mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-13 13:16:36 +02:00
Code Issues Releases Wiki Activity

removed message type from message parser

Browse Source 
assign message if specified
parse/decode html if enabled
validate url


git-svn-id: file:///svn/phpbb/trunk@4834 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen
2004-02-15 14:03:19 +00:00
parent d8609ba1c6
commit b745d5224f
6 changed files with 140 additions and 104 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
phpBB/adm/admin_attachments.php
View File

@ -422,7 +422,7 @@ if ($submit && $mode == 'orphan')
<h2><?php echo $user->lang['UPLOADING_FILES']; ?></h2> <h2><?php echo $user->lang['UPLOADING_FILES']; ?></h2>
<?php <?php
include($phpbb_root_path . 'includes/message_parser.' . $phpEx); include($phpbb_root_path . 'includes/message_parser.' . $phpEx);
$message_parser = new parse_message(0); $message_parser = new parse_message();
$sql = 'SELECT forum_id, forum_name $sql = 'SELECT forum_id, forum_name
FROM ' . FORUMS_TABLE; FROM ' . FORUMS_TABLE;

7
phpBB/adm/admin_users.php
View File

@ -833,9 +833,7 @@ if ($submit || $preview || $deleteall || $deletemark)
{ {
include($phpbb_root_path . 'includes/message_parser.'.$phpEx); include($phpbb_root_path . 'includes/message_parser.'.$phpEx);
$message_parser = new parse_message(); $message_parser = new parse_message($signature);
$message_parser->message = $signature;
$message_parser->parse($enable_html, $enable_bbcode, $enable_urls, $enable_smilies); $message_parser->parse($enable_html, $enable_bbcode, $enable_urls, $enable_smilies);
$sql_ary = array( $sql_ary = array(
@ -1545,8 +1543,7 @@ function marklist(match, status)
// Fudge-o-rama ... // Fudge-o-rama ...
include($phpbb_root_path . 'includes/message_parser.'.$phpEx); include($phpbb_root_path . 'includes/message_parser.'.$phpEx);
$message_parser = new parse_message(); $message_parser = new parse_message($signature_preview);
$message_parser->message = $signature_preview;
$message_parser->parse($enable_html, $enable_bbcode, $enable_urls, $enable_smilies); $message_parser->parse($enable_html, $enable_bbcode, $enable_urls, $enable_smilies);
$signature_preview = $message_parser->message; $signature_preview = $message_parser->message;

16
phpBB/includes/functions_posting.php
View File

@ -533,6 +533,7 @@ function decode_text(&$message, $bbcode_uid)
":o:$bbcode_uid", ":o:$bbcode_uid",
":$bbcode_uid" ":$bbcode_uid"
); );
$replace = array( $replace = array(
"\n", "\n",
'', '',
@ -543,6 +544,19 @@ function decode_text(&$message, $bbcode_uid)
$message = ($bbcode_uid) ? str_replace($search, $replace, $message) : str_replace('<br />', "\n", $message); $message = ($bbcode_uid) ? str_replace($search, $replace, $message) : str_replace('<br />', "\n", $message);
// HTML
if ($config['allow_html_tags'])
{
// If $html is true then "allowed_tags" are converted back from entity
// form, others remain
$allowed_tags = split(',', $config['allow_html_tags']);
if (sizeof($allowed_tags))
{
$message = preg_replace('#\<(\/?)(' . str_replace('*', '.*?', implode('|', $allowed_tags)) . ')\>#is', '&lt;$1$2&gt;', $message);
}
}
$match = array( $match = array(
'#<!\-\- e \-\-><a href="mailto:(.*?)">.*?</a><!\-\- e \-\->#', '#<!\-\- e \-\-><a href="mailto:(.*?)">.*?</a><!\-\- e \-\->#',
'#<!\-\- m \-\-><a href="(.*?)" target="_blank">.*?</a><!\-\- m \-\->#', '#<!\-\- m \-\-><a href="(.*?)" target="_blank">.*?</a><!\-\- m \-\->#',
@ -551,6 +565,7 @@ function decode_text(&$message, $bbcode_uid)
'#<!\-\- s(.*?) \-\-><img src="\{SMILE_PATH\}\/.*? \/><!\-\- s\1 \-\->#', '#<!\-\- s(.*?) \-\-><img src="\{SMILE_PATH\}\/.*? \/><!\-\- s\1 \-\->#',
'#<.*?>#s' '#<.*?>#s'
); );
$replace = array( $replace = array(
'\1', '\1',
'\1', '\1',
@ -559,6 +574,7 @@ function decode_text(&$message, $bbcode_uid)
'\1', '\1',
'' ''
); );
$message = preg_replace($match, $replace, $message); $message = preg_replace($match, $replace, $message);
return; return;

