Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: BBCode: use 'preg_replace()' instead of 'str_replace()' to prevent unclosed tags  (Read 33174 times)

0 Members and 1 Guest are viewing this topic.

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15764

Hi,

i changed 'include/functions.inc.php' to use regular expression replace instead of string replace. The advantage is, that unclosed tags will not be processed.
Additionally i added some new bbcode tags.

Open 'include/functions.inc.php' and find:
Code: [Select]
function bb_decode($text)
{

Comment out:
Code: [Select]
        // [b] and [/b] for bolding text.
        $text = str_replace("[b]", '<b>', $text);
        $text = str_replace("[/b]", '</b>', $text);

        // [u] and [/u] for underlining text.
        $text = str_replace("[u]", '<u>', $text);
        $text = str_replace("[/u]", '</u>', $text);

        // [i] and [/i] for italicizing text.
        $text = str_replace("[i]", '<i>', $text);
        $text = str_replace("[/i]", '</i>', $text);

        // colours
        $text = preg_replace("/\[color=(\#[0-9A-F]{6}|[a-z]+)\]/", '<span style="color:$1">', $text);
        $text = str_replace("[/color]", '</span>', $text);

and add:
Code: [Select]
        //preg_replace() instead of str_replace() to prevent unclosed tags
        $text = preg_replace("/\[b\](.*)\[\/b\]/Usi", "<b>\\1</b>", $text);
        $text = preg_replace("/\[u\](.*)\[\/u\]/Usi", "<u>\\1</u>", $text);
        $text = preg_replace("/\[i\](.*)\[\/i\]/Usi", "<i>\\1</i>", $text);
        $text = preg_replace("/\[color=(\#[0-9A-F]{6}|[a-z]+)\](.*)\[\/color\]/Usi", "<span style=\"color:\\1\">\\2</span>", $text);

        //some new tags
        $text = preg_replace("/\[s\](.*)\[\/s\]/Usi", "<span style=\"text-decoration: line-through\">\\1</span>", $text);
        $text = preg_replace("/\[size=(.*)\](.*)\[\/size\]/Usi", "<span style=\"font-size:\\1ex\">\\2</span>", $text);
        $text = preg_replace("/\[quote](.*)\[\/quote\]/Uis", "<div>Quote:</div><div style=\"border:solid 1px;\">\\1</div>", $text);
        $text = preg_replace("/\[quote=(.*)](.*)\[\/quote\]/Uis", "<div>Quote from: \\1</div><div style=\"border:solid 1px;\">\\2</div>", $text);

Keep in mind, that the language of the quote tag is hard-coded yet.


-
muu
Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15764

If you want to allow your users to embed youtube videos (e.g. in comments), add
Code: [Select]
        $text = preg_replace("/\[youtube\](.*)youtube.com\/watch\?v=(.*)\[\/youtube\]/Usi", "<object width=\"425\" height=\"344\"><param name=\"movie\" value=\"http://www.youtube.com/v/\\2&hl=de&fs=1\"></param><param name=\"allowFullScreen\" value=\"true\"></param><embed src=\"http://www.youtube.com/v/\\2&hl=de&fs=1\" type=\"application/x-shockwave-flash\" allowfullscreen=\"true\" width=\"425\" height=\"344\"></embed></object>", $text);
after
Code: [Select]
        //some new tags
        $text = preg_replace("/\[s\](.*)\[\/s\]/Usi", "<span style=\"text-decoration: line-through\">\\1</span>", $text);
        $text = preg_replace("/\[size=(.*)\](.*)\[\/size\]/Usi", "<span style=\"font-size:\\1ex\">\\2</span>", $text);
        $text = preg_replace("/\[quote](.*)\[\/quote\]/Uis", "<div>Quote:</div><div style=\"border:solid 1px;\">\\1</div>", $text);
        $text = preg_replace("/\[quote=(.*)](.*)\[\/quote\]/Uis", "<div>Quote from: \\1</div><div style=\"border:solid 1px;\">\\2</div>", $text);
Logged

keola56

  • Coppermine newbie
  • Offline Offline
  • Posts: 3

how would i go about making a custom BBCode entry for something like myspace profiles where i can have users just add a code for example [myspace]name[/myspace] and have the code auto fill http://www.myspace.com/name but only display the name inputted to be click able?
Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15764

how would i go about making a custom BBCode entry for something like myspace profiles where i can have users just add a code for example [myspace]name[/myspace] and have the code auto fill http://www.myspace.com/name but only display the name inputted to be click able?

Code: [Select]
        $text = preg_replace("/\[myspace\](.*)\[\/myspace\]/Usi", "<a href=\"http://www.myspace.com/\\1\">\\1</a>", $text);
Logged

keola56

  • Coppermine newbie
  • Offline Offline
  • Posts: 3

wow thanks you are awesome!

works perfectly.

now i got a question i would like to ask privately because i have this idea i would like to implement, is this possible? sorry for such a personal request I do appreciate your help  8)
Logged

ultrabr

  • Coppermine newbie
  • Offline Offline
  • Posts: 1


Hi guys . I am unable to adjust my script, returns an error  :( 

what should I replace for preg_replace(); ?

Please, help me !

See:

 $exp1=ereg_replace("([0-9]*).*","\\1",$exp);
 $exp2=ereg_replace("[0-9]*([D|H|M|W|Y])","\\1",$exp);

 $domaine = ereg_replace(".*@(.*)","\\1",$from);
 $ademail=trim(ereg_replace("[^<]*<([^>]*)>","\\1",$email));

 

  $from=ereg_replace("[^<]*<([^>]*)>","\\1",$from);
        if(!preg_match('#^[\w.-]+@[\w.-]+\.[a-z]{2,5}$#i',$ademail)) {
            return FALSE;
        }


Thanks !


Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15764

I cannot see how this is related to this (5 years old!) thread.
Logged
Pages: [1]   Go Up
 

Page created in 0.157 seconds with 21 queries.