| Zeile 13 | Zeile 13 |
|---|
allow_html
allow_smilies
allow_mycode
|
allow_html
allow_smilies
allow_mycode
|
| | allow_auto_url
|
nl2br
filter_badwords
me_username
| nl2br
filter_badwords
me_username
|
| Zeile 95 | Zeile 96 |
|---|
* @var boolean
*/
public $clear_needed = false;
|
* @var boolean
*/
public $clear_needed = false;
|
| |
/**
* Don't validate parser output
*/
const VALIDATION_DISABLE = 0;
/**
* Validate parser output and log errors
*/
const VALIDATION_REPORT_ONLY = 1;
/**
* Validate parser output, log errors, and block output on failure
*/
const VALIDATION_REQUIRE = 2;
/**
* Whether to validate the parser's HTML output when `allow_html` is disabled.
* Validation errors will be logged/sent/displayed according to board settings.
*
* @access public
* @var self::VALIDATION_*
*/
public $output_validation_policy = self::VALIDATION_REPORT_ONLY;
|
/**
* Parses a message with the specified options.
*
* @param string $message The message to be parsed.
|
/**
* Parses a message with the specified options.
*
* @param string $message The message to be parsed.
|
* @param array $options Array of yes/no options - allow_html,filter_badwords,allow_mycode,allow_smilies,nl2br,me_username,filter_cdata.
| * @param array $options Array of yes/no options
|
* @return string The parsed message.
*/
function parse_message($message, $options=array())
{
global $plugins, $mybb;
|
* @return string The parsed message.
*/
function parse_message($message, $options=array())
{
global $plugins, $mybb;
|
| |
$original_message = $message;
|
$this->clear_needed = false;
|
$this->clear_needed = false;
|
| Zeile 180 | Zeile 207 |
|---|
// Replace "me" code and slaps if we have a username
if(!empty($this->options['me_username']) && $mybb->settings['allowmemycode'] == 1)
|
// Replace "me" code and slaps if we have a username
if(!empty($this->options['me_username']) && $mybb->settings['allowmemycode'] == 1)
|
{
| {
|
global $lang;
$message = preg_replace('#(>|^|\r|\n)/me ([^\r\n<]*)#i', "\\1<span style=\"color: red;\" class=\"mycode_me\">* {$this->options['me_username']} \\2</span>", $message);
| global $lang;
$message = preg_replace('#(>|^|\r|\n)/me ([^\r\n<]*)#i', "\\1<span style=\"color: red;\" class=\"mycode_me\">* {$this->options['me_username']} \\2</span>", $message);
|
| Zeile 254 | Zeile 281 |
|---|
$message = $plugins->run_hooks("parse_message_end", $message);
|
$message = $plugins->run_hooks("parse_message_end", $message);
|
return $message;
| if ($this->output_allowed($original_message, $message) === true)
{
return $message;
}
else
{
return '';
}
|
}
/**
| }
/**
|
| Zeile 262 | Zeile 296 |
|---|
*
* @param string $message The message to be parsed.
* @return string The formatted message.
|
*
* @param string $message The message to be parsed.
* @return string The formatted message.
