Vergleich inc/class_parser.php - 1.8.13 - 1.8.33

Keine Änderungen Hinzugefügt Modifiziert Entfernt
Zeile 13	Zeile 13
allow_html allow_smilies allow_mycode	allow_html allow_smilies allow_mycode
	allow_auto_url
nl2br filter_badwords me_username	nl2br filter_badwords me_username
Zeile 95	Zeile 96
* @var boolean */ public $clear_needed = false;	* @var boolean */ public $clear_needed = false;
	/** * Don't validate parser output / const VALIDATION_DISABLE = 0; /* * Validate parser output and log errors / const VALIDATION_REPORT_ONLY = 1; /* * Validate parser output, log errors, and block output on failure / const VALIDATION_REQUIRE = 2; /* * Whether to validate the parser's HTML output when `allow_html` is disabled. * Validation errors will be logged/sent/displayed according to board settings. * * @access public * @var self::VALIDATION_* */ public $output_validation_policy = self::VALIDATION_REQUIRE;
/** * Parses a message with the specified options. * * @param string $message The message to be parsed.	/** * Parses a message with the specified options. * * @param string $message The message to be parsed.
* @param array $options Array of yes/no options - allow_html,filter_badwords,allow_mycode,allow_smilies,nl2br,me_username,filter_cdata.	* @param array $options Array of yes/no options
* @return string The parsed message. */ function parse_message($message, $options=array()) { global $plugins, $mybb;	* @return string The parsed message. */ function parse_message($message, $options=array()) { global $plugins, $mybb;
	$original_message = $message;
$this->clear_needed = false; // Set base URL for parsing smilies	$this->clear_needed = false; // Set base URL for parsing smilies
Zeile 115	Zeile 142
if($this->base_url != "") { if(my_substr($this->base_url, my_strlen($this->base_url) -1) != "/")	if($this->base_url != "") { if(my_substr($this->base_url, my_strlen($this->base_url) -1) != "/")
{	{
$this->base_url = $this->base_url."/"; } }	$this->base_url = $this->base_url."/"; } }
Zeile 123	Zeile 150
// Set the options $this->options = $options;	// Set the options $this->options = $options;
$message = $plugins->run_hooks("parse_message_start", $message);	$message = $plugins->run_hooks("parse_message_start", $message);
// Get rid of carriage returns for they are the workings of the devil $message = str_replace("\r", "", $message);	// Get rid of carriage returns for they are the workings of the devil $message = str_replace("\r", "", $message);
Zeile 132	Zeile 159
if(!empty($this->options['filter_badwords'])) { $message = $this->parse_badwords($message);	if(!empty($this->options['filter_badwords'])) { $message = $this->parse_badwords($message);
}	}
// Filter CDATA tags if requested (syndication.php). if(!empty($this->options['filter_cdata']))	// Filter CDATA tags if requested (syndication.php). if(!empty($this->options['filter_cdata']))
{	{
$message = $this->parse_cdata($message); }	$message = $this->parse_cdata($message); }

// If MyCode needs to be replaced, first filter out [code] and [php] tags.	// If MyCode needs to be replaced, first filter out [code] and [php] tags.
	$code_matches = array();
if(!empty($this->options['allow_mycode']) && $mybb->settings['allowcodemycode'] == 1) { // This code is reserved and could break codes $message = str_replace("<mybb-code>\n", "<mybb_code>\n", $message);	if(!empty($this->options['allow_mycode']) && $mybb->settings['allowcodemycode'] == 1) { // This code is reserved and could break codes $message = str_replace("<mybb-code>\n", "<mybb_code>\n", $message);
preg_match_all("#\[(code\|php)\](.?)\[/\\1\](\r\n?\|\n?)#si", $message, $code_matches, PREG_SET_ORDER); $message = preg_replace("#\[(code\|php)\](.?)\[/\\1\](\r\n?\|\n?)#si", "<mybb-code>\n", $message);	preg_match_all("#\[(code\|php)\](.?)(\[/\\1\])+(\r\n?\|\n?)#si", $message, $code_matches, PREG_SET_ORDER); foreach($code_matches as $point => $part) { if(isset($part[3])) { $part[1] = "[".$part[1]."]"; $code_matches[$point][2] = substr_replace($part[0], "", strrpos($part[0], $part[3]), strlen($part[3])); $code_matches[$point][2] = substr_replace($code_matches[$point][2], "", strpos($code_matches[$point][2], $part[1]), strlen($part[1])); } } $message = preg_replace("#\[(code\|php)\](.?)(\[/\\1\])+(\r\n?\|\n?)#si", "<mybb-code>\n", $message);
} if(empty($this->options['allow_html']))	} if(empty($this->options['allow_html']))
Zeile 186	Zeile 223
} // Replace MyCode if requested.	} // Replace MyCode if requested.