208
phpBB/includes/message_parser.php
View File

@ -36,7 +36,6 @@ if (!function_exists('stripos'))
// and parses it for attachments, html, bbcode and smilies // and parses it for attachments, html, bbcode and smilies
class parse_message class parse_message
{ {
var $message_mode = 0; // MSG_POST/MSG_PM
var $message = ''; var $message = '';
var $warn_msg = array(); var $warn_msg = array();
@ -49,10 +48,15 @@ class parse_message
var $smilies = ''; var $smilies = '';
function parse_message($message_type) function parse_message($message = '')
{ {
$this->message_mode = $message_type; // Init BBCode UID
$this->bbcode_uid = substr(md5(time()), 0, BBCODE_UID_LEN); $this->bbcode_uid = substr(md5(time()), 0, BBCODE_UID_LEN);
if ($message)
{
$this->message = $message;
}
} }
function parse($html, $bbcode, $url, $smilies, $allow_img = true, $allow_flash = true, $allow_quote = true) function parse($html, $bbcode, $url, $smilies, $allow_img = true, $allow_flash = true, $allow_quote = true)
@ -64,16 +68,19 @@ class parse_message
// Transform \r\n and \r into \n // Transform \r\n and \r into \n
$match = array('#\r\n?#', '#sid=[a-z0-9]*?&amp;?#', "#([\n][\s]+){3,}#"); $match = array('#\r\n?#', '#sid=[a-z0-9]*?&amp;?#', "#([\n][\s]+){3,}#");
$replace = array("\n", '', "\n\n"); $replace = array("\n", '', "\n\n");
$this->message = trim(preg_replace($match, $replace, $this->message)); $this->message = preg_replace($match, $replace, $this->message);
// Message length check // Message length check
if (!strlen($this->message) || (intval($config['max_post_chars']) && strlen($this->message) > intval($config['max_post_chars']))) if (!strlen($this->message) || ($config['max_post_chars'] && strlen($this->message) > $config['max_post_chars']))
{ {
$this->warn_msg[] = (!strlen($this->message)) ? $user->lang['TOO_FEW_CHARS'] : $user->lang['TOO_MANY_CHARS']; $this->warn_msg[] = (!strlen($this->message)) ? $user->lang['TOO_FEW_CHARS'] : $user->lang['TOO_MANY_CHARS'];
return $this->warn_msg; return $this->warn_msg;
} }
// Parse HTML
$this->html($html); $this->html($html);
// Parse BBCode
if ($bbcode && strpos($this->message, '[') !== false) if ($bbcode && strpos($this->message, '[') !== false)
{ {
$this->bbcode_init(); $this->bbcode_init();
@ -87,24 +94,27 @@ class parse_message
} }
$this->bbcode(); $this->bbcode();
} }
// Parse Emoticons
$this->emoticons($smilies); $this->emoticons($smilies);
// Parse URL's
$this->magic_url($url); $this->magic_url($url);
return implode('<br />', $this->warn_msg); return implode('<br />', $this->warn_msg);
} }
// Parse HTML
function html($html) function html($html)
{ {
global $config; global $config;
$this->message = str_replace(array('<', '>'), array('&lt;', '&gt;'), $this->message);
if ($html && $config['allow_html_tags']) if ($html && $config['allow_html_tags'])
{ {
// If $html is true then "allowed_tags" are converted back from entity // If $html is true then "allowed_tags" are converted back from entity
// form, others remain // form, others remain
$allowed_tags = split(',', $config['allow_html_tags']); $allowed_tags = split(',', $config['allow_html_tags']);
if (sizeof($allowed_tags)) if (sizeof($allowed_tags))
{ {
$this->message = preg_replace('#&lt;(\/?)(' . str_replace('*', '.*?', implode('|', $allowed_tags)) . ')&gt;#is', '<$1$2>', $this->message); $this->message = preg_replace('#&lt;(\/?)(' . str_replace('*', '.*?', implode('|', $allowed_tags)) . ')&gt;#is', '<$1$2>', $this->message);
@ -112,6 +122,86 @@ class parse_message
} }
} }
// Replace magic urls of form http://xxx.xxx., www.xxx. and xxx@xxx.xxx.
// Cuts down displayed size of link if over 50 chars, turns absolute links
// into relative versions when the server/script path matches the link
function magic_url($url)
{
global $config;
if ($url)
{
$server_protocol = ( $config['cookie_secure'] ) ? 'https://' : 'http://';
