int) (strlen($match[1]) / 2); - $ans = substr($match[1], 0, $chop).'##xss##'.substr($match[1], $chop); - } - else - { - $ans = '?????'; - } - return '[sanitised]'.$ans.'[/sanitised]'; - - } - - - /** * Processes data as needed before its written to the DB. * Currently gives bbcodes the opportunity to do something @@ -775,13 +645,12 @@ class e_parse extends e_parser */ public function preFilter($data) { - if (!is_object($this->e_bb)) + if(!$this->isBBcode($data)) { - require_once(e_HANDLER.'bbcode_handler.php'); - $this->e_bb = new e_bbcode; + return $data; } - $ret = $this->e_bb->parseBBCodes($data, defset('USERID'), 'default', 'PRE'); // $postID = logged in user here - return $ret; + + return e107::getBB()->parseBBCodes($data, defset('USERID'), 'default', 'PRE'); // $postID = logged in user here } @@ -868,40 +737,6 @@ class e_parse extends e_parser } - /** - * Check if we are using the simple-Parse array format, or a legacy .sc format which contains 'return ' - * - * @param array $extraCodes - * @return bool - */ - private function isSimpleParse($extraCodes) - { - - if(!is_array($extraCodes)) - { - return false; - } - - foreach ($extraCodes as $sc => $code) - { - if(preg_match('/return(.*);/',$code)) // still problematic. 'return;' Might be used in common speech. - { - return false; - } - - return true; - /* if(!strpos($code, 'return ')) - { - return true; - } - else - { - return false; - }*/ - } - } - - /** * Simple parser @@ -918,6 +753,7 @@ class e_parse extends e_parser return preg_replace_callback("#\{([a-zA-Z0-9_]+)\}#", array($this, 'simpleReplace'), $template); } + protected function simpleReplace($tmp) { @@ -932,7 +768,16 @@ class e_parse extends e_parser return (!empty($this->replaceVars) && ($this->replaceVars->$key !== null)) ? $this->replaceVars->$key : $unset; // Doesn't work. } - + /** + * @todo find a modern replacement + * @param $str + * @param $width + * @param string $break + * @param string $nobreak + * @param string $nobr + * @param false $utf + * @return string + */ public function htmlwrap($str, $width, $break = "\n", $nobreak = 'a', $nobr = 'pre', $utf = FALSE) { /* @@ -1156,7 +1001,7 @@ class e_parse extends e_parser * Truncate a HTML string * * Cuts a string to the length of $length and adds the value of $ending if the text is longer than length. - * + * @todo find a modern replacement * @param string $text String to truncate. * @param integer $length Length of returned string, including ellipsis. * @param string $ending It will be used as Ending and appended to the trimmed string. @@ -1253,90 +1098,6 @@ class e_parse extends e_parser return $truncate; } - /** - * Truncate a HTML string to a maximum length $len ­ append the string $more if it was truncated - * - * @param string $text String to process - * @param integer $len [optional] Length of characters to be truncated - default 200 - * @param string $more [optional] String which will be added if truncation - default ' ... ' - * @return string - */ - public function html_truncate_old ($text, $len = 200, $more = ' ... ') - { - $pos = 0; - $curlen = 0; - $tmp_pos = 0; - $intag = FALSE; - while($curlen < $len && $curlen < strlen($text)) - { - switch($text [$pos] ) - { - case '<': - if($text [$pos + 1] === '/') - { - $closing_tag = TRUE; - } - $intag = TRUE; - $tmp_pos = $pos - 1; - $pos++; - break; - - - case '>': - if($text [$pos - 1] === '/') - { - $closing_tag = TRUE; - } - if($closing_tag == TRUE) - { - $tmp_pos = 0; - $closing_tag = FALSE; - } - $intag = FALSE; - $pos++; - break; - - - case '&': - if($text [$pos + 1] === '#') - { - $end = strpos(substr($text, $pos, 7), ';'); - if($end !== FALSE) - { - $pos += ($end + 1); - if(!