diff --git a/e107_admin/cpage.php b/e107_admin/cpage.php index 9235b256a..c001a368b 100644 --- a/e107_admin/cpage.php +++ b/e107_admin/cpage.php @@ -487,6 +487,7 @@ class page $page_text = $tp->toDB($_POST['data']); // $pauthor = ($_POST['page_display_authordate_flag'] ? USERID : 0); // this check should be done in the front-end. $pauthor = USERID; + $update = 0; // Make sure some updates happen if($mode) @@ -495,6 +496,7 @@ class page $menuname = ($type && vartrue($_POST['menu_name']) ? ", page_theme = '".$tp -> toDB($_POST['menu_name'])."'" : ""); $status = $sql -> db_Update("page", "page_title='{$page_title}', page_text='{$page_text}', page_datestamp='".time()."', page_author='{$pauthor}', page_rating_flag='".intval($_POST['page_rating_flag'])."', page_comment_flag='".intval($_POST['page_comment_flag'])."', page_password='".$_POST['page_password']."', page_class='".$_POST['page_class']."', page_ip_restrict='".varset($_POST['page_ip_restrict'],'')."', page_template='".$_POST['page_template']."' {$menuname} WHERE page_id='{$mode}'") ? E_MESSAGE_SUCCESS : E_MESSAGE_ERROR; + if ($status == E_MESSAGE_SUCCESS) $update++; $mes = e107::getMessage(); $mes->add($message, $status); @@ -541,7 +543,7 @@ class page $e107cache->clear("sitelinks"); } } - admin_update($update, 'update', LAN_UPDATED, false, false); + admin_update($update, 'update', LAN_UPDATED, false, false); // Display result of update } else { // New page/menu diff --git a/e107_admin/newspost.php b/e107_admin/newspost.php index bb47973d5..0273ea477 100644 --- a/e107_admin/newspost.php +++ b/e107_admin/newspost.php @@ -1379,7 +1379,8 @@ class admin_newspost $_POST['news_body'] .= "\n[[b]".NWSLAN_49." {$row['submitnews_name']}[/b]]"; $_POST['news_body'] .= ($row['submitnews_file'])?"\n\n[img]{e_NEWSIMAGE}{$row['submitnews_file']}[/img]": ""; } - + $_POST['data'] = $tp->dataFilter($_POST['data']); // Filter any nasties + $_POST['news_title'] = $tp->dataFilter($_POST['news_title']); } } diff --git a/e107_admin/prefs.php b/e107_admin/prefs.php index 0a8033a65..216c7b4ac 100644 --- a/e107_admin/prefs.php +++ b/e107_admin/prefs.php @@ -9,9 +9,10 @@ * Administration - Site Preferences * * $URL$ + * $Revision$ * $Id$ - * -*/ + * $Author$ + */ require_once ("../class2.php"); if(isset($_POST['newver'])) @@ -765,6 +766,21 @@ $text .= "
".PRFLAN_117."
+ + + ".PRFLAN_215.": + + ".r_userclass('post_script',$pref['post_script'],'off','nobody,member,admin,main,classes')." +
".PRFLAN_216."
+ + + + ".PRFLAN_217.": + + ".$frm->radio_switch('filter_script', varset($pref['filter_script'], 1))." +
".PRFLAN_218."