$server_port = ( $config['server_port'] <> 80 ) ? ':' . trim($config['server_port']) . '/' : '/';
$match = array();
$replace = array();
// relative urls for this board
$match[] = '#(^|[\n ])' . $server_protocol . trim($config['server_name']) . $server_port . preg_replace('/^\/?(.*?)(\/)?$/', '$1', trim($config['script_path'])) . '/([^ \t\n\r<"\']+)#i';
$replace[] = '<!-- l --><a href="$1" target="_blank">$1</a><!-- l -->';
// matches a xxxx://aaaaa.bbb.cccc. ...
$match[] = '#(^|[\n ])([\w]+?://.*?[^ \t\n\r<"\']*)#ie';
$replace[] = "'\$1<!-- m --><a href=\"\$2\" target=\"_blank\">' . ((strlen('\$2') > 55) ? substr('\$2', 0, 39) . ' ... ' . substr('\$2', -10) : '\$2') . '</a><!-- m -->'";
// matches a "www.xxxx.yyyy[/zzzz]" kinda lazy URL thing
$match[] = '#(^|[\n ])(www\.[\w\-]+\.[\w\-.\~]+(?:/[^ \t\n\r<"\']*)?)#ie';
$replace[] = "'\$1<!-- w --><a href=\"http://\$2\" target=\"_blank\">' . ((strlen('\$2') > 55) ? substr(str_replace(' ', '%20', '\$2'), 0, 39) . ' ... ' . substr('\$2', -10) : '\$2') . '</a><!-- w -->'";
// matches an email@domain type address at the start of a line, or after a space.
$match[] = '#(^|[\n ])([a-z0-9&\-_.]+?@[\w\-]+\.([\w\-\.]+\.)?[\w]+)#ie';
$replace[] = "'\$1<!-- e --><a href=\"mailto:\$2\">' . ((strlen('\$2') > 55) ? substr('\$2', 0, 39) . ' ... ' . substr('\$2', -10) : '\$2') . '</a><!-- e -->'";
$this->message = preg_replace($match, $replace, $this->message);
}
}
function emoticons($smilie)
{
global $db, $user, $phpbb_root_path, $config;
if (!$smilie)
{
return;
}
$sql = 'SELECT *
FROM ' . SMILIES_TABLE;
$result = $db->sql_query($sql);
// TEMP - maybe easier regular expression processing... at the moment two newlines prevents smilie substitution.
$this->message = str_replace("\n", "\\n", $this->message);
if ($row = $db->sql_fetchrow($result))
{
$match = $replace = array();
do
{
$match[] = "#(?<=.\W|\W.|\W)" . preg_quote($row['code'], '#') . "(?=.\W|\W.|\W$)#";
$replace[] = '<!-- s' . $row['code'] . ' --><img src="{SMILE_PATH}/' . $row['smile_url'] . '" border="0" alt="' . $row['emoticon'] . '" title="' . $row['emoticon'] . '" /><!-- s' . $row['code'] . ' -->';
}
while ($row = $db->sql_fetchrow($result));
if ($config['max_post_smilies'])
{
$num_matches = preg_match_all('#' . str_replace('#', '', implode('|', $match)) . '#', $this->message, $matches);
if ($num_matches !== false && $num_matches > intval($config['max_post_smilies']))
{
$this->message = str_replace("\\n", "\n", $this->message);
$this->warn_msg[] = $user->lang['TOO_MANY_SMILIES'];
return;
}
}
$this->message = trim(preg_replace($match, $replace, ' ' . $this->message . ' '));
$this->message = str_replace("\\n", "\n", $this->message);
}
}
// Parse BBCode
function bbcode() function bbcode()
{ {
if (!$this->bbcodes) if (!$this->bbcodes)
@ -584,100 +674,36 @@ class parse_message
function validate_url($var1, $var2) function validate_url($var1, $var2)
{ {
$url = ($var1) ? stripslashes($var1) : stripslashes($var2); global $config;
// Put validation regexps here $url = ($var1) ? stripslashes($var1) : stripslashes($var2);
$valid = false; $valid = false;
if (preg_match('#^http(s?)://#i', $url))
$server_protocol = ( $config['cookie_secure'] ) ? 'https://' : 'http://';
$server_port = ( $config['server_port'] <> 80 ) ? ':' . trim($config['server_port']) . '/' : '/';
// relative urls for this board
if (preg_match('#' . $server_protocol . trim($config['server_name']) . $server_port . preg_replace('/^\/?(.*?)(\/)?$/', '$1', trim($config['script_path'])) . '/([^ \t\n\r<"\']+)#i', $url) ||
preg_match('#([\w]+?://.*?[^ \t\n\r<"\']*)#i', $url) ||
preg_match('#(www\.[\w\-]+\.[\w\-.\~]+(?:/[^ \t\n\r<"\']*)?)#i', $url))
{ {
$valid = true; $valid = true;
} }
if ($valid) if ($valid)
{ {