$intag) - { - $curlen++; - } - break; - } - } - - $pos++; - if(!$intag) - { - $curlen++; - } - - break; - - default: - $pos++; - if(!$intag) - { - $curlen++; - } - break; - } - } - $ret = ($tmp_pos > 0 ? substr($text, 0, $tmp_pos+1) : substr($text, 0, $pos)); - if($pos < strlen($text)) - { - $ret .= $more; - } - return $ret; - } - /** * Truncate a string of text to a maximum length $len ­ append the string $more if it was truncated @@ -1380,7 +1141,7 @@ class e_parse extends e_parser } - public function textclean ($text, $wrap = 100) + public function textclean($text, $wrap = 100) { $text = str_replace("\n\n\n", "\n\n", $text); $text = $this->htmlwrap($text, $wrap); @@ -1490,30 +1251,10 @@ class e_parse extends e_parser public function parseBBCodes($text, $postID) { - if (!is_object($this->e_bb)) - { - require_once(e_HANDLER.'bbcode_handler.php'); - $this->e_bb = new e_bbcode; - } - - - $text = $this->e_bb->parseBBCodes($text, $postID); - - return $text; + return e107::getBB()->parseBBCodes($text, $postID); } - - - - - - - - - - - /** * Converts the text (presumably retrieved from the database) for HTML output. * @@ -1891,35 +1632,30 @@ class e_parse extends e_parser // BBCode processing (other than the four already done, which shouldn't appear at all in the text) - if ($parseBB !== FALSE) + if ($parseBB !== false) { - if (!is_object($this->e_bb)) - { - require_once(e_HANDLER.'bbcode_handler.php'); - $this->e_bb = new e_bbcode; - } - if ($parseBB === TRUE) + if ($parseBB === true) { // 'Normal' or 'legacy' processing if($modifiers === 'WYSIWYG') { - $sub_blk = $this->e_bb->parseBBCodes($sub_blk, $postID, 'wysiwyg'); + $sub_blk = e107::getBB()->parseBBCodes($sub_blk, $postID, 'wysiwyg'); } else { - $sub_blk = $this->e_bb->parseBBCodes($sub_blk, $postID); + $sub_blk = e107::getBB()->parseBBCodes($sub_blk, $postID); } } elseif ($parseBB === 'STRIP') { // Need to strip all BBCodes - $sub_blk = $this->e_bb->parseBBCodes($sub_blk, $postID, 'default', TRUE); + $sub_blk = e107::getBB()->parseBBCodes($sub_blk, $postID, 'default', TRUE); } else { // Need to strip just some BBCodes - $sub_blk = $this->e_bb->parseBBCodes($sub_blk, $postID, 'default', $parseBB); + $sub_blk = e107::getBB()->parseBBCodes($sub_blk, $postID, 'default', $parseBB); } } @@ -3307,6 +3043,7 @@ class e_parse extends e_parser return $new; } + $replace_absolute = array(); if(!empty($mode)) { @@ -3815,7 +3552,7 @@ class e_parse extends e_parser default: - trigger_error('$e107->$'.$name.' not defined', E_USER_WARNING); + // trigger_error('$e107->$'.$name.' not defined', E_USER_WARNING); return NULL; break; } @@ -4429,6 +4166,7 @@ class e_parser $linkStart = ''; $linkEnd = ''; $full = !empty($options['base64']) ? true : false; + $file = ''; if(!empty($options['mode']) && $options['mode'] === 'full') { @@ -4797,6 +4535,11 @@ class e_parser $html .= "\n"; } + if(empty($path)) + { + return null; + } + $html .= "' .$alt. ''; $html .= ($this->convertToWebP) ? "\n" : ''; @@ -4977,13 +4720,12 @@ class e_parser if(strpos($file, "{e_") === 0) { - $file = e107::getParser()->replaceConstants($file); + $file = $this->replaceConstants($file); } - $ext = pathinfo($file,PATHINFO_EXTENSION); - return $ext === 'jpg' || $ext === 'png' || $ext === 'gif' || $ext === 'jpeg'; + return ($ext === 'jpg' || $ext === 'png' || $ext === 'gif' || $ext === 'jpeg' || $ext === 'webp'); } @@ -5222,236 +4964,11 @@ class e_parser - /** - * Perform and render XSS Test Comparison - */ - public function test($text='',$advanced = false) - { - // $tp = e107::getParser(); - $sql = e107::getDb(); - $tp = e107::getParser(); - - if(empty($text)) - { - $text = <<bold print