if(!empty($this->options['allow_mycode'])) {	if(!empty($this->options['allow_mycode'])) {
$message = $this->parse_mycode($message);	$message = $this->parse_mycode($message);
	} // Filter url codes, if disabled. if($mybb->settings['allowlinkmycode'] != 1) { $message = preg_replace("#\[(\/)?url{1}(.*?)\]#i", "", $message);
} // Parse Highlights	} // Parse Highlights
Zeile 221	Zeile 264
$message = preg_replace("#\<mybb-code>\n?#", $code, $message, 1); } }	$message = preg_replace("#\<mybb-code>\n?#", $code, $message, 1); } }
}	}
if(!isset($this->options['nl2br']) \|\| $this->options['nl2br'] != 0)	if(!isset($this->options['nl2br']) \|\| $this->options['nl2br'] != 0)
{	{
$message = nl2br($message); // Fix up new lines and block level elements $message = preg_replace("#(</?(?:html\|head\|body\|div\|p\|form\|table\|thead\|tbody\|tfoot\|tr\|td\|th\|ul\|ol\|li\|div\|p\|blockquote\|cite\|hr)[^>]>)\s<br />#i", "$1", $message); $message = preg_replace("#( )+(</?(?:html\|head\|body\|div\|p\|form\|table\|thead\|tbody\|tfoot\|tr\|td\|th\|ul\|ol\|li\|div\|p\|blockquote\|cite\|hr)[^>]*>)#i", "$2", $message);	$message = nl2br($message); // Fix up new lines and block level elements $message = preg_replace("#(</?(?:html\|head\|body\|div\|p\|form\|table\|thead\|tbody\|tfoot\|tr\|td\|th\|ul\|ol\|li\|div\|p\|blockquote\|cite\|hr)[^>]>)\s<br />#i", "$1", $message); $message = preg_replace("#( )+(</?(?:html\|head\|body\|div\|p\|form\|table\|thead\|tbody\|tfoot\|tr\|td\|th\|ul\|ol\|li\|div\|p\|blockquote\|cite\|hr)[^>]*>)#i", "$2", $message);
}	}
if($this->clear_needed)	if($this->clear_needed)
{	{
$message .= '<br class="clear" />';	$message .= '<br class="clear" />';
}	}
$message = $plugins->run_hooks("parse_message_end", $message);	$message = $plugins->run_hooks("parse_message_end", $message);
return $message;	if ($this->output_allowed($original_message, $message) === true) { return $message; } else { return ''; }
} /**	} /**
Zeile 265	Zeile 315
global $cache, $lang, $mybb; $this->mycode_cache = array();	global $cache, $lang, $mybb; $this->mycode_cache = array();
$standard_mycode = $callback_mycode = $nestable_mycode = array(); $standard_count = $callback_count = $nestable_count = 0;	$standard_mycode = $callback_mycode = $nestable_mycode = $nestable_callback_mycode = array(); $standard_count = $callback_count = $nestable_count = $nestable_callback_count = 0;
if($mybb->settings['allowbasicmycode'] == 1) {	if($mybb->settings['allowbasicmycode'] == 1) {
Zeile 348	Zeile 398
++$nestable_count; ++$callback_count;	++$nestable_count; ++$callback_count;
} if($mybb->settings['allowfontmycode'] == 1) { $nestable_mycode['font']['regex'] = "#\[font=([a-z0-9 ,\-_'\"]+)\](.*?)\[/font\]#si"; $nestable_mycode['font']['replacement'] = "<span style=\"font-family: $1;\" class=\"mycode_font\">$2</span>"; ++$nestable_count;
} if($mybb->settings['allowalignmycode'] == 1)	} if($mybb->settings['allowalignmycode'] == 1)
Zeile 364	Zeile 406
$nestable_mycode['align']['replacement'] = "<div style=\"text-align: $1;\" class=\"mycode_align\">$2</div>"; ++$nestable_count;	$nestable_mycode['align']['replacement'] = "<div style=\"text-align: $1;\" class=\"mycode_align\">$2</div>"; ++$nestable_count;
	} if($mybb->settings['allowfontmycode'] == 1) { $nestable_callback_mycode['font']['regex'] = "#\[font=\\s(\"?)([a-z0-9 ,\-_'\"]+)\\1\\s\](.*?)\[/font\]#si"; $nestable_callback_mycode['font']['replacement'] = array($this, 'mycode_parse_font_callback'); ++$nestable_callback_count;
} $custom_mycode = $cache->read("mycode");	} $custom_mycode = $cache->read("mycode");
Zeile 390	Zeile 440
{ $this->mycode_cache['standard']['find'][] = $code['regex']; $this->mycode_cache['standard']['replacement'][] = $code['replacement'];	{ $this->mycode_cache['standard']['find'][] = $code['regex']; $this->mycode_cache['standard']['replacement'][] = $code['replacement'];
}	}
// Assign the nestable MyCode to the cache. foreach($nestable_mycode as $code)	// Assign the nestable MyCode to the cache. foreach($nestable_mycode as $code)
Zeile 398	Zeile 448
$this->mycode_cache['nestable'][] = array('find' => $code['regex'], 'replacement' => $code['replacement']); }	$this->mycode_cache['nestable'][] = array('find' => $code['regex'], 'replacement' => $code['replacement']); }