return (!$url) ? '[url:' . $this->bbcode_uid . ']' . $url . '[/url:' . $this->bbcode_uid . ']' : "[url=$url:" . $this->bbcode_uid . ']' . stripslashes($var2) . '[/url:' . $this->bbcode_uid . ']'; if (!preg_match('#^[\w]+?://.*?#i', $url))
{
$url = 'http://' . $url;
}
return ($var1) ? '[url=' . $url . ':' . $this->bbcode_uid . ']' . stripslashes($var2) . '[/url:' . $this->bbcode_uid . ']' : '[url:' . $this->bbcode_uid . ']' . $url . '[/url:' . $this->bbcode_uid . ']';
} }
return '[url' . (($var1) ? '=' . stripslashes($var1) : '') . ']' . stripslashes($var2) . '[/url]'; return '[url' . (($var1) ? '=' . stripslashes($var1) : '') . ']' . stripslashes($var2) . '[/url]';
} }
// Replace magic urls of form http://xxx.xxx., www.xxx. and xxx@xxx.xxx. // Parse Attachments
// Cuts down displayed size of link if over 50 chars, turns absolute links
// into relative versions when the server/script path matches the link
function magic_url($url)
{
global $config;
if ($url)
{
$server_protocol = ( $config['cookie_secure'] ) ? 'https://' : 'http://';
$server_port = ( $config['server_port'] <> 80 ) ? ':' . trim($config['server_port']) . '/' : '/';
$match = array();
$replace = array();
// relative urls for this board
$match[] = '#(^|[\n ])' . $server_protocol . trim($config['server_name']) . $server_port . preg_replace('/^\/?(.*?)(\/)?$/', '$1', trim($config['script_path'])) . '/([^ \t\n\r <"\']+)#i';
$replace[] = '<!-- l --><a href="$1" target="_blank">$1</a><!-- l -->';
// matches a xxxx://aaaaa.bbb.cccc. ...
$match[] = '#(^|[\n ])([\w]+?://.*?[^ \t\n\r<"]*)#ie';
$replace[] = "'\$1<!-- m --><a href=\"\$2\" target=\"_blank\">' . ((strlen('\$2') > 55) ? substr('\$2', 0, 39) . ' ... ' . substr('\$2', -10) : '\$2') . '</a><!-- m -->'";
// matches a "www.xxxx.yyyy[/zzzz]" kinda lazy URL thing
$match[] = '#(^|[\n ])(www\.[\w\-]+\.[\w\-.\~]+(?:/[^ \t\n\r<"]*)?)#ie';
$replace[] = "'\$1<!-- w --><a href=\"http://\$2\" target=\"_blank\">' . ((strlen('\$2') > 55) ? substr(str_replace(' ', '%20', '\$2'), 0, 39) . ' ... ' . substr('\$2', -10) : '\$2') . '</a><!-- w -->'";
// matches an email@domain type address at the start of a line, or after a space.
$match[] = '#(^|[\n ])([a-z0-9&\-_.]+?@[\w\-]+\.([\w\-\.]+\.)?[\w]+)#ie';
$replace[] = "'\$1<!-- e --><a href=\"mailto:\$2\">' . ((strlen('\$2') > 55) ? substr('\$2', 0, 39) . ' ... ' . substr('\$2', -10) : '\$2') . '</a><!-- e -->'";
$this->message = preg_replace($match, $replace, $this->message);
}
}
function emoticons($smilie)
{
global $db, $user, $phpbb_root_path, $config;
if (!$smilie)
{
return;
}
$sql = 'SELECT *
FROM ' . SMILIES_TABLE;
$result = $db->sql_query($sql);
// TEMP - maybe easier regular expression processing... at the moment two newlines prevents smilie substitution.
$this->message = str_replace("\n", "\\n", $this->message);
if ($row = $db->sql_fetchrow($result))
{
$match = $replace = array();
do
{
$match[] = "#(?<=.\W|\W.|\W)" . preg_quote($row['code'], '#') . "(?=.\W|\W.|\W$)#";
$replace[] = '<!-- s' . $row['code'] . ' --><img src="{SMILE_PATH}/' . $row['smile_url'] . '" border="0" alt="' . $row['emoticon'] . '" title="' . $row['emoticon'] . '" /><!-- s' . $row['code'] . ' -->';
}
while ($row = $db->sql_fetchrow($result));
if ($config['max_post_smilies'])
{
$num_matches = preg_match_all('#' . str_replace('#', '', implode('|', $match)) . '#', $this->message, $matches);
if ($num_matches !== false && $num_matches > intval($config['max_post_smilies']))
{
$this->message = str_replace("\\n", "\n", $this->message);
$this->warn_msg[] = $user->lang['TOO_MANY_SMILIES'];
return;
}
}
$this->message = trim(preg_replace($match, $replace, ' ' . $this->message . ' '));
$this->message = str_replace("\\n", "\n", $this->message);
}
}
function parse_attachments($mode, $post_id, $submit, $preview, $refresh) function parse_attachments($mode, $post_id, $submit, $preview, $refresh)
{ {
global $config, $auth, $user; global $config, $auth, $user;