-
<a href='#'>Something</a>
-

Some text's and things.

-

 

-

link

-

日本語 简体中文

-

 

-[/html] -TMPL; - } - - // $text .= '[code=inline]Something[/code]日本語 '; - - // -------------------- Encoding ---------------- - - $acc = $this->getScriptAccess(); - $accName = e107::getUserClass()->getName($acc); - - echo "

e107 Parser Test with script access by ".$accName. '

'; - echo '

User-input (eg. from $_POST)

'; - - print_a($text); - - $dbText = $tp->toDB($text,true); - - echo '

User-input ≫ toDB() '; - - if($this->isHtml == true) - { - echo "detected as HTML"; - } - else - { - echo "detected as Plain text"; - } - - echo '

'; - - print_a($dbText); - - - if(!empty($advanced)) - { - echo "
"; - $dbText2 = $tp->toDB($text, true, false, 'no_html'); - echo "

User-input ≫ toDb(\$text, true, false, 'no_html')

"; - print_a($dbText2); - - echo "
"; - $dbText3 = $tp->toDB($text, false, false, 'pReFs'); - echo "

User-input ≫ toDb(\$text, false, false, 'pReFs')

"; - print_a($dbText3); - - // toClean - $filter3 = $tp->filter($text, 'wds'); - echo "

User-input ≫ filter(\$text, 'wds')

"; - print_a( $filter3); - - // Filter by String. - $filter1 = $tp->filter($text); - echo "

User-input ≫ filter(\$text, 'str')

"; - print_a($filter1); - - // Filter by Encoded. - $filter2 = $tp->filter($text,'enc'); - echo "

User-input ≫ filter(\$text, 'enc')

"; - print_a($filter2); - - - // toAttribute - $toAtt = $tp->toAttribute($text); - echo '

User-input ≫ toAttribute($text)

'; - print_a($toAtt); - - // toEmail - $toEmail = $tp->toEmail($dbText); - echo '

User-input ≫ toEmail($text) from DB

'; - print_a($toEmail); - - // toEmail - $toRss = $tp->toRss($text); - echo '

User-input ≫ toRss($text)

'; - print_a($toRss); - - echo '
'; - - - - } - - echo '

toDB() ≫ toHTML()

'; - $html = $tp->toHTML($dbText,true); - print_a($html); - - echo '

toDB ≫ toHTML() (rendered)

'; - echo $html; - - echo '

toDB ≫ toForm()

'; - $toForm = $tp->toForm($dbText); - $toFormRender = e107::getForm()->open('test'); - $toFormRender .= "'; - $toFormRender .= e107::getForm()->close(); - - echo $toFormRender; - - - echo '

toDB ≫ bbarea

'; - echo e107::getForm()->bbarea('name',$toForm); - - if(!empty($advanced)) - { - - echo '

Allowed Tags

'; - print_a($this->allowedTags); - - - echo '

Converted Paths

'; - print_a($this->pathList); - - echo '

Removed Tags and Attributes

'; - print_a($this->removedList); - - echo '

Nodes to Convert

'; - print_a($this->nodesToConvert); - - echo '

Nodes to Disable SC

'; - print_a($this->nodesToDisableSC); - } - - similar_text($text, html_entity_decode( $toForm, ENT_COMPAT, 'UTF-8'),$perc); - $scoreStyle = ($perc > 98) ? 'label-success' : 'label-danger'; - echo "

Similarity: ".number_format($perc). '%

'; - - echo " - - - - - - - - - - - -
User-inputtoForm() output
".print_a($text,true). '' . $toFormRender. '
'; - /* - ".print_a(json_encode($text),true)." - ". print_a(json_encode(html_entity_decode( $toForm, ENT_COMPAT, 'UTF-8')),true)." - */ - - // print_a($text); - -return; - -//return; - // --------------------------------- - - - $html = $text; - - $sql = e107::getDb(); - $tp = e107::getParser(); - $dbg = e107::getDebug(); - - // $html = $this->getXss(); - - echo '

Unprocessed XSS

'; - // echo $html; // Remove Comment for a real mess! - print_a($html); - - echo '

Standard v2 Parser

'; - echo '

$tp->dataFilter()

'; - // echo $tp->dataFilter($html); // Remove Comment for a real mess! - $dbg->logTime('------ Start Parser Test -------'); - print_a($tp->dataFilter($html)); - $dbg->logTime('tp->dataFilter'); - - echo '

$tp->toHTML()

'; - // echo $tp->dataFilter($html); // Remove Comment for a real mess! - print_a($tp->toHTML($html)); - $dbg->logTime('tp->toHtml'); - - echo '

$tp->toDB()

'; - // echo $tp->dataFilter($html); // Remove Comment for a real mess! - $todb = $tp->toDB($html); - print_a( $todb); - $dbg->logTime('tp->toDB'); - - echo '

$tp->toForm() with toDB input.