+ + ".PRFLAN_122.": diff --git a/e107_core/bbcodes/sanitised.bb b/e107_core/bbcodes/sanitised.bb new file mode 100644 index 000000000..2f5c2e25c --- /dev/null +++ b/e107_core/bbcodes/sanitised.bb @@ -0,0 +1,7 @@ +/* $Id: sanitised.bb 11660 2010-08-16 16:41:35Z secretr $ */ +// decode (just in case) and re-code sanitised string if debug and ADMIN +if(defsettrue('ADMIN') && defsettrue('E107_DEBUG_LEVEL')) +{ + return ' SANITISED: '.htmlentities(html_entity_decode(rawurldecode($code_text), ENT_QUOTES, CHARSET), ENT_QUOTES, CHARSET).' SANITISED END'; +} +return '##'.LAN_SANITISED.'##'; \ No newline at end of file diff --git a/e107_core/bbcodes/youtube.php b/e107_core/bbcodes/youtube.php new file mode 100644 index 000000000..b17dfbafa --- /dev/null +++ b/e107_core/bbcodes/youtube.php @@ -0,0 +1,235 @@ + 20)) + { // Possible hack attempt + } + $params = array_merge($params, $bbpars); // Any parameters set in bbcode override those in HTML + // Could check for valid array indices here + $paramString = implode('&', $params); + if ($paramString) $widthString .= '|'.$paramString; + $ans = '[youtube='.$widthString.']'.$picRef.'[/youtube]'; + return $ans; + } + + + + /** + * Translate youtube bbcode into the appropriate object + */ + protected function toHTML($code_text, $parm) + { + if(empty($code_text)) return ''; + + $parms = explode('|', $parm, 2); + parse_str(varset($parms[1], ''), $params); + + if(empty($parms[0])) $parms[0] = 'small'; + + switch ($parms[0]) + { + case 'tiny': + $params['w'] = 200; + $params['h'] = 180; + break; + + case 'small': + $params['w'] = 445; + $params['h'] = 364; + break; + + case 'medium': + $params['w'] = 500; + $params['h'] = 405; + break; + + case 'big': + $params['w'] = 660; + $params['h'] = 525; + break; + + case 'huge': + $params['w'] = 980; + $params['h'] = 765; + break; + + default: + $dim = explode(',', $parms[0], 2); + $params['w'] = (integer) varset($dim[0], 445); + if($params['w'] > 980 || $params['w'] < 200) $params['w'] = 445; + + $params['h'] = (integer) varset($dim[1], 364); + if($params['h'] > 765 || $params['h'] < 180) $params['h'] = 364; + break; + } + + $yID = preg_replace('/[^0-9a-z\-_\&]/i', '', $code_text); + + $url = isset($params['privacy']) ? 'http://www.youtube-nocookie.com/v/' : 'http://www.youtube.com/v/'; + $url .= $yID.'?'; + + if(isset($params['nofull'])) + { + $fscr = 'false'; + $url = $url.'fs=0'; + } + else + { + $fscr = 'true'; + $url = $url.'fs=1'; + } + if(isset($params['border'])) $url = $url.'&border=1'; + if(isset($params['norel'])) $url = $url.'&rel=0'; + if(isset($params['hd'])) $url = $url.'&hd=1'; + + $ret = ' + + + + + + + + '; + + return $ret; + } +} + +?> diff --git a/e107_core/shortcodes/batch/bbcode_shortcodes.php b/e107_core/shortcodes/batch/bbcode_shortcodes.php index b9e468e3d..78a767fcf 100644 --- a/e107_core/shortcodes/batch/bbcode_shortcodes.php +++ b/e107_core/shortcodes/batch/bbcode_shortcodes.php @@ -65,6 +65,8 @@ class bbcode_shortcodes $bbcode['list'] = array($bbcode_func,"[list][/list]", LANHELP_36,"list.png"); $bbcode['img'] = array($bbcode_func,"[img][/img]", LANHELP_27,"image.png"); $bbcode['flash'] = array($bbcode_func,"[flash=width,height][/flash]", LANHELP_47,"flash.png"); + $bbcode['youtube'] = array($bbcode_func,"[youtube][/youtube]", LANHELP_48,"youtube.png"); + $bbcode['sanitised'] = array('', '', ''); $bbcode['fontsize'] = array("expandit","size_selector_".$rand, LANHELP_22,"fontsize.png","Size_Select",'size_selector_'.$rand); $bbcode['fontcol'] = array("expandit","col_selector_".$rand, LANHELP_21,"fontcol.png","Color_Select",'col_selector_'.