|
*/
| */
|
function parse_html($message)
{
$message = preg_replace("#&(?!\#[0-9]+;)#si", "&", $message); // fix & but allow unicode
| function parse_html($message)
{
$message = preg_replace("#&(?!\#[0-9]+;)#si", "&", $message); // fix & but allow unicode
|
| Zeile 316 | Zeile 350 |
|---|
$standard_mycode['reg']['replacement'] = "®";
++$standard_count;
|
$standard_mycode['reg']['replacement'] = "®";
++$standard_count;
|
}
| }
|
if($mybb->settings['allowlinkmycode'] == 1)
{
|
if($mybb->settings['allowlinkmycode'] == 1)
{
|
| Zeile 342 | Zeile 376 |
|---|
$callback_mycode['email_complex']['regex'] = "#\[email=((?:[a-zA-Z0-9-_\+\.]+?)@[a-zA-Z0-9-]+\.[a-zA-Z0-9\.-]+(?:\?.*?)?)\](.*?)\[/email\]#i";
$callback_mycode['email_complex']['replacement'] = array($this, 'mycode_parse_email_callback');
|
$callback_mycode['email_complex']['regex'] = "#\[email=((?:[a-zA-Z0-9-_\+\.]+?)@[a-zA-Z0-9-]+\.[a-zA-Z0-9\.-]+(?:\?.*?)?)\](.*?)\[/email\]#i";
$callback_mycode['email_complex']['replacement'] = array($this, 'mycode_parse_email_callback');
|
|
|
++$callback_count;
}
| ++$callback_count;
}
|
| Zeile 351 | Zeile 385 |
|---|
$nestable_mycode['color']['regex'] = "#\[color=([a-zA-Z]*|\#?[\da-fA-F]{3}|\#?[\da-fA-F]{6})](.*?)\[/color\]#si";
$nestable_mycode['color']['replacement'] = "<span style=\"color: $1;\" class=\"mycode_color\">$2</span>";
|
$nestable_mycode['color']['regex'] = "#\[color=([a-zA-Z]*|\#?[\da-fA-F]{3}|\#?[\da-fA-F]{6})](.*?)\[/color\]#si";
$nestable_mycode['color']['replacement'] = "<span style=\"color: $1;\" class=\"mycode_color\">$2</span>";
|
++$nestable_count;
}
| ++$nestable_count;
}
|
if($mybb->settings['allowsizemycode'] == 1)
{
$nestable_mycode['size']['regex'] = "#\[size=(xx-small|x-small|small|medium|large|x-large|xx-large)\](.*?)\[/size\]#si";
$nestable_mycode['size']['replacement'] = "<span style=\"font-size: $1;\" class=\"mycode_size\">$2</span>";
|
if($mybb->settings['allowsizemycode'] == 1)
{
$nestable_mycode['size']['regex'] = "#\[size=(xx-small|x-small|small|medium|large|x-large|xx-large)\](.*?)\[/size\]#si";
$nestable_mycode['size']['replacement'] = "<span style=\"font-size: $1;\" class=\"mycode_size\">$2</span>";
|
|
|
$callback_mycode['size_int']['regex'] = "#\[size=([0-9\+\-]+?)\](.*?)\[/size\]#si";
$callback_mycode['size_int']['replacement'] = array($this, 'mycode_handle_size_callback');
|
$callback_mycode['size_int']['regex'] = "#\[size=([0-9\+\-]+?)\](.*?)\[/size\]#si";
$callback_mycode['size_int']['replacement'] = array($this, 'mycode_handle_size_callback');
|
|
|
++$nestable_count;
++$callback_count;
}
if($mybb->settings['allowfontmycode'] == 1)
|
++$nestable_count;
++$callback_count;
}
if($mybb->settings['allowfontmycode'] == 1)
|
{
$nestable_mycode['font']['regex'] = "#\[font=(\"?)([a-z0-9 ,\-_']+)\\1\](.*?)\[/font\]#si";
$nestable_mycode['font']['replacement'] = "<span style=\"font-family: $2;\" class=\"mycode_font\">$3</span>";
| {
$callback_mycode['font']['regex'] = "#\[font=\\s*(\"?)([a-z0-9 ,\-_'\"]+)\\1\\s*\](.*?)\[/font\]#si";
$callback_mycode['font']['replacement'] = array($this, 'mycode_parse_font_callback');
|
++$nestable_count;
}
|
++$nestable_count;
}
|
| Zeile 418 | Zeile 452 |
|---|
foreach($callback_mycode as $code)
{
$this->mycode_cache['callback'][] = array('find' => $code['regex'], 'replacement' => $code['replacement']);
|
foreach($callback_mycode as $code)
{
$this->mycode_cache['callback'][] = array('find' => $code['regex'], 'replacement' => $code['replacement']);
|
}
| }
|
$this->mycode_cache['standard_count'] = $standard_count;
$this->mycode_cache['callback_count'] = $callback_count;
$this->mycode_cache['nestable_count'] = $nestable_count;
| $this->mycode_cache['standard_count'] = $standard_count;
$this->mycode_cache['callback_count'] = $callback_count;
$this->mycode_cache['nestable_count'] = $nestable_count;
|
| Zeile 445 | Zeile 479 |
|---|
if($this->mycode_cache == 0)
{
$this->cache_mycode();
|
if($this->mycode_cache == 0)
{
$this->cache_mycode();
|
}
| }
|
// Parse quotes first
$message = $this->mycode_parse_quotes($message);
|
// Parse quotes first
$message = $this->mycode_parse_quotes($message);
|
|
|
// Convert images when allowed.
