diff --git a/phpBB/includes/functions_post.php b/phpBB/includes/functions_post.php index cc74df504c..4016320f22 100644 --- a/phpBB/includes/functions_post.php +++ b/phpBB/includes/functions_post.php @@ -37,19 +37,16 @@ $unhtml_specialchars_replace = array('>', '<', '"', '&'); // function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid = 0) { - global $board_config; - global $html_entities_match, $html_entities_replace; - global $code_entities_match, $code_entities_replace; + global $board_config, $html_entities_match, $html_entities_replace; - // - // Clean up the message - // + // Clean up the message - comment out second line if reverting to old + // html system $message = trim($message); $message = preg_replace($html_entities_match, $html_entities_replace, $message); if ($html_on) { - // ported from 2.2 + // ported from 2.2 - old system remains commented out below // If $html is true then "allowed_tags" are converted back from entity // form, others remain ... note this differs from the old version where you // only needed to specify the first part of the tag ... with this version @@ -67,6 +64,66 @@ function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid $message = preg_replace('#<(\/?)(' . str_replace('*', '.*?', implode('|', $allowed_tags)) . ')>#is', '<\1\2>', $message); } } +/* + if ($html_on) + { + $allowed_tags = split(',', $board_config['allow_html_tags']); + + $end_html = 0; + $start_html = 1; + $tmp_message = ''; + $message = ' ' . $message . ' '; + + while ( $start_html = strpos($message, '<', $start_html) ) + { + $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1, ( $start_html - $end_html - 1 ))); + + if ( $end_html = strpos($message, '>', $start_html) ) + { + $length = $end_html - $start_html + 1; + $hold_string = substr($message, $start_html, $length); + + if ( ( $unclosed_open = strrpos(' ' . $hold_string, '<') ) != 1 ) + { + $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($hold_string, 0, $unclosed_open - 1)); + $hold_string = substr($hold_string, $unclosed_open - 1); + } + + $tagallowed = false; + for($i = 0; $i < sizeof($allowed_html_tags); $i++) + { + $match_tag = trim($allowed_html_tags[$i]); + if ( preg_match('/^<\/?' . $match_tag . '(?!(\s*)style(\s*)\\=)/i', $hold_string) ) + { + $tagallowed = true; + } + } + + $tmp_message .= ( $length && !$tagallowed ) ? preg_replace($html_entities_match, $html_entities_replace, $hold_string) : $hold_string; + + $start_html += $length; + } + else + { + $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $start_html, strlen($message))); + + $start_html = strlen($message); + $end_html = $start_html; + } + } + + if ( $end_html != strlen($message) && $tmp_message != '' ) + { + $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1)); + } + + $message = ( $tmp_message != '' ) ? trim($tmp_message) : trim($message); + } + else + { + $message = preg_replace($html_entities_match, $html_entities_replace, $message); + } +*/ if( $bbcode_on && $bbcode_uid != '' ) {