Vergleich inc/class_parser.php - 1.8.26 - 1.8.31

  Keine Änderungen   Hinzugefügt   Modifiziert   Entfernt
Zeile 13Zeile 13
	allow_html
allow_smilies
allow_mycode

	allow_html
allow_smilies
allow_mycode

 
	allow_auto_url

	nl2br
filter_badwords
me_username

	nl2br
filter_badwords
me_username

Zeile 95Zeile 96
	 * @var boolean
*/
public $clear_needed = false;

	 * @var boolean
*/
public $clear_needed = false;

 

/**
* Don't validate parser output
*/
const VALIDATION_DISABLE = 0;

/**
* Validate parser output and log errors
*/
const VALIDATION_REPORT_ONLY = 1;

/**
* Validate parser output, log errors, and block output on failure
*/
const VALIDATION_REQUIRE = 2;

/**
* Whether to validate the parser's HTML output when `allow_html` is disabled.
* Validation errors will be logged/sent/displayed according to board settings.
*
* @access public
* @var self::VALIDATION_*
*/
public $output_validation_policy = self::VALIDATION_REQUIRE;


/**
* Parses a message with the specified options.
*
* @param string $message The message to be parsed.


/**
* Parses a message with the specified options.
*
* @param string $message The message to be parsed.

	 * @param array $options Array of yes/no options - allow_html,filter_badwords,allow_mycode,allow_smilies,nl2br,me_username,filter_cdata.

	 * @param array $options Array of yes/no options

	 * @return string The parsed message.
*/
function parse_message($message, $options=array())
{
global $plugins, $mybb;

	 * @return string The parsed message.
*/
function parse_message($message, $options=array())
{
global $plugins, $mybb;

 

$original_message = $message;


$this->clear_needed = false;



$this->clear_needed = false;


Zeile 205Zeile 232
		if($mybb->settings['allowlinkmycode'] != 1)
{
$message = preg_replace("#\[(\/)?url{1}(.*?)\]#i", "", $message);

		if($mybb->settings['allowlinkmycode'] != 1)
{
$message = preg_replace("#\[(\/)?url{1}(.*?)\]#i", "", $message);

		}


		}


		// Parse Highlights
if(!empty($this->options['highlight']))
{

		// Parse Highlights
if(!empty($this->options['highlight']))
{

Zeile 254Zeile 281

$message = $plugins->run_hooks("parse_message_end", $message);



$message = $plugins->run_hooks("parse_message_end", $message);


		return $message;








		if ($this->output_allowed($original_message, $message) === true)
{
return $message;
}
else
{
return '';
}

	}

/**

	}

/**

Zeile 281Zeile 315
		global $cache, $lang, $mybb;
$this->mycode_cache = array();


		global $cache, $lang, $mybb;
$this->mycode_cache = array();


		$standard_mycode = $callback_mycode = $nestable_mycode = array();
$standard_count = $callback_count = $nestable_count = 0;

		$standard_mycode = $callback_mycode = $nestable_mycode = $nestable_callback_mycode = array();
$standard_count = $callback_count = $nestable_count = $nestable_callback_count = 0;


if($mybb->settings['allowbasicmycode'] == 1)
{


if($mybb->settings['allowbasicmycode'] == 1)
{

Zeile 316Zeile 350
			$standard_mycode['reg']['replacement'] = "®";

++$standard_count;

			$standard_mycode['reg']['replacement'] = "®";

++$standard_count;

		}


		}


		if($mybb->settings['allowlinkmycode'] == 1)

		if($mybb->settings['allowlinkmycode'] == 1)

		{

		{

			$callback_mycode['url_simple']['regex'] = "#\[url\]((?!javascript)[a-z]+?://)([^\r\n\"<]+?)\[/url\]#si";
$callback_mycode['url_simple']['replacement'] = array($this, 'mycode_parse_url_callback1');

			$callback_mycode['url_simple']['regex'] = "#\[url\]((?!javascript)[a-z]+?://)([^\r\n\"<]+?)\[/url\]#si";
$callback_mycode['url_simple']['replacement'] = array($this, 'mycode_parse_url_callback1');