'; - print_a( $tp->toForm($todb)); - - echo '

New Parser

'; - echo '

Processed

'; - $cleaned = $this->cleanHtml($html); // false = don't check html pref. - print_a($cleaned); - $dbg->logTime('new Parser'); - // $dbg->logTime('------ End Parser Test -------'); - echo '

Processed & Rendered

'; - echo $cleaned; - - echo '

New Parser - Data

'; - echo '

Converted Paths

'; - print_a($this->pathList); - - echo '

Removed Tags and Attributes

'; - print_a($this->removedList); - - // print_a($p); - } - - - /** * Filters/Validates using the PHP5 filter_var() method. - * @param $text - * @param $type string str|int|email|url|w|wds|file - * @return string | boolean | array + * @param string|array $text + * @param string $type string str|int|email|url|w|wds|file + * @return string|boolean| array */ public function filter($text, $type='str', $validate=false) { @@ -5460,65 +4977,67 @@ return; return $text; } - if($type === 'w') // words only. + switch($type) { - return preg_replace('/[^\w]/', '',$text); + case "w": + $ret = preg_replace('/[^\w]/', '',$text); + break; + + case "d": + $ret = preg_replace('/[^\d]/', '',$text); + break; + + case "wd": + $ret = preg_replace('/[^\w\d]/', '',$text); + break; + + case "wds": + $ret = preg_replace('/[^\w\d ]/', '',$text); + break; + + case "file": + $ret = preg_replace('/[^\w\d_\.-]/', '-',$text); + break; + + case "version": + $ret = preg_replace('/[^\d_\.]/', '',$text); + break; + + default: + + if($validate == false) + { + $filterTypes = array( + 'int' => FILTER_SANITIZE_NUMBER_INT, + 'str' => FILTER_SANITIZE_STRING, // no html. + 'email' => FILTER_SANITIZE_EMAIL, + 'url' => FILTER_SANITIZE_URL, + 'enc' => FILTER_SANITIZE_ENCODED + ); + } + else + { + $filterTypes = array( + 'int' => FILTER_VALIDATE_INT, + 'email' => FILTER_VALIDATE_EMAIL, + 'ip' => FILTER_VALIDATE_IP, + 'url' => FILTER_VALIDATE_URL, + + ); + } + + if(is_array($text)) + { + $ret = filter_var_array($text, $filterTypes[$type]); + } + else + { + $ret = filter_var($text, $filterTypes[$type]); + } + } - if($type === 'd') // digits only. - { - return preg_replace('/[^\d]/', '',$text); - } - - if($type === 'wd') // words and digits only. - { - return preg_replace('/[^\w\d]/', '',$text); - } - - if($type === 'wds') // words, digits and spaces only. - { - return preg_replace('/[^\w\d ]/', '',$text); - } - - if($type === 'file') - { - return preg_replace('/[^\w\d_\.-]/', '-',$text); - } - - if($type === 'version') - { - return preg_replace('/[^\d_\.]/', '',$text); - } - - if($validate == false) - { - $filterTypes = array( - 'int' => FILTER_SANITIZE_NUMBER_INT, - 'str' => FILTER_SANITIZE_STRING, // no html. - 'email' => FILTER_SANITIZE_EMAIL, - 'url' => FILTER_SANITIZE_URL, - 'enc' => FILTER_SANITIZE_ENCODED - ); - } - else - { - $filterTypes = array( - 'int' => FILTER_VALIDATE_INT, - 'email' => FILTER_VALIDATE_EMAIL, - 'ip' => FILTER_VALIDATE_IP, - 'url' => FILTER_VALIDATE_URL, - - ); - } - - if(is_array($text)) - { - return filter_var_array($text, $filterTypes[$type]); - } - - - return filter_var($text, $filterTypes[$type]); - + return $ret; } diff --git a/e107_plugins/banner/e_shortcode.php b/e107_plugins/banner/e_shortcode.php index 0960c8381..881f1cebe 100644 --- a/e107_plugins/banner/e_shortcode.php +++ b/e107_plugins/banner/e_shortcode.php @@ -23,7 +23,7 @@ class banner_shortcodes extends e_shortcode // $parm now can be array, old campaign $parm still allowed.... function sc_banner($parm = '') { - + $sql = e107::getDb(); $tp = e107::getParser(); mt_srand((double) microtime() * 1000000); diff --git a/e107_plugins/rss_menu/rss.php b/e107_plugins/rss_menu/rss.php index e97d04561..decdc9f4e 100644 --- a/e107_plugins/rss_menu/rss.php +++ b/e107_plugins/rss_menu/rss.php @@ -42,20 +42,10 @@ $tp = e107::getParser(); //require_once(e_PLUGIN.'rss_menu/rss_shortcodes.php'); require_once(e_HANDLER.'userclass_class.php'); -/* -global $tp; -if (!is_object($tp->e_bb)) -{ - require_once(e_HANDLER.'bbcode_handler.php'); - $tp->e_bb = new e_bbcode; -} -*/ - // Get language file e107::includeLan(e_PLUGIN.'rss_menu/languages/'.e_LANGUAGE.'