if(!empty($this->options['allow_imgcode']))
|
// Convert images when allowed.
if(!empty($this->options['allow_imgcode']))
|
{
| {
|
$message = preg_replace_callback("#\[img\](\r\n?|\n?)(https?://([^<>\"']+?))\[/img\]#is", array($this, 'mycode_parse_img_callback1'), $message);
$message = preg_replace_callback("#\[img=([1-9][0-9]*)x([1-9][0-9]*)\](\r\n?|\n?)(https?://([^<>\"']+?))\[/img\]#is", array($this, 'mycode_parse_img_callback2'), $message);
$message = preg_replace_callback("#\[img align=(left|right)\](\r\n?|\n?)(https?://([^<>\"']+?))\[/img\]#is", array($this, 'mycode_parse_img_callback3'), $message);
| $message = preg_replace_callback("#\[img\](\r\n?|\n?)(https?://([^<>\"']+?))\[/img\]#is", array($this, 'mycode_parse_img_callback1'), $message);
$message = preg_replace_callback("#\[img=([1-9][0-9]*)x([1-9][0-9]*)\](\r\n?|\n?)(https?://([^<>\"']+?))\[/img\]#is", array($this, 'mycode_parse_img_callback2'), $message);
$message = preg_replace_callback("#\[img align=(left|right)\](\r\n?|\n?)(https?://([^<>\"']+?))\[/img\]#is", array($this, 'mycode_parse_img_callback3'), $message);
|
| Zeile 470 | Zeile 504 |
|---|
if(!empty($this->options['allow_videocode']))
{
$message = preg_replace_callback("#\[video=(.*?)\](.*?)\[/video\]#i", array($this, 'mycode_parse_video_callback'), $message);
|
if(!empty($this->options['allow_videocode']))
{
$message = preg_replace_callback("#\[video=(.*?)\](.*?)\[/video\]#i", array($this, 'mycode_parse_video_callback'), $message);
|
}
| }
|
else
{
$message = preg_replace_callback("#\[video=(.*?)\](.*?)\[/video\]#i", array($this, 'mycode_parse_video_disabled_callback'), $message);
| else
{
$message = preg_replace_callback("#\[video=(.*?)\](.*?)\[/video\]#i", array($this, 'mycode_parse_video_disabled_callback'), $message);
|
| Zeile 521 | Zeile 555 |
|---|
}
}
|
}
}
|
$message = $this->mycode_auto_url($message);
| if(
(!isset($this->options['allow_auto_url']) || $this->options['allow_auto_url'] == 1) &&
$mybb->settings['allowautourl'] == 1
)
{
$message = $this->mycode_auto_url($message);
}
|
return $message;
}
|
return $message;
}
|
| Zeile 756 | Zeile 796 |
|---|
$size = (int)$size;
if($size < 1)
|
$size = (int)$size;
if($size < 1)
|
{
| {
|
$size = 1;
}
| $size = 1;
}
|
| Zeile 863 | Zeile 903 |
|---|
$delete_quote = true;
preg_match("#pid=(?:"|\"|')?([0-9]+)[\"']?(?:"|\"|')?#i", $username, $match);
|
$delete_quote = true;
preg_match("#pid=(?:"|\"|')?([0-9]+)[\"']?(?:"|\"|')?#i", $username, $match);
|
if((int)$match[1])
| if(isset($match[1]) && (int)$match[1])
|
{
$pid = (int)$match[1];
$url = $mybb->settings['bburl']."/".get_post_link($pid)."#pid$pid";
| {
$pid = (int)$match[1];
$url = $mybb->settings['bburl']."/".get_post_link($pid)."#pid$pid";
|
| Zeile 882 | Zeile 922 |
|---|
unset($match);
preg_match("#dateline=(?:"|\"|')?([0-9]+)(?:"|\"|')?#i", $username, $match);
|
unset($match);
preg_match("#dateline=(?:"|\"|')?([0-9]+)(?:"|\"|')?#i", $username, $match);
|
if((int)$match[1])
| if(isset($match[1]) && (int)$match[1])
|
{
if($match[1] < TIME_NOW)
{
| {
if($match[1] < TIME_NOW)
{
|
| Zeile 902 | Zeile 942 |
|---|
if($delete_quote)
{
|
if($delete_quote)
{
|
$username = my_substr($username, 0, my_strlen($username)-1);
| $username = my_substr($username, 0, my_strlen($username)-1, true);
|
}
if(!empty($this->options['allow_html']))
| }
if(!empty($this->options['allow_html']))
|
| Zeile 1137 | Zeile 1177 |
|---|
eval("\$mycode_url = \"".$templates->get("mycode_url", 1, 0)."\";");
return $mycode_url;
|
eval("\$mycode_url = \"".$templates->get("mycode_url", 1, 0)."\";");
return $mycode_url;
|
| | }
/**
* Parses font MyCode.