			$callback_mycode['url_simple2']['regex'] = "#\[url\]((?!javascript:)[^\r\n\"<]+?)\[/url\]#i";
$callback_mycode['url_simple2']['replacement'] = array($this, 'mycode_parse_url_callback2');

			$callback_mycode['url_simple2']['regex'] = "#\[url\]((?!javascript:)[^\r\n\"<]+?)\[/url\]#i";
$callback_mycode['url_simple2']['replacement'] = array($this, 'mycode_parse_url_callback2');





			$callback_mycode['url_complex']['regex'] = "#\[url=((?!javascript)[a-z]+?://)([^\r\n\"<]+?)\](.+?)\[/url\]#si";
$callback_mycode['url_complex']['replacement'] = array($this, 'mycode_parse_url_callback1');

			$callback_mycode['url_complex']['regex'] = "#\[url=((?!javascript)[a-z]+?://)([^\r\n\"<]+?)\](.+?)\[/url\]#si";
$callback_mycode['url_complex']['replacement'] = array($this, 'mycode_parse_url_callback1');





			$callback_mycode['url_complex2']['regex'] = "#\[url=((?!javascript:)[^\r\n\"<]+?)\](.+?)\[/url\]#si";
$callback_mycode['url_complex2']['replacement'] = array($this, 'mycode_parse_url_callback2');

			$callback_mycode['url_complex2']['regex'] = "#\[url=((?!javascript:)[^\r\n\"<]+?)\](.+?)\[/url\]#si";
$callback_mycode['url_complex2']['replacement'] = array($this, 'mycode_parse_url_callback2');


++$callback_count;


++$callback_count;

		}

if($mybb->settings['allowemailmycode'] == 1)

		}

if($mybb->settings['allowemailmycode'] == 1)

Zeile 342Zeile 376

$callback_mycode['email_complex']['regex'] = "#\[email=((?:[a-zA-Z0-9-_\+\.]+?)@[a-zA-Z0-9-]+\.[a-zA-Z0-9\.-]+(?:\?.*?)?)\](.*?)\[/email\]#i";
$callback_mycode['email_complex']['replacement'] = array($this, 'mycode_parse_email_callback');


$callback_mycode['email_complex']['regex'] = "#\[email=((?:[a-zA-Z0-9-_\+\.]+?)@[a-zA-Z0-9-]+\.[a-zA-Z0-9\.-]+(?:\?.*?)?)\](.*?)\[/email\]#i";
$callback_mycode['email_complex']['replacement'] = array($this, 'mycode_parse_email_callback');


++$callback_count;
}



++$callback_count;
}


		if($mybb->settings['allowcolormycode'] == 1)

		if($mybb->settings['allowcolormycode'] == 1)

		{

		{

			$nestable_mycode['color']['regex'] = "#\[color=([a-zA-Z]*|\#?[\da-fA-F]{3}|\#?[\da-fA-F]{6})](.*?)\[/color\]#si";
$nestable_mycode['color']['replacement'] = "<span style=\"color: $1;\" class=\"mycode_color\">$2</span>";

			$nestable_mycode['color']['regex'] = "#\[color=([a-zA-Z]*|\#?[\da-fA-F]{3}|\#?[\da-fA-F]{6})](.*?)\[/color\]#si";
$nestable_mycode['color']['replacement'] = "<span style=\"color: $1;\" class=\"mycode_color\">$2</span>";


++$nestable_count;
}


++$nestable_count;
}


if($mybb->settings['allowsizemycode'] == 1)


if($mybb->settings['allowsizemycode'] == 1)

		{

		{

			$nestable_mycode['size']['regex'] = "#\[size=(xx-small|x-small|small|medium|large|x-large|xx-large)\](.*?)\[/size\]#si";
$nestable_mycode['size']['replacement'] = "<span style=\"font-size: $1;\" class=\"mycode_size\">$2</span>";