// Assign the nestable MyCode to the cache. foreach($callback_mycode as $code)	// Assign the callback MyCode to the cache. foreach($callback_mycode as $code) { $this->mycode_cache['callback'][] = array('find' => $code['regex'], 'replacement' => $code['replacement']); } // Assign the nestable callback MyCode to the cache. foreach($nestable_callback_mycode as $code)
{	{
$this->mycode_cache['callback'][] = array('find' => $code['regex'], 'replacement' => $code['replacement']);	$this->mycode_cache['nestable_callback'][] = array('find' => $code['regex'], 'replacement' => $code['replacement']);
} $this->mycode_cache['standard_count'] = $standard_count; $this->mycode_cache['callback_count'] = $callback_count; $this->mycode_cache['nestable_count'] = $nestable_count;	} $this->mycode_cache['standard_count'] = $standard_count; $this->mycode_cache['callback_count'] = $callback_count; $this->mycode_cache['nestable_count'] = $nestable_count;
	$this->mycode_cache['nestable_callback_count'] = $nestable_callback_count;
} /**	} /**
Zeile 434	Zeile 491
// Parse quotes first $message = $this->mycode_parse_quotes($message);	// Parse quotes first $message = $this->mycode_parse_quotes($message);
$message = $this->mycode_auto_url($message);	// Convert images when allowed. if(!empty($this->options['allow_imgcode'])) { $message = preg_replace_callback("#\[img\](\r\n?\|\n?)(https?://([^<>\"']+?))\[/img\]#is", array($this, 'mycode_parse_img_callback1'), $message); $message = preg_replace_callback("#\[img=([1-9][0-9])x([1-9][0-9])\](\r\n?\|\n?)(https?://([^<>\"']+?))\[/img\]#is", array($this, 'mycode_parse_img_callback2'), $message); $message = preg_replace_callback("#\[img align=(left\|right)\](\r\n?\|\n?)(https?://([^<>\"']+?))\[/img\]#is", array($this, 'mycode_parse_img_callback3'), $message); $message = preg_replace_callback("#\[img=([1-9][0-9])x([1-9][0-9]) align=(left\|right)\](\r\n?\|\n?)(https?://([^<>\"']+?))\[/img\]#is", array($this, 'mycode_parse_img_callback4'), $message); } else { $message = preg_replace_callback("#\[img\](\r\n?\|\n?)(https?://([^<>\"']+?))\[/img\]#is", array($this, 'mycode_parse_img_disabled_callback1'), $message); $message = preg_replace_callback("#\[img=([1-9][0-9])x([1-9][0-9])\](\r\n?\|\n?)(https?://([^<>\"']+?))\[/img\]#is", array($this, 'mycode_parse_img_disabled_callback2'), $message); $message = preg_replace_callback("#\[img align=(left\|right)\](\r\n?\|\n?)(https?://([^<>\"']+?))\[/img\]#is", array($this, 'mycode_parse_img_disabled_callback3'), $message); $message = preg_replace_callback("#\[img=([1-9][0-9])x([1-9][0-9]) align=(left\|right)\](\r\n?\|\n?)(https?://([^<>\"']+?))\[/img\]#is", array($this, 'mycode_parse_img_disabled_callback4'), $message); } // Convert videos when allow. if(!empty($this->options['allow_videocode'])) { $message = preg_replace_callback("#\[video=(.?)\](.?)\[/video\]#i", array($this, 'mycode_parse_video_callback'), $message); } else { $message = preg_replace_callback("#\[video=(.?)\](.?)\[/video\]#i", array($this, 'mycode_parse_video_disabled_callback'), $message); }
$message = str_replace('$', '$', $message);	$message = str_replace('$', '$', $message);
Zeile 460	Zeile 541
while(preg_match($mycode['find'], $message)) { $message = preg_replace($mycode['find'], $mycode['replacement'], $message);	while(preg_match($mycode['find'], $message)) { $message = preg_replace($mycode['find'], $mycode['replacement'], $message);
	} } } // Replace the nestable callback mycodes if($this->mycode_cache['nestable_callback_count'] > 0) { foreach($this->mycode_cache['nestable_callback'] as $replace) { while(preg_match($replace['find'], $message)) { $message_org = $message; $message = preg_replace_callback($replace['find'], $replace['replacement'], $message); if ($message_org == $message) { break; }
} } }	} } }
Zeile 478	Zeile 576
{ // Ignores missing end tags $message = preg_replace_callback("#\s?\[list(=(a\|A\|i\|I\|1))?&{$i}\](.*?)(\[/list&{$i}\]\|$)(\r\n?\|\n?)#si", array($this, 'mycode_parse_list_callback'), $message, 1);	{ // Ignores missing end tags $message = preg_replace_callback("#\s?\[list(=(a\|A\|i\|I\|1))?&{$i}\](.*?)(\[/list&{$i}\]\|$)(\r\n?\|\n?)#si", array($this, 'mycode_parse_list_callback'), $message, 1);