7
phpBB/includes/ucp/ucp_profile.php
View File

@ -382,9 +382,7 @@ class ucp_profile extends module
{ {
include($phpbb_root_path . 'includes/message_parser.'.$phpEx); include($phpbb_root_path . 'includes/message_parser.'.$phpEx);
$message_parser = new parse_message(); $message_parser = new parse_message($signature);
$message_parser->message = $signature;
$message_parser->parse($enable_html, $enable_bbcode, $enable_urls, $enable_smilies); $message_parser->parse($enable_html, $enable_bbcode, $enable_urls, $enable_smilies);
$sql_ary = array( $sql_ary = array(
@ -411,8 +409,7 @@ class ucp_profile extends module
// Fudge-o-rama ... // Fudge-o-rama ...
include($phpbb_root_path . 'includes/message_parser.'.$phpEx); include($phpbb_root_path . 'includes/message_parser.'.$phpEx);
$message_parser = new parse_message(); $message_parser = new parse_message($signature_preview);
$message_parser->message = $signature_preview;
$message_parser->parse($enable_html, $enable_bbcode, $enable_urls, $enable_smilies); $message_parser->parse($enable_html, $enable_bbcode, $enable_urls, $enable_smilies);
$signature_preview = $message_parser->message; $signature_preview = $message_parser->message;

4
phpBB/posting.php
View File

@ -160,7 +160,7 @@ if ($sql)
$db->sql_freeresult($result); $db->sql_freeresult($result);
} }
$message_parser = new parse_message(0); $message_parser = new parse_message();
$message_parser->filename_data['filecomment'] = preg_replace('#&amp;(\#[0-9]+;)#', '&\1', request_var('filecomment', '')); $message_parser->filename_data['filecomment'] = preg_replace('#&amp;(\#[0-9]+;)#', '&\1', request_var('filecomment', ''));
@ -489,7 +489,7 @@ if ($submit || $preview || $refresh)
$subject = preg_replace('#&amp;(\#[0-9]+;)#', '&\1', $subject); $subject = preg_replace('#&amp;(\#[0-9]+;)#', '&\1', $subject);
$message_parser->message = (isset($_POST['message'])) ? htmlspecialchars(trim(str_replace(array('\\\'', '\\"', '\\0', '\\\\'), array('\'', '"', '\0', '\\'), $_POST['message']))) : ''; $message_parser->message = (isset($_POST['message'])) ? htmlspecialchars(str_replace(array('\\\'', '\\"', '\\0', '\\\\'), array('\'', '"', '\0', '\\'), $_POST['message'])) : '';
$message_parser->message = preg_replace('#&amp;(\#[0-9]+;)#', '&\1', $message_parser->message); $message_parser->message = preg_replace('#&amp;(\#[0-9]+;)#', '&\1', $message_parser->message);
$username = ($_POST['username']) ? request_var('username', '') : $username; $username = ($_POST['username']) ? request_var('username', '') : $username;