			$nestable_mycode['size']['regex'] = "#\[size=(xx-small|x-small|small|medium|large|x-large|xx-large)\](.*?)\[/size\]#si";
$nestable_mycode['size']['replacement'] = "<span style=\"font-size: $1;\" class=\"mycode_size\">$2</span>";





			$callback_mycode['size_int']['regex'] = "#\[size=([0-9\+\-]+?)\](.*?)\[/size\]#si";
$callback_mycode['size_int']['replacement'] = array($this, 'mycode_handle_size_callback');

			$callback_mycode['size_int']['regex'] = "#\[size=([0-9\+\-]+?)\](.*?)\[/size\]#si";
$callback_mycode['size_int']['replacement'] = array($this, 'mycode_handle_size_callback');


++$nestable_count;


++$nestable_count;

			++$callback_count;

			++$callback_count;

		}

if($mybb->settings['allowfontmycode'] == 1)
{
$nestable_mycode['font']['regex'] = "#\[font=(\"?)([a-z0-9 ,\-_']+)\\1\](.*?)\[/font\]#si";
$nestable_mycode['font']['replacement'] = "<span style=\"font-family: $2;\" class=\"mycode_font\">$3</span>";

++$nestable_count;
}

if($mybb->settings['allowalignmycode'] == 1)
{

		}

if($mybb->settings['allowalignmycode'] == 1)
{









			$nestable_mycode['align']['regex'] = "#\[align=(left|center|right|justify)\](.*?)\[/align\]#si";
$nestable_mycode['align']['replacement'] = "<div style=\"text-align: $1;\" class=\"mycode_align\">$2</div>";

			$nestable_mycode['align']['regex'] = "#\[align=(left|center|right|justify)\](.*?)\[/align\]#si";
$nestable_mycode['align']['replacement'] = "<div style=\"text-align: $1;\" class=\"mycode_align\">$2</div>";





			++$nestable_count;

			++$nestable_count;

 
		}

if($mybb->settings['allowfontmycode'] == 1)
{
$nestable_callback_mycode['font']['regex'] = "#\[font=\\s*(\"?)([a-z0-9 ,\-_'\"]+)\\1\\s*\](.*?)\[/font\]#si";
$nestable_callback_mycode['font']['replacement'] = array($this, 'mycode_parse_font_callback');

++$nestable_callback_count;

		}

$custom_mycode = $cache->read("mycode");

		}

$custom_mycode = $cache->read("mycode");

Zeile 414Zeile 448
			$this->mycode_cache['nestable'][] = array('find' => $code['regex'], 'replacement' => $code['replacement']);
}


			$this->mycode_cache['nestable'][] = array('find' => $code['regex'], 'replacement' => $code['replacement']);
}


		// Assign the nestable MyCode to the cache.

		// Assign the callback MyCode to the cache.

		foreach($callback_mycode as $code)

		foreach($callback_mycode as $code)

		{

		{

			$this->mycode_cache['callback'][] = array('find' => $code['regex'], 'replacement' => $code['replacement']);

			$this->mycode_cache['callback'][] = array('find' => $code['regex'], 'replacement' => $code['replacement']);

 
		}

// Assign the nestable callback MyCode to the cache.
foreach($nestable_callback_mycode as $code)
{
$this->mycode_cache['nestable_callback'][] = array('find' => $code['regex'], 'replacement' => $code['replacement']);

		}

$this->mycode_cache['standard_count'] = $standard_count;
$this->mycode_cache['callback_count'] = $callback_count;
$this->mycode_cache['nestable_count'] = $nestable_count;

		}

$this->mycode_cache['standard_count'] = $standard_count;
$this->mycode_cache['callback_count'] = $callback_count;
$this->mycode_cache['nestable_count'] = $nestable_count;

 
		$this->mycode_cache['nestable_callback_count'] = $nestable_callback_count;

	}

/**

	}

/**

Zeile 482Zeile 523
		if($this->mycode_cache['standard_count'] > 0)
{
$message = preg_replace($this->mycode_cache['standard']['find'], $this->mycode_cache['standard']['replacement'], $message);

		if($this->mycode_cache['standard_count'] > 0)
{
$message = preg_replace($this->mycode_cache['standard']['find'], $this->mycode_cache['standard']['replacement'], $message);