} } // Convert images when allowed. if(!empty($this->options['allow_imgcode'])) { $message = preg_replace_callback("#\[img\](\r\n?\|\n?)(https?://([^<>\"']+?))\[/img\]#is", array($this, 'mycode_parse_img_callback1'), $message); $message = preg_replace_callback("#\[img=([1-9][0-9])x([1-9][0-9])\](\r\n?\|\n?)(https?://([^<>\"']+?))\[/img\]#is", array($this, 'mycode_parse_img_callback2'), $message); $message = preg_replace_callback("#\[img align=(left\|right)\](\r\n?\|\n?)(https?://([^<>\"']+?))\[/img\]#is", array($this, 'mycode_parse_img_callback3'), $message); $message = preg_replace_callback("#\[img=([1-9][0-9])x([1-9][0-9]) align=(left\|right)\](\r\n?\|\n?)(https?://([^<>\"']+?))\[/img\]#is", array($this, 'mycode_parse_img_callback4'), $message); } else { $message = preg_replace_callback("#\[img\](\r\n?\|\n?)(https?://([^<>\"']+?))\[/img\]#is", array($this, 'mycode_parse_img_disabled_callback1'), $message); $message = preg_replace_callback("#\[img=([1-9][0-9])x([1-9][0-9])\](\r\n?\|\n?)(https?://([^<>\"']+?))\[/img\]#is", array($this, 'mycode_parse_img_disabled_callback2'), $message); $message = preg_replace_callback("#\[img align=(left\|right)\](\r\n?\|\n?)(https?://([^<>\"']+?))\[/img\]#is", array($this, 'mycode_parse_img_disabled_callback3'), $message); $message = preg_replace_callback("#\[img=([1-9][0-9])x([1-9][0-9]) align=(left\|right)\](\r\n?\|\n?)(https?://([^<>\"']+?))\[/img\]#is", array($this, 'mycode_parse_img_disabled_callback4'), $message); } // Convert videos when allow. if(!empty($this->options['allow_videocode'])) { $message = preg_replace_callback("#\[video=(.?)\](.?)\[/video\]#i", array($this, 'mycode_parse_video_callback'), $message); } else { $message = preg_replace_callback("#\[video=(.?)\](.?)\[/video\]#i", array($this, 'mycode_parse_video_disabled_callback'), $message); }	} } if( (!isset($this->options['allow_auto_url']) \|\| $this->options['allow_auto_url'] == 1) && $mybb->settings['allowautourl'] == 1 ) { $message = $this->mycode_auto_url($message); }
return $message; }	return $message; }
Zeile 522	Zeile 602
$smilies = $cache->read("smilies"); if(is_array($smilies))	$smilies = $cache->read("smilies"); if(is_array($smilies))
{	{
$extra_class = $onclick = ''; foreach($smilies as $sid => $smilie) {	$extra_class = $onclick = ''; foreach($smilies as $sid => $smilie) {
	if(isset($theme['imgdir'])) { $imgdir = $theme['imgdir']; } else { $imgdir = ''; }
$smilie['find'] = explode("\n", $smilie['find']);	$smilie['find'] = explode("\n", $smilie['find']);
$smilie['image'] = str_replace("{theme}", $theme['imgdir'], $smilie['image']);	$smilie['image'] = str_replace("{theme}", $imgdir, $smilie['image']);
$smilie['image'] = htmlspecialchars_uni($mybb->get_asset_url($smilie['image'])); $smilie['name'] = htmlspecialchars_uni($smilie['name']);	$smilie['image'] = htmlspecialchars_uni($mybb->get_asset_url($smilie['image'])); $smilie['name'] = htmlspecialchars_uni($smilie['name']);
Zeile 590	Zeile 679
$i++; } $message = implode("", $message);	$i++; } $message = implode("", $message);
}	}
return $message; }	return $message; }
Zeile 635	Zeile 724
$badword['replacement'] = "*****"; }	$badword['replacement'] = "*****"; }
// Take into account the position offset for our last replacement. $badword['badword'] = str_replace('\*', '([a-zA-Z0-9_]{1})', preg_quote($badword['badword'], "#"));	if(!$badword['regex']) { $badword['badword'] = $this->generate_regex($badword['badword']); } $message = preg_replace('#'.$badword['badword'].'#is', $badword['replacement'], $message); } } if(!empty($this->options['strip_tags'])) { $message = strip_tags($message); } return $message; } /** * Generates REGEX patterns based on user defined badword string. * * @param string $badword The word defined to replace. * @return string The regex pattern to match the word or null on error. */ function generate_regex($bad_word = "") { if($bad_word == "") { return; }

// Ensure we run the replacement enough times but not recursively (i.e. not while(preg_match..)) $message = preg_replace("#(^\|\W)".$badword['badword']."(?=\W\|$)#i", '\1'.$badword['replacement'], $message);	// Neutralize escape character, regex operators, multiple adjacent wildcards and generate pattern $ptrn = array('/\\\\/', '/([\[\^\$\.\\|\?\{\}]{1})/', '/\\++/', '/\++\/', '/\+/'); $rplc = array('\\\\\\\\','\\\\${1}', '', '', '[^\s\n]'); $bad_word = preg_replace($ptrn, $rplc, $bad_word); // Count + and generate pattern $bad_word = explode('+', $bad_word); $trap = ""; $plus = 0; foreach($bad_word as $bad_piece) { if($bad_piece) { $trap .= $plus ? '[^\s\n]{'.$plus.'}'.$bad_piece : $bad_piece; $plus = 1; } else { $plus++;
