mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-01 20:30:39 +02:00
Code Issues Releases Wiki Activity

Fix for <?php inside [code][/code]

Browse Source
This commit is contained in:
Cameron
2013-06-11 18:29:59 -07:00
parent edbff3701c
commit ce1192ac40
1 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
e107_handlers/e_parse_class.php
View File

@@ -465,6 +465,7 @@ class e_parse extends e_parser
*/ */
public function toDB($data, $nostrip = FALSE, $no_encode = FALSE, $mod = FALSE, $original_author = FALSE) public function toDB($data, $nostrip = FALSE, $no_encode = FALSE, $mod = FALSE, $original_author = FALSE)
{ {
$core_pref = e107::getConfig(); $core_pref = e107::getConfig();
if (is_array($data)) if (is_array($data))
{ {
@@ -476,6 +477,8 @@ class e_parse extends e_parser
return $ret; return $ret;
} }
if (MAGIC_QUOTES_GPC == TRUE && $nostrip == FALSE) if (MAGIC_QUOTES_GPC == TRUE && $nostrip == FALSE)
{ {
$data = stripslashes($data); $data = stripslashes($data);
@@ -484,23 +487,26 @@ class e_parse extends e_parser
if ($mod != 'pReFs') //XXX We're not saving prefs. if ($mod != 'pReFs') //XXX We're not saving prefs.
{ {
$data = $this->preFilter($data); $data = $this->preFilter($data);
$data = str_replace('<?','&lt;?',$data); // replace <? so that it can still be used in [code][/code] bbcode.
if (strip_tags($data) != $data) // html tags present. if (strip_tags($data) != $data) // html tags present.
{ {
// return $data;
$data = $this->cleanHtml($data); // sanitize all html. $data = $this->cleanHtml($data); // sanitize all html.
$data = urldecode($data); // symptom of cleaning the HTML - urlencodes src attributes containing { and } .eg. {e_BASE} $data = urldecode($data); // symptom of cleaning the HTML - urlencodes src attributes containing { and } .eg. {e_BASE}
// if ($this->htmlAbuseFilter($data)) $no_encode = FALSE; //XXX cleanHtml() is more effective. // if ($this->htmlAbuseFilter($data)) $no_encode = FALSE; //XXX cleanHtml() is more effective.
} }
if (!check_class($core_pref->get('post_html', e_UC_MAINADMIN))) if (!check_class($core_pref->get('post_html', e_UC_MAINADMIN)))
{ {
$data = strip_tags($data); // remove tags from cleaned html. $data = strip_tags($data); // remove tags from cleaned html.
$data = str_replace(array('[html]','[/html]'),'',$data); $data = str_replace(array('[html]','[/html]'),'',$data);
// $data = $this->dataFilter($data); // $data = $this->dataFilter($data);
} }
$data = str_replace('&lt;?','<?',$data); // replace <? so that it can still be used in [code][/code] bbcode.
} }
if (check_class($core_pref->get('post_html'))) /*$core_pref->is('post_html') && */ if (check_class($core_pref->get('post_html'))) /*$core_pref->is('post_html') && */
{ {
$no_encode = TRUE; $no_encode = TRUE;