		}


		}


		if($this->mycode_cache['callback_count'] > 0)

		if($this->mycode_cache['callback_count'] > 0)

		{

		{

			foreach($this->mycode_cache['callback'] as $replace)

			foreach($this->mycode_cache['callback'] as $replace)

			{

			{

				$message = preg_replace_callback($replace['find'], $replace['replacement'], $message);
}
}


				$message = preg_replace_callback($replace['find'], $replace['replacement'], $message);
}
}


		// Replace the nestable mycode's
if($this->mycode_cache['nestable_count'] > 0)













		// Replace the nestable mycode's
if($this->mycode_cache['nestable_count'] > 0)
{
foreach($this->mycode_cache['nestable'] as $mycode)
{
while(preg_match($mycode['find'], $message))
{
$message = preg_replace($mycode['find'], $mycode['replacement'], $message);
}
}
}

// Replace the nestable callback mycodes
if($this->mycode_cache['nestable_callback_count'] > 0)

		{

		{

			foreach($this->mycode_cache['nestable'] as $mycode)

			foreach($this->mycode_cache['nestable_callback'] as $replace)

			{

			{

				while(preg_match($mycode['find'], $message))

				while(preg_match($replace['find'], $message))

				{

				{

					$message = preg_replace($mycode['find'], $mycode['replacement'], $message);






					$message_org = $message;
$message = preg_replace_callback($replace['find'], $replace['replacement'], $message);
if ($message_org == $message)
{
break;
}

				}
}
}

				}
}
}

Zeile 521Zeile 579
			}
}


			}
}


		$message = $this->mycode_auto_url($message);







		if(
(!isset($this->options['allow_auto_url']) || $this->options['allow_auto_url'] == 1) &&
$mybb->settings['allowautourl'] == 1
)
{
$message = $this->mycode_auto_url($message);
}


return $message;
}


return $message;
}

Zeile 538Zeile 602

$smilies = $cache->read("smilies");
if(is_array($smilies))


$smilies = $cache->read("smilies");
if(is_array($smilies))

		{

		{

			$extra_class = $onclick = '';
foreach($smilies as $sid => $smilie)
{

			$extra_class = $onclick = '';
foreach($smilies as $sid => $smilie)
{

 
				if(isset($theme['imgdir']))
{
$imgdir = $theme['imgdir'];
}
else
{
$imgdir = '';
}


				$smilie['find'] = explode("\n", $smilie['find']);

				$smilie['find'] = explode("\n", $smilie['find']);

				$smilie['image'] = str_replace("{theme}", $theme['imgdir'], $smilie['image']);

				$smilie['image'] = str_replace("{theme}", $imgdir, $smilie['image']);

				$smilie['image'] = htmlspecialchars_uni($mybb->get_asset_url($smilie['image']));
$smilie['name'] = htmlspecialchars_uni($smilie['name']);


				$smilie['image'] = htmlspecialchars_uni($mybb->get_asset_url($smilie['image']));
$smilie['name'] = htmlspecialchars_uni($smilie['name']);


Zeile 863Zeile 936
		$delete_quote = true;

preg_match("#pid=(?:&quot;|\"|')?([0-9]+)[\"']?(?:&quot;|\"|')?#i", $username, $match);

		$delete_quote = true;

preg_match("#pid=(?:&quot;|\"|')?([0-9]+)[\"']?(?:&quot;|\"|')?#i", $username, $match);

		if((int)$match[1])

		if(isset($match[1]) && (int)$match[1])

		{
$pid = (int)$match[1];
$url = $mybb->settings['bburl']."/".get_post_link($pid)."#pid$pid";

		{
$pid = (int)$match[1];
$url = $mybb->settings['bburl']."/".get_post_link($pid)."#pid$pid";