}	}
} if(!empty($this->options['strip_tags']))	} // Handle trailing + if($plus > 1)
{	{
$message = strip_tags($message);	$trap .= '[^\s\n]{'.($plus-1).'}';
}	}
return $message;	return '\b'.$trap.'\b';
} /**	} /**
Zeile 743	Zeile 877
} else {	} else {
$replace = "\n{$lang->quote}\n--\n$1\n--\n";	$replace = empty($this->options['signature_parse']) ? "\n{$lang->quote}\n--\n$1\n--\n" : "$1";
$replace_callback = array($this, 'mycode_parse_post_quotes_callback2'); }	$replace_callback = array($this, 'mycode_parse_post_quotes_callback2'); }
Zeile 802	Zeile 936
$delete_quote = true; preg_match("#pid=(?:"\|\"\|')?([0-9]+)[\"']?(?:"\|\"\|')?#i", $username, $match);	$delete_quote = true; preg_match("#pid=(?:"\|\"\|')?([0-9]+)[\"']?(?:"\|\"\|')?#i", $username, $match);
if((int)$match[1])	if(isset($match[1]) && (int)$match[1])
{ $pid = (int)$match[1]; $url = $mybb->settings['bburl']."/".get_post_link($pid)."#pid$pid";	{ $pid = (int)$match[1]; $url = $mybb->settings['bburl']."/".get_post_link($pid)."#pid$pid";
Zeile 821	Zeile 955
unset($match); preg_match("#dateline=(?:"\|\"\|')?([0-9]+)(?:"\|\"\|')?#i", $username, $match);	unset($match); preg_match("#dateline=(?:"\|\"\|')?([0-9]+)(?:"\|\"\|')?#i", $username, $match);
if((int)$match[1])	if(isset($match[1]) && (int)$match[1])
{ if($match[1] < TIME_NOW) {	{ if($match[1] < TIME_NOW) {
Zeile 841	Zeile 975
if($delete_quote) {	if($delete_quote) {
$username = my_substr($username, 0, my_strlen($username)-1);	$username = my_substr($username, 0, my_strlen($username)-1, true);
} if(!empty($this->options['allow_html']))	} if(!empty($this->options['allow_html']))
Zeile 901	Zeile 1035
if($text_only == true) {	if($text_only == true) {
return "\n{$lang->code}\n--\n{$code}\n--\n";	return empty($this->options['signature_parse']) ? "\n{$lang->code}\n--\n{$code}\n--\n" : $code;
} // Clean the string before parsing.	} // Clean the string before parsing.
Zeile 949	Zeile 1083
if($text_only == true) {	if($text_only == true) {
return "\n{$lang->php_code}\n--\n$str\n--\n";	return empty($this->options['signature_parse']) ? "\n{$lang->php_code}\n--\n{$str}\n--\n" : $str;
} // Clean the string before parsing except tab spaces.	} // Clean the string before parsing except tab spaces.
Zeile 1071	Zeile 1205
} // Fix some entities in URLs	} // Fix some entities in URLs
$entities = array('$' => '%24', '$' => '%24', '^' => '%5E', '`' => '%60', '[' => '%5B', ']' => '%5D', '{' => '%7B', '}' => '%7D', '"' => '%22', '<' => '%3C', '>' => '%3E', ' ' => '%20'); $url = str_replace(array_keys($entities), array_values($entities), $url); $name = preg_replace("#&\#([0-9]+);#si", "&#$1;", $name); // Fix & but allow unicode	$url = $this->encode_url($url); $name = $this->parse_badwords(preg_replace("#&\#([0-9]+);#si", "&#$1;", $name)); // Fix & but allow unicode, filter bad words
eval("\$mycode_url = \"".$templates->get("mycode_url", 1, 0)."\";"); return $mycode_url;	eval("\$mycode_url = \"".$templates->get("mycode_url", 1, 0)."\";"); return $mycode_url;
} /** * Parses URL MyCode. * * @param array $matches Matches.	} /** * Parses font MyCode. * * @param array $matches Matches. * @return string The HTML <span> tag with styled font. / function mycode_parse_font_callback($matches) { // Replace any occurrence(s) of double quotes in fonts with single quotes. // A back-fix for double-quote-containing MyBB font tags in existing // posts prior to the client-side aspect of this fix for the // browser-independent SCEditor bug of issue #4182. $fonts = str_replace('"', "'", $matches[2]); return "<span style=\"font-family: {$fonts};\" class=\"mycode_font\">{$matches[3]}</span>"; } /* * Parses URL MyCode. * * @param array $matches Matches.
* @return string The built-up link. */ function mycode_parse_url_callback1($matches) { if(!isset($matches[3]))	* @return string The built-up link. */ function mycode_parse_url_callback1($matches) { if(!isset($matches[3]))
{	{
$matches[3] = ''; } return $this->mycode_parse_url($matches[1].$matches[2], $matches[3]);	$matches[3] = ''; } return $this->mycode_parse_url($matches[1].$matches[2], $matches[3]);
} /**	} /**
* Parses URL MyCode. * * @param array $matches Matches.	* Parses URL MyCode. * * @param array $matches Matches.