_admin_rss_menu.php'); - // Query handler if(!empty($_GET['type'])) { diff --git a/e107_tests/tests/unit/e_bbcodeTest.php b/e107_tests/tests/unit/e_bbcodeTest.php index c3612dd9b..fa2180cdf 100644 --- a/e107_tests/tests/unit/e_bbcodeTest.php +++ b/e107_tests/tests/unit/e_bbcodeTest.php @@ -27,7 +27,11 @@ $this->assertTrue(false, $e->getMessage()); } + $this->bb->__construct(); + } + + /* public function testSetClass() { @@ -68,12 +72,165 @@ { } - +*/ public function testParseBBCodes() { + $codes = array ( + '_br' => + array ( + + ), + 'b' => + array ( + ), + 'alert' => array ( + 'warning' => array('input'=>'Warning Message', 'expected'=>"
Warning Message
"), + ), + 'block' => + array ( + ), + 'code' => + array ( + ), + 'glyph' => + array ( + ), + 'h' => + array ( + ), + 'img' => + array ( + ), + 'nobr' => + array ( + ), + 'p' => + array ( + ), + 'video' => + array ( + ), + 'youtube' => + array ( + ), + 'blockquote' => + array ( + ), + 'br' => + array ( + ), + 'center' => + array ( + ), + 'color' => + array ( + ), + 'email' => + array ( + ), + 'file' => + array ( + ), + 'flash' => + array ( + ), + 'hide' => + array ( + ), + 'html' => + array ( + ), + 'i' => + array ( + ), + 'index.html' => + array ( + ), + 'justify' => + array ( + ), + 'left' => + array ( + ), + 'link' => array ( + // [bbcode=xxxxxx] param [bbcode]xxxxxx[/bbode] expected output + 'http://mysite.com external' => array('input'=>'http://mysite.com', 'expected'=>"http://mysite.com"), + 'http://mysite.com rel=external' => array('input'=>'http://mysite.com', 'expected'=>"http://mysite.com"), + 'external' => array('input'=>'http://mysite.com', 'expected'=>"http://mysite.com"), + 'mailto:myemail@email.com' => array('input'=>'My Name', 'expected'=>"My Name"), + 'external=http://mysite.com' => array('input'=>'http://mysite.com', 'expected'=>"http://mysite.com"), + ), + 'list' => + array ( + ), + 'quote' => + array ( + ), + 'right' => + array ( + ), + 'sanitised' => + array ( + ), + 'size' => + array ( + ), + 'spoiler' => + array ( + ), + 'stream' => + array ( + ), + 'table' => + array ( + ), + 'tbody' => + array ( + ), + 'td' => + array ( + ), + 'textarea' => + array ( + ), + 'th' => + array ( + ), + 'time' => + array ( + ), + 'tr' => + array ( + ), + 'u' => + array ( + ), + 'url' => + array ( + ), + ); + + $ret = []; + foreach($codes as $bbcode=>$var) + { + if(empty($var)) + { + $input = '['.$bbcode.']http://mysite.com[/'.$bbcode.']'; + $result = $this->bb->parseBBCodes($input, true); // parsing to check for PHP errors. + continue; + } + + foreach($var as $parms=>$p) + { + $input2 = '['.$bbcode.'='.$parms.']'.$p['input'].'[/'.$bbcode.']'; + $result2 = $this->bb->parseBBCodes($input2); + $this->assertEquals($p['expected'], $result2); + } + } + } - +/* public function testClearClass() { diff --git a/e107_tests/tests/unit/e_parseTest.php b/e107_tests/tests/unit/e_parseTest.php index 51e15a08f..079da6a3c 100644 --- a/e107_tests/tests/unit/e_parseTest.php +++ b/e107_tests/tests/unit/e_parseTest.php @@ -130,6 +130,7 @@ while($row = $sql->fetch()) } */ + public function testParseTemplateWithEnabledCoreShortcodes() { $needle = '