$rand); diff --git a/e107_core/xml/default_install.xml b/e107_core/xml/default_install.xml index e60db3b95..e6299b9c9 100644 --- a/e107_core/xml/default_install.xml +++ b/e107_core/xml/default_install.xml @@ -134,6 +134,8 @@ 0 255 254 + 250 + 1 0 [censored] diff --git a/e107_handlers/bbcode_handler.php b/e107_handlers/bbcode_handler.php index a0c56c58b..4db8c96e3 100644 --- a/e107_handlers/bbcode_handler.php +++ b/e107_handlers/bbcode_handler.php @@ -2,26 +2,40 @@ /* * e107 website system * - * Copyright (C) 2008-2009 e107 Inc (e107.org) + * Copyright (C) 2008-2010 e107 Inc (e107.org) * Released under the terms and conditions of the * GNU General Public License (http://www.gnu.org/licenses/gpl.txt) * * * - * $Source: /cvs_backup/e107_0.8/e107_handlers/bbcode_handler.php,v $ + * $URL$ * $Revision$ - * $Date$ + * $Id$ * $Author$ */ +/** + * + * @package e107 + * @category e107_handlers + * @version $Id$ + * @author e107inc + * + * bbcode_handler - processes bbcodes within strings. + * + * Separate processing (via class-based bbcodes) for pre-save and pre-display + */ + if (!defined('e107_INIT')) { exit; } class e_bbcode { var $bbList; // Caches the file contents for each bbcode processed var $bbLocation; // Location for each file - 'core' or a plugin name + var $preProcess = FALSE; // Set when processing bbcodes prior to saving - function e_bbcode() + + function __construct() { global $pref; $core_bb = array( @@ -31,7 +45,7 @@ class e_bbcode 'url', 'quote', 'left', 'right', 'b', 'justify', 'file', 'stream', 'textarea', 'list', 'php', 'time', - 'spoiler', 'hide' + 'spoiler', 'hide', 'youtube', 'sanitised' ); foreach($core_bb as $c) @@ -56,26 +70,60 @@ class e_bbcode krsort($this->bbLocation); } - // If $bb_strip is TRUE, all bbcodes are stripped. If FALSE, none are stripped. - // If a comma separated (lower case) list is passed, only the listed codes are stripped (and the rest are processed) - function parseBBCodes($value, $p_ID, $force_lower = 'default', $bb_strip = FALSE) + + /** + * Parse a string for bbcodes. + * Process using the 'pre-save' or 'display' routines as appropriate + * + * @var string $value - the string to be processed + * @var int $p_ID - ID of a user (the 'post ID') needed by some bbcodes in display mode + * @var string|boolean $force_lower - determines whether bbcode detection is case-insensitive + * TRUE - case-insensitive + * 'default' - case-insensitive + * FALSE - case-sensitive (only lower case bbcodes processed) + * @var string|boolean $bbStrip - determines action when a bbcode is encountered. + * TRUE (boolean or word), all bbcodes are stripped. + * FALSE - normal display processing of all bbcodes + * comma separated (lower case) list - only the listed codes are stripped (and the rest are processed) + * If the first word is 'PRE', sets pre-save mode. Any other parameters follow, comma separated + * + * @return string processed data + * + * Code uses a crude stack-based syntax analyser to handle nested bbcodes (including nested 'size' bbcodes, for example) + */ + function parseBBCodes($value, $p_ID, $force_lower = 'default', $bbStrip = FALSE) { global $postID; $postID = $p_ID; - if (strlen($value) <= 6) return $value; // Don't waste time on trivia! + if (strlen($value) <= 6) return $value; // Don't waste time on trivia! if ($force_lower == 'default') $force_lower = TRUE; // Set the default behaviour if not overridden - $code_stack = array(); // Stack for unprocessed bbcodes and text - $unmatch_stack = array(); // Stack for unmatched bbcodes - $result = ''; // Accumulates fully processed text - $stacktext = ''; // Accumulates text which might be subject to one or more bbcodes - $nopro = FALSE; // Blocks processing within [code]...[/code] tags + $code_stack = array(); // Stack for unprocessed bbcodes and text + $unmatch_stack = array(); // Stack for unmatched bbcodes + $result = ''; // Accumulates fully processed text + $stacktext = ''; // Accumulates text which might be subject to one or more bbcodes + $nopro = FALSE; // Blocks processing within [code]...[/code] tags + $this->preProcess = FALSE; $strip_array = array(); - if (!is_bool($bb_strip)) + if (!is_bool($bbStrip)) { - $strip_array = explode(',',$bb_strip); + $strip_array = explode(',',$bbStrip); + if ($strip_array[0] == 'PRE') + { + $this->preProcess = TRUE; + unset($strip_array[0]); + if (count($strip_array) == 0) + { + $bbStrip = FALSE; + } + elseif (in_array('TRUE', $strip_array)) + { + $bbStrip = TRUE; + } + + } } $pattern = '#^\[(/?)