Zeile 1119	Zeile 1268
* @return string */ function mycode_parse_img($url, $dimensions=array(), $align='')	* @return string */ function mycode_parse_img($url, $dimensions=array(), $align='')
{	{
global $lang, $templates; $url = trim($url); $url = str_replace("\n", "", $url);	global $lang, $templates; $url = trim($url); $url = str_replace("\n", "", $url);
Zeile 1128	Zeile 1277
if(!empty($this->options['allow_html'])) { $url = $this->parse_html($url);	if(!empty($this->options['allow_html'])) { $url = $this->parse_html($url);
}	}
$css_align = ''; if($align == "right") { $css_align = ' style="float: right;"';	$css_align = ''; if($align == "right") { $css_align = ' style="float: right;"';
}	}
else if($align == "left") { $css_align = ' style="float: left;"';	else if($align == "left") { $css_align = ' style="float: left;"';
Zeile 1143	Zeile 1292
if($align) { $this->clear_needed = true;	if($align) { $this->clear_needed = true;
}	}
$alt = basename($url); $alt = htmlspecialchars_decode($alt); if(my_strlen($alt) > 55) { $alt = my_substr($alt, 0, 40).'...'.my_substr($alt, -10);	$alt = basename($url); $alt = htmlspecialchars_decode($alt); if(my_strlen($alt) > 55) { $alt = my_substr($alt, 0, 40).'...'.my_substr($alt, -10);
} $alt = htmlspecialchars_uni($alt);	} $alt = $this->encode_url($alt); $alt = preg_replace("#&(?!\#[0-9]+;)#si", "&", $alt); // fix & but allow unicode
$alt = $lang->sprintf($lang->posted_image, $alt); $width = $height = '';	$alt = $lang->sprintf($lang->posted_image, $alt); $width = $height = '';
Zeile 1160	Zeile 1310
$width = " width=\"{$dimensions[0]}\""; $height = " height=\"{$dimensions[1]}\""; }	$width = " width=\"{$dimensions[0]}\""; $height = " height=\"{$dimensions[1]}\""; }
	$url = $this->encode_url($url);
eval("\$mycode_img = \"".$templates->get("mycode_img", 1, 0)."\";"); return $mycode_img;	eval("\$mycode_img = \"".$templates->get("mycode_img", 1, 0)."\";"); return $mycode_img;
} /** * Parses IMG MyCode. * * @param array $matches Matches.	} /** * Parses IMG MyCode. * * @param array $matches Matches.
* @return string Image code. */ function mycode_parse_img_callback1($matches)	* @return string Image code. */ function mycode_parse_img_callback1($matches)
Zeile 1177	Zeile 1329
} /**	} /**
* Parses IMG MyCode. * * @param array $matches Matches. * @return string Image code. / function mycode_parse_img_callback2($matches) { return $this->mycode_parse_img($matches[4], array($matches[1], $matches[2])); } /*	* Parses IMG MyCode. * * @param array $matches Matches. * @return string Image code. / function mycode_parse_img_callback2($matches) { return $this->mycode_parse_img($matches[4], array($matches[1], $matches[2])); } /*
* Parses IMG MyCode. * * @param array $matches Matches.	* Parses IMG MyCode. * * @param array $matches Matches.
Zeile 1196	Zeile 1348
function mycode_parse_img_callback3($matches) { return $this->mycode_parse_img($matches[3], array(), $matches[1]);	function mycode_parse_img_callback3($matches) { return $this->mycode_parse_img($matches[3], array(), $matches[1]);
} /**	} /**
* Parses IMG MyCode. * * @param array $matches Matches.	* Parses IMG MyCode. * * @param array $matches Matches.
Zeile 1216	Zeile 1368
* @return string */ function mycode_parse_img_disabled($url)	* @return string */ function mycode_parse_img_disabled($url)
{	{
global $lang; $url = trim($url); $url = str_replace("\n", "", $url);	global $lang; $url = trim($url); $url = str_replace("\n", "", $url);
Zeile 1226	Zeile 1378
$image = $lang->sprintf($lang->posted_image, $this->mycode_parse_url($url)); return $image; }	$image = $lang->sprintf($lang->posted_image, $this->mycode_parse_url($url)); return $image; }
/** * Parses IMG MyCode disabled. * * @param array $matches Matches. * @return string Image code. */ function mycode_parse_img_disabled_callback1($matches) { return $this->mycode_parse_img_disabled($matches[2]); }	/** * Parses IMG MyCode disabled. * * @param array $matches Matches. * @return string Image code. */ function mycode_parse_img_disabled_callback1($matches) { return $this->mycode_parse_img_disabled($matches[2]); }
/** * Parses IMG MyCode disabled.	/** * Parses IMG MyCode disabled.