*
* @param array $matches Matches.
* @return string The HTML <span> tag with styled font.
*/
function mycode_parse_font_callback($matches)
{
// Replace any occurrence(s) of double quotes in fonts with single quotes.
// A back-fix for double-quote-containing MyBB font tags in existing
// posts prior to the client-side aspect of this fix for the
// browser-independent SCEditor bug of issue #4182.
$fonts = str_replace('"', "'", $matches[2]);
return "<span style=\"font-family: {$fonts};\" class=\"mycode_font\">{$matches[3]}</span>";
|
}
/**
| }
/**
|
| Zeile 1211 | Zeile 1268 |
|---|
$alt = my_substr($alt, 0, 40).'...'.my_substr($alt, -10);
}
$alt = $this->encode_url($alt);
|
$alt = my_substr($alt, 0, 40).'...'.my_substr($alt, -10);
}
$alt = $this->encode_url($alt);
|
| | $alt = preg_replace("#&(?!\#[0-9]+;)#si", "&", $alt); // fix & but allow unicode
|
$alt = $lang->sprintf($lang->posted_image, $alt);
$width = $height = '';
|
$alt = $lang->sprintf($lang->posted_image, $alt);
$width = $height = '';
|
| Zeile 1584 | Zeile 1642 |
|---|
*/
function mycode_auto_url($message)
{
|
*/
function mycode_auto_url($message)
{
|
$message = " ".$message;
| |
// Links should end with slashes, numbers, characters and braces but not with dots, commas or question marks
// Don't create links within existing links (handled up-front in the callback function).
|
// Links should end with slashes, numbers, characters and braces but not with dots, commas or question marks
// Don't create links within existing links (handled up-front in the callback function).
|
$message = preg_replace_callback("#<a\\s[^>]*>.*?</a>|([\s\(\)\[\>])(http|https|ftp|news|irc|ircs|irc6){1}(://)([^\/\"\s\<\[\.]+\.([^\/\"\s\<\[\.]+\.)*[\w]+(:[0-9]+)?(/([^\"\s<\[]|\[\])*)?([\w\/\)]))(?![^<>]*?>)#ius", array($this, 'mycode_auto_url_callback'), $message);
$message = preg_replace_callback("#<a\\s[^>]*>.*?</a>|([\s\(\)\[\>])(www|ftp)(\.)(([^\/\"\s\<\[\.]+\.)*[\w]+(:[0-9]+)?(/([^\"\s<\[]|\[\])*)?([\w\/\)]))(?![^<>]*?>)#ius", array($this, 'mycode_auto_url_callback'), $message);
$message = my_substr($message, 1);
| $message = preg_replace_callback(
"~
<a\\s[^>]*>.*?</a>| # match and return existing links
(?<=^|[\s\(\)\[\>]) # character preceding the link
(?P<prefix>
(?:http|https|ftp|news|irc|ircs|irc6)://| # scheme, or
(?:www|ftp)\. # common subdomain
)
(?P<link>
(?:[^\/\"\s\<\[\.]+\.)*[\w]+ # host
(?::[0-9]+)? # port
(?:/(?:[^\"\s<\[&]|\[\]|&(?:amp|lt|gt);)*)? # path, query, fragment; exclude unencoded characters
[\w\/\)]
)
(?![^<>]*?>) # not followed by unopened > (within HTML tags)
~iusx",
array($this, 'mycode_auto_url_callback'),
$message
);
|
return $message;
}
|
return $message;
}
|
| Zeile 1612 | Zeile 1684 |
|---|
$external = '';
// Allow links like http://en.wikipedia.org/wiki/PHP_(disambiguation) but detect mismatching braces
|
$external = '';
// Allow links like http://en.wikipedia.org/wiki/PHP_(disambiguation) but detect mismatching braces
|
while(my_substr($matches[4], -1) == ')')
| while(my_substr($matches['link'], -1) == ')')
|
{
|
{
|
if(substr_count($matches[4], ')') > substr_count($matches[4], '('))
| if(substr_count($matches['link'], ')') > substr_count($matches['link'], '('))
|
{
|
{
|
$matches[4] = my_substr($matches[4], 0, -1);
| $matches['link'] = my_substr($matches['link'], 0, -1);
|
$external = ')'.$external;
}
else
| $external = ')'.$external;
}
else
|
| Zeile 1625 | Zeile 1697 |
|---|
}
// Example: ([...] http://en.wikipedia.org/Example_(disambiguation).)