([A-Za-z_]+)(\d*)([=:]?)(.*?)]$#i'; // Pattern to split up bbcodes // $matches[0] - same as the input text @@ -100,14 +148,13 @@ class e_bbcode $bbword = (isset($matches[2])) ? $matches[2] : ''; if($cont[1] != '/') { - $bbstart = $cont; $bbsep = varset($matches[4]); } if ($force_lower) $bbword = strtolower($bbword); if ($nopro && ($bbword == 'code') && ($matches[1] == '/')) $nopro = FALSE; // End of code block if (($bbword) && ($bbword == trim($bbword)) && !$nopro) { // Got a code to process here - if (($bb_strip === TRUE) || in_array($bbword,$strip_array)) + if (($bbStrip === TRUE) || in_array($bbword,$strip_array)) { $is_proc = TRUE; // Just discard this bbcode } @@ -146,7 +193,7 @@ class e_bbcode case 'bbcode' : if (($code_stack[0]['code'] == $bbword) && ($code_stack[0]['numbers'] == $matches[3])) { - $stacktext = $this->proc_bbcode($bbword,$code_stack[0]['param'],$stacktext,$bbparam, $bbsep, $bbstart.$stacktext.$cont); + $stacktext = $this->proc_bbcode($bbword, $code_stack[0]['param'], $stacktext, $bbparam, $code_stack[0]['bbsep'], $code_stack[0]['block'].$stacktext.$cont); array_shift($code_stack); // Intentionally don't terminate here - may be some text we can clean up $bbword=''; // Necessary to make sure we don't double process if several instances on stack @@ -175,11 +222,11 @@ class e_bbcode { // Single code to process if (count($code_stack) == 0) { - $result .= $this->proc_bbcode('_'.$bbword,$bbparam); + $result .= $this->proc_bbcode('_'.$bbword,$bbparam,'','','',$cont); } else { - $stacktext .= $this->proc_bbcode('_'.$bbword,$bbparam); + $stacktext .= $this->proc_bbcode('_'.$bbword,$bbparam,'','','',$cont); } $is_proc = TRUE; } @@ -190,12 +237,11 @@ class e_bbcode array_unshift($code_stack,array('type' => 'text','code' => $stacktext)); $stacktext = ''; } - array_unshift($code_stack,array('type' => 'bbcode','code' => $bbword, 'numbers'=> $matches[3], 'param'=>$bbparam)); + array_unshift($code_stack,array('type' => 'bbcode','code' => $bbword, 'numbers'=> $matches[3], 'param'=>$bbparam, 'bbsep' => $bbsep, 'block' => $cont)); if ($bbword == 'code') $nopro = TRUE; $is_proc = TRUE; } } - } } // Next lines could be deleted - but gives better rejection of 'stray' opening brackets @@ -243,14 +289,21 @@ class e_bbcode - function proc_bbcode($code, $param1='',$code_text_par='', $param2='', $sep='', $full_text='') - // Invoke an actual bbcode handler - // $code - textual value of the bbcode (already begins with '_' if a single code) - // $param1 - any text after '=' in the opening code - // $code_text_par - text between the opening and closing codes - // $param2 - any text after '=' for the closing code + + /** + * Process a bbcode + * + * @var string $code - textual value of the bbcode (already begins with '_' if a single code) + * @var string $param1 - any text after '=' in the opening code + * @var string $code_text_par - text between the opening and closing codes + * @var string $param2 - any text after '=' for the closing code + * @var char $sep - character separating bbcode name and any parameters + * @var string $full_text - the 'raw' text between, and including, the opening and closing bbcode tags + */ + private function proc_bbcode($code, $param1='', $code_text_par='', $param2='', $sep='', $full_text='') { global $tp, $postID, $code_text, $parm; + $parm = $param1; $code_text = $code_text_par; @@ -269,26 +322,47 @@ class e_bbcode { // Find the file if ($this->bbLocation[$code] == 'core') { - $bbFile = e_CORE.'bbcodes/'.strtolower(str_replace('_', '', $code)).'.bb'; + $bbFile = e_CORE.'bbcodes/'.strtolower(str_replace('_', '', $code)); } else { // Add code to check for plugin bbcode addition - $bbFile = e_PLUGIN.$this->bbLocation[$code].'/'.strtolower($code).'.bb'; + $bbFile = e_PLUGIN.$this->bbLocation[$code].'/'.strtolower($code); } - if (file_exists($bbFile)) + if (file_exists($bbFile.'.php')) + { // Its a bbcode class file + require_once($bbFile.'.php'); + //echo "Load: {$bbFile}.php -->".$code_text.'