Zeile 882Zeile 955

unset($match);
preg_match("#dateline=(?:&quot;|\"|')?([0-9]+)(?:&quot;|\"|')?#i", $username, $match);


unset($match);
preg_match("#dateline=(?:&quot;|\"|')?([0-9]+)(?:&quot;|\"|')?#i", $username, $match);

		if((int)$match[1])

		if(isset($match[1]) && (int)$match[1])

		{
if($match[1] < TIME_NOW)
{

		{
if($match[1] < TIME_NOW)
{

Zeile 902Zeile 975

if($delete_quote)
{


if($delete_quote)
{

			$username = my_substr($username, 0, my_strlen($username)-1);

			$username = my_substr($username, 0, my_strlen($username)-1, true);

		}

if(!empty($this->options['allow_html']))

		}

if(!empty($this->options['allow_html']))

Zeile 1137Zeile 1210

eval("\$mycode_url = \"".$templates->get("mycode_url", 1, 0)."\";");
return $mycode_url;


eval("\$mycode_url = \"".$templates->get("mycode_url", 1, 0)."\";");
return $mycode_url;

 
	}

/**
* Parses font MyCode.
*
* @param array $matches Matches.
* @return string The HTML <span> tag with styled font.
*/
function mycode_parse_font_callback($matches)
{
// Replace any occurrence(s) of double quotes in fonts with single quotes.
// A back-fix for double-quote-containing MyBB font tags in existing
// posts prior to the client-side aspect of this fix for the
// browser-independent SCEditor bug of issue #4182.
$fonts = str_replace('"', "'", $matches[2]);

return "<span style=\"font-family: {$fonts};\" class=\"mycode_font\">{$matches[3]}</span>";

	}

/**

	}

/**

Zeile 1211Zeile 1301
			$alt = my_substr($alt, 0, 40).'...'.my_substr($alt, -10);
}
$alt = $this->encode_url($alt);

			$alt = my_substr($alt, 0, 40).'...'.my_substr($alt, -10);
}
$alt = $this->encode_url($alt);

 
		$alt = preg_replace("#&(?!\#[0-9]+;)#si", "&amp;", $alt); // fix & but allow unicode


$alt = $lang->sprintf($lang->posted_image, $alt);
$width = $height = '';


$alt = $lang->sprintf($lang->posted_image, $alt);
$width = $height = '';

Zeile 1378Zeile 1469
	*/
function mycode_parse_video($video, $url)
{

	*/
function mycode_parse_video($video, $url)
{

		global $templates;


		global $mybb, $templates;


		if(empty($video) || empty($url))

		if(empty($video) || empty($url))

		{
return "[video={$video}]{$url}[/video]";
}

		{
return "[video={$video}]{$url}[/video]";
}


// Check URL is a valid URL first, as `parse_url` doesn't check validity.
if(false === filter_var($url, FILTER_VALIDATE_URL))


// Check URL is a valid URL first, as `parse_url` doesn't check validity.
if(false === filter_var($url, FILTER_VALIDATE_URL))

		{
return "[video={$video}]{$url}[/video]";
}

		{
return "[video={$video}]{$url}[/video]";
}


$parsed_url = @parse_url(urldecode($url));
if($parsed_url === false)
{
return "[video={$video}]{$url}[/video]";
}


$parsed_url = @parse_url(urldecode($url));
if($parsed_url === false)
{
return "[video={$video}]{$url}[/video]";
}

 

$bbdomain = parse_url($mybb->settings['bburl'], PHP_URL_HOST);


$fragments = array();
if($parsed_url['fragment'])


$fragments = array();
if($parsed_url['fragment'])

Zeile 1584Zeile 1677
	*/
function mycode_auto_url($message)
{

	*/
function mycode_auto_url($message)
{

		$message = " ".$message;


 
		// Links should end with slashes, numbers, characters and braces but not with dots, commas or question marks
// Don't create links within existing links (handled up-front in the callback function).

		// Links should end with slashes, numbers, characters and braces but not with dots, commas or question marks
// Don't create links within existing links (handled up-front in the callback function).

