mirror of
https://github.com/e107inc/e107.git
synced 2025-08-05 22:27:34 +02:00
Fix for toEmail() method encoding of quotes.
This commit is contained in:
@@ -519,7 +519,7 @@ class e_parse extends e_parser
|
|||||||
$data = $this->preFilter($data); // used by bb_xxx.php toDB() functions. bb_code.php toDB() allows us to properly bypass HTML cleaning below.
|
$data = $this->preFilter($data); // used by bb_xxx.php toDB() functions. bb_code.php toDB() allows us to properly bypass HTML cleaning below.
|
||||||
|
|
||||||
// if(strlen($data) != strlen(strip_tags($data))) // html tags present. // strip_tags() doesn't function doesnt look for unclosed '>'.
|
// if(strlen($data) != strlen(strip_tags($data))) // html tags present. // strip_tags() doesn't function doesnt look for unclosed '>'.
|
||||||
if((strpos($data,'[html]') !== false || htmlentities($data, ENT_NOQUOTES,'UTF-8') != $data || preg_match('#(?<=<)\w+(?=[^<]*?>)#', $data)) && strpos($mod, 'no_html') === false)
|
if(($this->isHtml($data)) && strpos($mod, 'no_html') === false)
|
||||||
{
|
{
|
||||||
$this->isHtml = true;
|
$this->isHtml = true;
|
||||||
$data = $this->cleanHtml($data); // sanitize all html.
|
$data = $this->cleanHtml($data); // sanitize all html.
|
||||||
@@ -2579,7 +2579,17 @@ class e_parse extends e_parser
|
|||||||
}
|
}
|
||||||
|
|
||||||
$text = (strtolower($mods) != "rawtext") ? $this->replaceConstants($text, "full") : $text;
|
$text = (strtolower($mods) != "rawtext") ? $this->replaceConstants($text, "full") : $text;
|
||||||
$text = $this->toHTML($text, TRUE, $mods);
|
|
||||||
|
if($this->isHtml($text))
|
||||||
|
{
|
||||||
|
$text = str_replace(array("[html]","[/html]"), "", $text);
|
||||||
|
$text = html_entity_decode( $text, ENT_COMPAT, 'UTF-8');
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$text = $this->toHTML($text, true, $mods);
|
||||||
|
}
|
||||||
|
|
||||||
return $text;
|
return $text;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -3148,6 +3158,27 @@ class e_parser
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Check if a string is HTML
|
||||||
|
* @param $text
|
||||||
|
* @return bool
|
||||||
|
*/
|
||||||
|
function isHtml($text)
|
||||||
|
{
|
||||||
|
if(strpos($text,'[html]') !== false || htmlentities($text, ENT_NOQUOTES,'UTF-8') != $text || preg_match('#(?<=<)\w+(?=[^<]*?>)#', $text))
|
||||||
|
{
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Check if a file is an video or not.
|
* Check if a file is an video or not.
|
||||||
* @param $file string
|
* @param $file string
|
||||||
@@ -3404,8 +3435,8 @@ TMPL;
|
|||||||
print_a($toAtt);
|
print_a($toAtt);
|
||||||
|
|
||||||
// toEmail
|
// toEmail
|
||||||
$toEmail = $tp->toEmail($text);
|
$toEmail = $tp->toEmail($dbText);
|
||||||
echo "<h3>User-input ≫ toEmail(\$text)</h3>";
|
echo "<h3>User-input ≫ toEmail(\$text) <small>from DB</small></h3>";
|
||||||
print_a($toEmail);
|
print_a($toEmail);
|
||||||
|
|
||||||
|
|
||||||
|
@@ -1054,6 +1054,8 @@ class e107Email extends PHPMailer
|
|||||||
public function MsgHTML($message, $basedir = '')
|
public function MsgHTML($message, $basedir = '')
|
||||||
{
|
{
|
||||||
$tp = e107::getParser();
|
$tp = e107::getParser();
|
||||||
|
|
||||||
|
$message = $tp->toEmail($message, false, 'rawtext');
|
||||||
|
|
||||||
preg_match_all("/(src|background)=([\"\'])(.*)\\2/Ui", $message, $images); // Modified to accept single quotes as well
|
preg_match_all("/(src|background)=([\"\'])(.*)\\2/Ui", $message, $images); // Modified to accept single quotes as well
|
||||||
if(isset($images[3]) && ($this->previewMode === false))
|
if(isset($images[3]) && ($this->previewMode === false))
|
||||||
|
@@ -405,7 +405,7 @@ class notify
|
|||||||
";
|
";
|
||||||
|
|
||||||
$shortcodes = array(
|
$shortcodes = array(
|
||||||
'NEWS_URL' => e107::getUrl()->create('news/view/item', $data,'full=1'),
|
'NEWS_URL' => e107::getUrl()->create('news/view/item', $data,'full=1&encode=0'),
|
||||||
'NEWS_TITLE' => $tp->toHtml($data['news_title']),
|
'NEWS_TITLE' => $tp->toHtml($data['news_title']),
|
||||||
'NEWS_SUMMARY' => $tp->toEmail($data['news_summary']),
|
'NEWS_SUMMARY' => $tp->toEmail($data['news_summary']),
|
||||||
'NEWS_AUTHOR' => $tp->toHtml($author)
|
'NEWS_AUTHOR' => $tp->toHtml($author)
|
||||||
|
Reference in New Issue
Block a user