'; + $className = 'bb_'.$code; + $this->bbList[$code] = new $className(); + } + elseif (file_exists($bbFile.'.bb')) { - $bbcode = file_get_contents($bbFile); + $bbcode = file_get_contents($bbFile.'.bb'); $this->bbList[$code] = $bbcode; } else { $this->bbList[$code] = ''; + //echo "
File not found: {$bbFile}.php
"; return false; } } global $e107_debug; + if (is_object($this->bbList[$code])) + { + if ($this->preProcess) + { + //echo "Preprocess: ".htmlspecialchars($code_text).", params: {$param1}
"; + return $this->bbList[$code]->bbPreSave($code_text, $param1); + } + return $this->bbList[$code]->bbPreDisplay($code_text, $param1); + } + if ($this->preProcess) return $full_text; // No change + /** + * @todo - capturing output deprecated + */ ob_start(); $bbcode_return = eval($bbcode); $bbcode_output = ob_get_contents(); @@ -305,4 +379,60 @@ class e_bbcode } } + + +/** + * Base class for bbcode handlers + * + * Contains core routines for entry, security, logging.... + * + * @todo add security + */ +class e_bb_base +{ + /** + * Constructor + */ + public function __construct() + { + } + + + + /** + * Called prior to save of user-entered text + * + * Allows initial parsing of bbcode, including the possibility of removing or transforming the enclosed text (as is done by the youtube processing) + * Parameters passed by reference to minimise memory use + * + * @param string $code_text - text between the bbcode tags + * @param string $parm - any parameters specified for the bbcode + * + * @return string for insertion into DB. (If a bbcode is to be inserted, the bbcode 'tags' must be included in the return string.) + */ + final public function bbPreSave(&$code_text, &$parm) + { + // Could add logging, security in here + return $this->toDB($code_text, $parm); + } + + + + /** + * Process bbcode prior to display + * Functionally this routine does exactly the same as the existing bbcodes + * Parameters passed by reference to minimise memory use + * + * @param string $code_text - text between the bbcode tags + * @param string $parm - any parameters specified for the bbcode + * + * @return string with $code_text transformed into displayable XHTML as necessary + */ + final public function bbPreDisplay(&$code_text, &$parm) + { + // Could add logging, security in here + return $this->toHTML($code_text, $parm); + } +} + ?> \ No newline at end of file diff --git a/e107_handlers/e_parse_class.php b/e107_handlers/e_parse_class.php index ef3014d22..12ea1da56 100644 --- a/e107_handlers/e_parse_class.php +++ b/e107_handlers/e_parse_class.php @@ -477,6 +477,13 @@ class e_parse { $data = stripslashes($data); } + + $data = $this->preFilter($data); + if (!check_class(varset($pref['post_html'], e_UC_MAINADMIN)) || !check_class(varset($pref['post_script'], e_UC_MAINADMIN))) + { + $data = $this->dataFilter($data); + } + if (isset($pref['post_html']) && check_class($pref['post_html'])) { $no_encode = TRUE; @@ -507,6 +514,94 @@ class e_parse } + + + /** + * Checks a string for potentially dangerous HTML tags, including malformed tags + * + */ + public function