|
}
// Example: ([...] http://en.wikipedia.org/Example_(disambiguation).)
|
$last_char = my_substr($matches[4], -1);
| $last_char = my_substr($matches['link'], -1);
|
while($last_char == '.' || $last_char == ',' || $last_char == '?' || $last_char == '!')
{
|
while($last_char == '.' || $last_char == ',' || $last_char == '?' || $last_char == '!')
{
|
$matches[4] = my_substr($matches[4], 0, -1);
| $matches[4] = my_substr($matches['link'], 0, -1);
|
$external = $last_char.$external;
|
$external = $last_char.$external;
|
$last_char = my_substr($matches[4], -1);
| $last_char = my_substr($matches['link'], -1);
|
}
}
|
}
}
|
$url = "{$matches[2]}{$matches[3]}{$matches[4]}";
| $url = $matches['prefix'].$matches['link'];
|
|
|
return $matches[1].$this->mycode_parse_url($url, $url).$external;
| return $this->mycode_parse_url($url, $url).$external;
|
}
/**
| }
/**
|
| Zeile 1864 | Zeile 1936 |
|---|
$url = str_replace(array_keys($entities), array_values($entities), $url);
return $url;
|
$url = str_replace(array_keys($entities), array_values($entities), $url);
return $url;
|
| | }
/**
* Determines whether the resulting HTML syntax is acceptable for output,
* according to the parser's validation policy and HTML support.
*
* @param string $source The original MyCode.
* @param string $output The output HTML code.
* @return bool
*/
function output_allowed($source, $output)
{
if($this->output_validation_policy === self::VALIDATION_DISABLE || !empty($this->options['allow_html']))
{
return true;
}
else
{
$output_valid = $this->validate_output($source, $output);
if($this->output_validation_policy === self::VALIDATION_REPORT_ONLY)
{
return true;
}
else
{
return $output_valid === true;
}
}
}
/**
* Validate HTML syntax and pass errors to the error handler.
*
* @param string $source The original MyCode.
* @param string $output The output HTML code.
* @return bool
*/
function validate_output($source, $output)
{
global $error_handler;
$ignored_error_codes = array(
// entities may be broken through smilie parsing; cache_smilies() method workaround doesn't cover all entities
'XML_ERR_INVALID_DEC_CHARREF' => 7,
'XML_ERR_INVALID_CHAR' => 9,
'XML_ERR_UNDECLARED_ENTITY' => 26, // unrecognized HTML entities
'XML_ERR_ATTRIBUTE_WITHOUT_VALUE' => 41,
'XML_ERR_TAG_NAME_MISMATCH' => 76, // the parser may output tags closed in different levels and siblings
);
libxml_use_internal_errors(true);
@libxml_disable_entity_loader(true);
simplexml_load_string('<root>'.$output.'</root>', 'SimpleXMLElement', 524288 /* LIBXML_PARSEHUGE */);
$errors = libxml_get_errors();
libxml_use_internal_errors(false);
if(
$errors &&
array_diff(
array_column($errors, 'code'),
$ignored_error_codes
)
)
{
$data = array(
'sourceHtmlEntities' => htmlspecialchars_uni($source),
'outputHtmlEntities' => htmlspecialchars_uni($output),
'errors' => $errors,
);
$error_message = "Parser output validation failed.\n";
$error_message .= var_export($data, true);
$error_handler->error(E_USER_WARNING, $error_message, __FILE__, __LINE__, false);
}
return empty($errors);
|
}
}
| }
}
|