From de3f80f9ab28f6f2f0164322e2dc24411c136526 Mon Sep 17 00:00:00 2001 From: Cameron Date: Thu, 21 May 2015 21:49:32 -0700 Subject: [PATCH] Fix for toEmail() method encoding of quotes. --- e107_handlers/e_parse_class.php | 39 +++++++++++++++++++++++++++++---- e107_handlers/mail.php | 2 ++ e107_handlers/notify_class.php | 2 +- 3 files changed, 38 insertions(+), 5 deletions(-) diff --git a/e107_handlers/e_parse_class.php b/e107_handlers/e_parse_class.php index 357b07933..a28595949 100644 --- a/e107_handlers/e_parse_class.php +++ b/e107_handlers/e_parse_class.php @@ -519,7 +519,7 @@ class e_parse extends e_parser $data = $this->preFilter($data); // used by bb_xxx.php toDB() functions. bb_code.php toDB() allows us to properly bypass HTML cleaning below. // if(strlen($data) != strlen(strip_tags($data))) // html tags present. // strip_tags() doesn't function doesnt look for unclosed '>'. - if((strpos($data,'[html]') !== false || htmlentities($data, ENT_NOQUOTES,'UTF-8') != $data || preg_match('#(?<=<)\w+(?=[^<]*?>)#', $data)) && strpos($mod, 'no_html') === false) + if(($this->isHtml($data)) && strpos($mod, 'no_html') === false) { $this->isHtml = true; $data = $this->cleanHtml($data); // sanitize all html. @@ -2579,7 +2579,17 @@ class e_parse extends e_parser } $text = (strtolower($mods) != "rawtext") ? $this->replaceConstants($text, "full") : $text; - $text = $this->toHTML($text, TRUE, $mods); + + if($this->isHtml($text)) + { + $text = str_replace(array("[html]","[/html]"), "", $text); + $text = html_entity_decode( $text, ENT_COMPAT, 'UTF-8'); + } + else + { + $text = $this->toHTML($text, true, $mods); + } + return $text; } @@ -3148,6 +3158,27 @@ class e_parser } + + /** + * Check if a string is HTML + * @param $text + * @return bool + */ + function isHtml($text) + { + if(strpos($text,'[html]') !== false || htmlentities($text, ENT_NOQUOTES,'UTF-8') != $text || preg_match('#(?<=<)\w+(?=[^<]*?>)#', $text)) + { + return true; + } + else + { + return false; + } + + } + + + /** * Check if a file is an video or not. * @param $file string @@ -3404,8 +3435,8 @@ TMPL; print_a($toAtt); // toEmail - $toEmail = $tp->toEmail($text); - echo "

User-input ≫ toEmail(\$text)

"; + $toEmail = $tp->toEmail($dbText); + echo "

User-input ≫ toEmail(\$text) from DB

"; print_a($toEmail); diff --git a/e107_handlers/mail.php b/e107_handlers/mail.php index e3ca1abca..e7f44f9dd 100644 --- a/e107_handlers/mail.php +++ b/e107_handlers/mail.php @@ -1054,6 +1054,8 @@ class e107Email extends PHPMailer public function MsgHTML($message, $basedir = '') { $tp = e107::getParser(); + + $message = $tp->toEmail($message, false, 'rawtext'); preg_match_all("/(src|background)=([\"\'])(.*)\\2/Ui", $message, $images); // Modified to accept single quotes as well if(isset($images[3]) && ($this->previewMode === false)) diff --git a/e107_handlers/notify_class.php b/e107_handlers/notify_class.php index a03a400c6..85e57113c 100644 --- a/e107_handlers/notify_class.php +++ b/e107_handlers/notify_class.php @@ -405,7 +405,7 @@ class notify "; $shortcodes = array( - 'NEWS_URL' => e107::getUrl()->create('news/view/item', $data,'full=1'), + 'NEWS_URL' => e107::getUrl()->create('news/view/item', $data,'full=1&encode=0'), 'NEWS_TITLE' => $tp->toHtml($data['news_title']), 'NEWS_SUMMARY' => $tp->toEmail($data['news_summary']), 'NEWS_AUTHOR' => $tp->toHtml($author)