		$message = preg_replace_callback("#<a\\s[^>]*>.*?</a>|([\s\(\)\[\>])(http|https|ftp|news|irc|ircs|irc6){1}(://)([^\/\"\s\<\[\.]+\.([^\/\"\s\<\[\.]+\.)*[\w]+(:[0-9]+)?(/([^\"\s<\[]|\[\])*)?([\w\/\)]))(?![^<>]*?>)#ius", array($this, 'mycode_auto_url_callback'), $message);
$message = preg_replace_callback("#<a\\s[^>]*>.*?</a>|([\s\(\)\[\>])(www|ftp)(\.)(([^\/\"\s\<\[\.]+\.)*[\w]+(:[0-9]+)?(/([^\"\s<\[]|\[\])*)?([\w\/\)]))(?![^<>]*?>)#ius", array($this, 'mycode_auto_url_callback'), $message);
$message = my_substr($message, 1);


















		$message = preg_replace_callback(
"~
<a\\s[^>]*>.*?</a>| # match and return existing links
(?<=^|[\s\(\)\[\>]) # character preceding the link
(?P<prefix>
(?:http|https|ftp|news|irc|ircs|irc6)://| # scheme, or
(?:www|ftp)\. # common subdomain
)
(?P<link>
(?:[^\/\"\s\<\[\.]+\.)*[\w]+ # host
(?::[0-9]+)? # port
(?:/(?:[^\"\s<\[&]|\[\]|&(?:amp|lt|gt);)*)? # path, query, fragment; exclude unencoded characters
[\w\/\)]
)
(?![^<>]*?>) # not followed by unopened > (within HTML tags)
~iusx",
array($this, 'mycode_auto_url_callback'),
$message
);


		return $message;

		return $message;

	}


	}


	/**
* Parses URLs automatically.
*
* @param array $matches Matches

	/**
* Parses URLs automatically.
*
* @param array $matches Matches

	* @return string The parsed message.
*/

	* @return string The parsed message.
*/

	function mycode_auto_url_callback($matches=array())
{
// If we matched a preexisting link (the part of the regexes in mycode_auto_url() before the pipe symbol),
// then simply return it - we don't create links within existing links.
if(count($matches) == 1)

	function mycode_auto_url_callback($matches=array())
{
// If we matched a preexisting link (the part of the regexes in mycode_auto_url() before the pipe symbol),
// then simply return it - we don't create links within existing links.
if(count($matches) == 1)

		{

		{

			return $matches[0];
}

$external = '';
// Allow links like http://en.wikipedia.org/wiki/PHP_(disambiguation) but detect mismatching braces

			return $matches[0];
}

$external = '';
// Allow links like http://en.wikipedia.org/wiki/PHP_(disambiguation) but detect mismatching braces

		while(my_substr($matches[4], -1) == ')')

		while(my_substr($matches['link'], -1) == ')')

		{

		{

			if(substr_count($matches[4], ')') > substr_count($matches[4], '('))

			if(substr_count($matches['link'], ')') > substr_count($matches['link'], '('))

			{

			{

				$matches[4] = my_substr($matches[4], 0, -1);

				$matches['link'] = my_substr($matches['link'], 0, -1);

				$external = ')'.$external;
}
else
{
break;

				$external = ')'.$external;
}
else
{
break;

			}

			}


// Example: ([...] http://en.wikipedia.org/Example_(disambiguation).)


// Example: ([...] http://en.wikipedia.org/Example_(disambiguation).)

			$last_char = my_substr($matches[4], -1);

			$last_char = my_substr($matches['link'], -1);

			while($last_char == '.' || $last_char == ',' || $last_char == '?' || $last_char == '!')
{

			while($last_char == '.' || $last_char == ',' || $last_char == '?' || $last_char == '!')
{

				$matches[4] = my_substr($matches[4], 0, -1);

				$matches[4] = my_substr($matches['link'], 0, -1);

				$external = $last_char.$external;

				$external = $last_char.$external;

				$last_char = my_substr($matches[4], -1);

				$last_char = my_substr($matches['link'], -1);

			}
}

			}
}

		$url = "{$matches[2]}{$matches[3]}{$matches[4]}";