Zeile 1285	Zeile 1437
if(!$name) { $name = $email;	if(!$name) { $name = $email;
} if(preg_match("/^([a-zA-Z0-9-_\+\.]+?)@[a-zA-Z0-9-]+\.[a-zA-Z0-9\.-]+$/si", $email)) { $email = $email; } elseif(preg_match("/^([a-zA-Z0-9-_\+\.]+?)@[a-zA-Z0-9-]+\.[a-zA-Z0-9\.-]+\?(.*?)$/si", $email)) { $email = htmlspecialchars_uni($email);
}	}
	$email = $this->encode_url($email);
eval("\$mycode_email = \"".$templates->get("mycode_email", 1, 0)."\";"); return $mycode_email;	eval("\$mycode_email = \"".$templates->get("mycode_email", 1, 0)."\";"); return $mycode_email;
}	}
/** * Parses email MyCode.	/** * Parses email MyCode.
Zeile 1306	Zeile 1452
* @return string The built-up email link. */ function mycode_parse_email_callback($matches)	* @return string The built-up email link. */ function mycode_parse_email_callback($matches)
{	{
if(!isset($matches[2])) { $matches[2] = '';	if(!isset($matches[2])) { $matches[2] = '';
Zeile 1322	Zeile 1468
* @return string The built-up video code. */ function mycode_parse_video($video, $url)	* @return string The built-up video code. */ function mycode_parse_video($video, $url)
{ global $templates;	{ global $mybb, $templates;
if(empty($video) \|\| empty($url))	if(empty($video) \|\| empty($url))
{ return "[video={$video}]{$url}[/video]"; }	{ return "[video={$video}]{$url}[/video]"; } // Check URL is a valid URL first, as `parse_url` doesn't check validity. if(false === filter_var($url, FILTER_VALIDATE_URL)) { return "[video={$video}]{$url}[/video]"; }
$parsed_url = @parse_url(urldecode($url));	$parsed_url = @parse_url(urldecode($url));
if($parsed_url == false) {	if($parsed_url === false) {
return "[video={$video}]{$url}[/video]";	return "[video={$video}]{$url}[/video]";
}	} $bbdomain = parse_url($mybb->settings['bburl'], PHP_URL_HOST);
$fragments = array(); if($parsed_url['fragment'])	$fragments = array(); if($parsed_url['fragment'])
{	{
$fragments = explode("&", $parsed_url['fragment']);	$fragments = explode("&", $parsed_url['fragment']);
	} if($video == "liveleak") { // The query part can start with any alphabet, but set only 'i' to catch in index key later $parsed_url['query'] = "i".substr($parsed_url['query'], 1);
} $queries = explode("&", $parsed_url['query']);	} $queries = explode("&", $parsed_url['query']);
Zeile 1350	Zeile 1510
list($key, $value) = explode("=", $query); $key = str_replace("amp;", "", $key); $input[$key] = $value;	list($key, $value) = explode("=", $query); $key = str_replace("amp;", "", $key); $input[$key] = $value;
}	}
$path = explode('/', $parsed_url['path']); switch($video) { case "dailymotion":	$path = explode('/', $parsed_url['path']); switch($video) { case "dailymotion":
list($id) = explode('_', $path[2], 2); // http://www.dailymotion.com/video/fds123_title-goes-here	if(isset($path[2])) { list($id) = explode('_', $path[2], 2); // http://www.dailymotion.com/video/fds123_title-goes-here } else { $id = $path[1]; // http://dai.ly/fds123 }
break; case "metacafe": $id = $path[2]; // http://www.metacafe.com/watch/fds123/title_goes_here/	break; case "metacafe": $id = $path[2]; // http://www.metacafe.com/watch/fds123/title_goes_here/
Zeile 1380	Zeile 1547
$id = $path[3]; // https://www.facebook.com/fds/videos/123/ } break;	$id = $path[3]; // https://www.facebook.com/fds/videos/123/ } break;
case "veoh": $id = $path[2]; // http://www.veoh.com/watch/123	case "mixer": $id = $path[1]; // https://mixer.com/streamer
break; case "liveleak": $id = $input['i']; // http://www.liveleak.com/view?i=123	break; case "liveleak": $id = $input['i']; // http://www.liveleak.com/view?i=123
Zeile 1404	Zeile 1571
else { $local = '';	else { $local = '';
}	}
break; case "vimeo": if(isset($path[3])) { $id = $path[3]; // http://vimeo.com/fds/fds/fds123 }	break; case "vimeo": if(isset($path[3])) { $id = $path[3]; // http://vimeo.com/fds/fds/fds123 }
else { $id = $path[1]; // http://vimeo.com/fds123 } break;	else { $id = $path[1]; // http://vimeo.com/fds123 } break;
case "youtube": if($fragments[0])	case "youtube": if($fragments[0])
{	{
$id = str_replace('!v=', '', $fragments[0]); // http://www.youtube.com/watch#!v=fds123 } elseif($input['v']) { $id = $input['v']; // http://www.youtube.com/watch?v=fds123	$id = str_replace('!v=', '', $fragments[0]); // http://www.youtube.com/watch#!v=fds123 } elseif($input['v']) { $id = $input['v']; // http://www.youtube.com/watch?v=fds123
}	}
else { $id = $path[1]; // http://www.youtu.be/fds123	else { $id = $path[1]; // http://www.youtu.be/fds123
} break;	} break;
case "twitch": if(count($path) >= 3 && $path[1] == 'videos') {	case "twitch": if(count($path) >= 3 && $path[1] == 'videos') {
Zeile 1454	Zeile 1621
if(empty($id)) { return "[video={$video}]{$url}[/video]";	if(empty($id)) { return "[video={$video}]{$url}[/video]";
}	}

$id = htmlspecialchars_uni($id);	$id = $this->encode_url($id);

eval("\$video_code = \"".$templates->get("video_{$video}_embed")."\";");	eval("\$video_code = \"".$templates->get("video_{$video}_embed", 1, 0)."\";");
return $video_code; }	return $video_code; }
Zeile 1506	Zeile 1673
* Parses URLs automatically. * * @param string $message The message to be parsed	* Parses URLs automatically. * * @param string $message The message to be parsed
* @return string The parsed message.	* @return string The parsed message.