dataFilter($data) + { + $ans = ''; + $vetWords = array('e_bb)) + { + require_once(e_HANDLER.'bbcode_handler.php'); + $this->e_bb = new e_bbcode; + } + $ret = $this->e_bb->parseBBCodes($data, USERID, 'default', 'PRE'); // $postID = logged in user here + return $ret; + } + + + + function toForm($text) { if($text == '') @@ -1244,6 +1339,7 @@ class e_parse default : // Most bbcodes will just execute their normal file // Just read in the code file and execute it + /// @todo Handle class-based bbcodes $bbcode = file_get_contents($bbFile); } // end - switch ($matches[2]) diff --git a/e107_handlers/online_class.php b/e107_handlers/online_class.php index bdc7bb236..e18f32007 100755 --- a/e107_handlers/online_class.php +++ b/e107_handlers/online_class.php @@ -91,7 +91,7 @@ class e_online $page = (strpos(e_SELF, 'forum_') !== FALSE) ? e_SELF.'.'.e_QUERY : e_SELF; $page = (strpos(e_SELF, 'comment') !== FALSE) ? e_SELF.'.'.e_QUERY : $page; $page = (strpos(e_SELF, 'content') !== FALSE) ? e_SELF.'.'.e_QUERY : $page; - $page = $e107->tp->toDB($page, true); + $page = $e107->tp->toDB($page, true); /// @todo - try not to use toDB() - triggers prefilter $ip = $e107->getip(); $udata = ($user->isUser() ? $user->getId().'.'.$user->getName() : '0'); $agent = $_SERVER['HTTP_USER_AGENT']; diff --git a/e107_languages/English/admin/lan_prefs.php b/e107_languages/English/admin/lan_prefs.php index a53f5e10a..1f63204c4 100644 --- a/e107_languages/English/admin/lan_prefs.php +++ b/e107_languages/English/admin/lan_prefs.php @@ -1,22 +1,19 @@ you are sure you know what you are doing!"); -define("PRFLAN_76", "Enable Image-code verification during signup"); +define("PRFLAN_76", "Enable Image-code verification during signup."); define("PRFLAN_77", "Admin Display Options "); define("PRFLAN_78", "Leave blank to disable"); define("PRFLAN_80", "Click here to view"); -define("PRFLAN_81", "Enable Image-code verification during login"); +define("PRFLAN_81", "Enable Image-code verification during login."); define("PRFLAN_83", "example"); define("PRFLAN_87", "Comments/Posting"); define("PRFLAN_88", "Turn on nested comments"); @@ -122,8 +119,8 @@ define("PRFLAN_110", "words longer than the length entered will be wrapped onto define("PRFLAN_111", "Wrap long words in menu text"); define("PRFLAN_112", "On"); define("PRFLAN_113", "Off"); -define("PRFLAN_116", "Allow HTML posting"); -define("PRFLAN_117", "This will allow users to post HTML code anywhere on the site, select the userclass to allow this."); +define("PRFLAN_116", "Class which can post HTML"); +define("PRFLAN_117", "This will allow users to post most HTML code anywhere on the site, select the userclass to allow this."); define("PRFLAN_118", "Use Geshi for syntax highlighting"); define("PRFLAN_119", "Geshi is an open source multi-language syntax highlighter, see http://qbnz.com/highlighter/ for more information"); define("PRFLAN_120", "Default Geshi syntax language"); @@ -229,5 +226,10 @@ define('PRFLAN_211', 'Cannot make email address optional if required for validat define('PRFLAN_212', 'Value for --FIELD-- too high - changed to --VALUE--'); define('PRFLAN_213', 'Value for --FIELD-- too low - changed to --VALUE--'); define('PRFLAN_214', "Site Logo"); +define('PRFLAN_215', 'Class which can post <script> and similar tags'); +define('PRFLAN_216', '(Requires HTML posting rights as well)'); +define('PRFLAN_217', 'Filter HTML content'); +define('PRFLAN_218', 'If \'off\', puts users at increased risk of XSS exploits posted by members of the above class, or prior to 0.7.24'); + ?