		$url = $matches['prefix'].$matches['link'];





		return $matches[1].$this->mycode_parse_url($url, $url).$external;

		return $this->mycode_parse_url($url, $url).$external;

	}

/**

	}

/**

Zeile 1646Zeile 1753
	* @return string The parsed message.
*/
function mycode_parse_list($message, $type="")

	* @return string The parsed message.
*/
function mycode_parse_list($message, $type="")

	{

	{

		// No list elements? That's invalid HTML
if(strpos($message, '[*]') === false)
{

		// No list elements? That's invalid HTML
if(strpos($message, '[*]') === false)
{

Zeile 1657Zeile 1764
		if(isset($message[0]) && trim($message[0]) == '')
{
array_shift($message);

		if(isset($message[0]) && trim($message[0]) == '')
{
array_shift($message);

		}

		}

		$message = '<li>'.implode("</li>\n<li>", $message)."</li>\n";

if($type)

		$message = '<li>'.implode("</li>\n<li>", $message)."</li>\n";

if($type)

Zeile 1674Zeile 1781

/**
* Parses list MyCode.


/**
* Parses list MyCode.

	*

	*

	* @param array $matches Matches
* @return string The parsed message.
*/

	* @param array $matches Matches
* @return string The parsed message.
*/

Zeile 1781Zeile 1888
			foreach($options as $option_name => $option_value)
{
$this->options[$option_name] = $option_value;

			foreach($options as $option_name => $option_value)
{
$this->options[$option_name] = $option_value;

			}
}

			}
}


// Filter bad words if requested.
if(!empty($this->options['filter_badwords']))


// Filter bad words if requested.
if(!empty($this->options['filter_badwords']))

Zeile 1864Zeile 1971
		$url = str_replace(array_keys($entities), array_values($entities), $url);

return $url;

		$url = str_replace(array_keys($entities), array_values($entities), $url);

return $url;

 
	}

/**
* Determines whether the resulting HTML syntax is acceptable for output,
* according to the parser's validation policy and HTML support.
*
* @param string $source The original MyCode.
* @param string $output The output HTML code.
* @return bool
*/
function output_allowed($source, $output)
{
if($this->output_validation_policy === self::VALIDATION_DISABLE || !empty($this->options['allow_html']))
{
return true;
}
else
{
$output_valid = $this->validate_output($source, $output);

if($this->output_validation_policy === self::VALIDATION_REPORT_ONLY)
{
return true;
}
else
{
return $output_valid === true;
}
}
}

/**
* Validate HTML syntax and pass errors to the error handler.
*
* @param string $source The original MyCode.
* @param string $output The output HTML code.
* @return bool
*/
function validate_output($source, $output)
{
global $error_handler;

$ignored_error_codes = array(
// entities may be broken through smilie parsing; cache_smilies() method workaround doesn't cover all entities
'XML_ERR_INVALID_DEC_CHARREF' => 7,
'XML_ERR_INVALID_CHAR' => 9,

'XML_ERR_UNDECLARED_ENTITY' => 26, // unrecognized HTML entities
'XML_ERR_ATTRIBUTE_WITHOUT_VALUE' => 41,
'XML_ERR_TAG_NAME_MISMATCH' => 76, // the parser may output tags closed in different levels and siblings
);

libxml_use_internal_errors(true);
@libxml_disable_entity_loader(true);

simplexml_load_string('<root>'.$output.'</root>', 'SimpleXMLElement', 524288 /* LIBXML_PARSEHUGE */);

$errors = libxml_get_errors();

libxml_use_internal_errors(false);

if(
$errors &&
array_diff(
array_column($errors, 'code'),
$ignored_error_codes
)
)
{
$data = array(
'sourceHtmlEntities' => htmlspecialchars_uni($source),
'outputHtmlEntities' => htmlspecialchars_uni($output),
'errors' => $errors,
);
$error_message = "Parser output validation failed.\n";
$error_message .= var_export($data, true);

$error_handler->error(E_USER_WARNING, $error_message, __FILE__, __LINE__, false);

return false;
} else {
return true;
}

	}
}

	}
}