> \ No newline at end of file diff --git a/e107_languages/English/lan_ren_help.php b/e107_languages/English/lan_ren_help.php index 3379ead0a..840a1b525 100644 --- a/e107_languages/English/lan_ren_help.php +++ b/e107_languages/English/lan_ren_help.php @@ -63,4 +63,6 @@ define("LANHELP_45", "Insert image from directory: "); define("LANHELP_46", "* No files found in: "); define("LANHELP_47", "Insert flash: [flash=width,height]http://www.example.com/file.swf[/flash]"); +define("LANHELP_48", "YouTube video: [youtube=tiny|small|medium|big|huge|width,height]6kYjxJmk0wc[/youtube]"); + ?> \ No newline at end of file diff --git a/e107_themes/templates/bbcode_template.php b/e107_themes/templates/bbcode_template.php index d3e643442..086a5de57 100644 --- a/e107_themes/templates/bbcode_template.php +++ b/e107_themes/templates/bbcode_template.php @@ -21,7 +21,7 @@ $BBCODE_TEMPLATE = " {BB=link}{BB=b}{BB=i}{BB=u}{BB=img}{BB=center}{BB=left}{BB=right} - {BB=bq}{BB=code}{BB=list}{BB=fontcol}{BB=fontsize}{BB=emotes} + {BB=bq}{BB=code}{BB=list}{BB=fontcol}{BB=fontsize}{BB=emotes}{BB=youtube}
"; @@ -36,7 +36,7 @@ $BBCODE_TEMPLATE_SUBMITNEWS = " {BB_HELP}
{BB=link}{BB=b}{BB=i}{BB=u}{BB=img}{BB=center}{BB=left}{BB=right} - {BB=bq}{BB=code}{BB=list}{BB=fontcol}{BB=fontsize}{BB=emotes}{BB=flash} + {BB=bq}{BB=code}{BB=list}{BB=fontcol}{BB=fontsize}{BB=emotes}{BB=flash}{BB=youtube}
"; @@ -49,7 +49,7 @@ $BBCODE_TEMPLATE_ADMIN = " {BB=link}{BB=b}{BB=i}{BB=u}{BB=img}{BB=center}{BB=left} {BB=right}{BB=bq}{BB=code}{BB=list}{BB=fontcol}{BB=fontsize}{BB=emotes} {BB_PREIMAGEDIR=".e_IMAGE."} - {BB=preimage}{BB=prefile}{BB=flash} + {BB=preimage}{BB=prefile}{BB=flash}{BB=youtube}
"; @@ -71,7 +71,7 @@ $BBCODE_TEMPLATE_NEWSPOST = " {BB=link}{BB=b}{BB=i}{BB=u}{BB=img}{BB=center}{BB=left} {BB=right}{BB=bq}{BB=code}{BB=list}{BB=fontcol}{BB=fontsize}{BB=emotes} {BB_PREIMAGEDIR=".e_IMAGE."newspost_images/} - {BB=preimage}{BB=prefile}{BB=flash} + {BB=preimage}{BB=prefile}{BB=flash}{BB=youtube}
"; @@ -82,7 +82,7 @@ $BBCODE_TEMPLATE_CPAGE = " {BB=link}{BB=b}{BB=i}{BB=u}{BB=img}{BB=center}{BB=left}{BB=right} {BB=bq}{BB=code}{BB=list}{BB=fontcol}{BB=fontsize}{BB=emotes} {BB_PREIMAGEDIR=".e_IMAGE."custom/} - {BB=preimage}{BB=prefile}{BB=flash} + {BB=preimage}{BB=prefile}{BB=flash}{BB=youtube}
"; ?> \ No newline at end of file diff --git a/news.php b/news.php index 441c7e005..609695ab4 100644 --- a/news.php +++ b/news.php @@ -375,7 +375,7 @@ if (empty($order)) { $order = 'news_datestamp'; } -$order = $tp -> toDB($order, true); +$order = $tp -> toDB($order, true); /// @todo - try not to use toDB() - triggers prefilter $interval = $pref['newsposts'];