*/ function mycode_auto_url($message) {	*/ function mycode_auto_url($message) {
$message = " ".$message;
// Links should end with slashes, numbers, characters and braces but not with dots, commas or question marks	// Links should end with slashes, numbers, characters and braces but not with dots, commas or question marks
$message = preg_replace_callback("#([\>\s])(http\|https\|ftp\|news\|irc\|ircs\|irc6){1}://([^\/\"\s\<\[\.]+\.([^\/\"\s\<\[\.]+\.)[\w]+(:[0-9]+)?(/([^\"\s<\[]\|\[\]))?([\w\/\)]))#iu", array($this, 'mycode_auto_url_callback'), $message); $message = preg_replace_callback("#([\>\s])(www\|ftp)\.(([^\/\"\s\<\[\.]+\.)[\w]+(:[0-9]+)?(/([^\"\s<\[]\|\[\]))?([\w\/\)]))#iu", array($this, 'mycode_auto_url_callback'), $message); $message = my_substr($message, 1);	// Don't create links within existing links (handled up-front in the callback function). $message = preg_replace_callback( "~ <a\\s[^>]>.?</a>\| # match and return existing links (?<=^\|[\s\[\>]) # character preceding the link (?P<prefix> (?:http\|https\|ftp\|news\|irc\|ircs\|irc6)://\| # scheme, or (?:www\|ftp)\. # common subdomain ) (?P<link> (?:[^\/\"\s\<\[\.]+\.)[\w]+ # host (?::[0-9]+)? # port (?:/(?:[^\"\s<\[&]\|\[\]\|&(?:amp\|lt\|gt);))? # path, query, fragment; exclude unencoded characters [\w\/\)] ) (?![^<>]*?>) # not followed by unopened > (within HTML tags) ~iusx", array($this, 'mycode_auto_url_callback'), $message );
return $message; }	return $message; }
Zeile 1525	Zeile 1708
* @param array $matches Matches * @return string The parsed message. */	* @param array $matches Matches * @return string The parsed message. */
function mycode_auto_url_callback($matches)	function mycode_auto_url_callback($matches=array())
{	{
	// If we matched a preexisting link (the part of the regexes in mycode_auto_url() before the pipe symbol), // then simply return it - we don't create links within existing links. if(count($matches) == 1) { return $matches[0]; }
$external = ''; // Allow links like http://en.wikipedia.org/wiki/PHP_(disambiguation) but detect mismatching braces	$external = ''; // Allow links like http://en.wikipedia.org/wiki/PHP_(disambiguation) but detect mismatching braces
while(my_substr($matches[3], -1) == ')')	while(my_substr($matches['link'], -1) == ')')
{	{
if(substr_count($matches[3], ')') > substr_count($matches[3], '(')) { $matches[3] = my_substr($matches[3], 0, -1);	if(substr_count($matches['link'], ')') > substr_count($matches['link'], '(')) { $matches['link'] = my_substr($matches['link'], 0, -1);
$external = ')'.$external; } else { break;	$external = ')'.$external; } else { break;
}	}
// Example: ([...] http://en.wikipedia.org/Example_(disambiguation).)	// Example: ([...] http://en.wikipedia.org/Example_(disambiguation).)
$last_char = my_substr($matches[3], -1);	$last_char = my_substr($matches['link'], -1);
while($last_char == '.' \|\| $last_char == ',' \|\| $last_char == '?' \|\| $last_char == '!') {	while($last_char == '.' \|\| $last_char == ',' \|\| $last_char == '?' \|\| $last_char == '!') {
$matches[3] = my_substr($matches[3], 0, -1);	$matches[4] = my_substr($matches['link'], 0, -1);
$external = $last_char.$external;	$external = $last_char.$external;
$last_char = my_substr($matches[3], -1);	$last_char = my_substr($matches['link'], -1);
} }	} }
if(in_array(strtolower($matches[2]), array('www', 'ftp'))) { return "{$matches[1]}[url]{$matches[2]}.{$matches[3]}[/url]{$external}"; } else { return "{$matches[1]}[url]{$matches[2]}://{$matches[3]}[/url]{$external}"; }	$url = $matches['prefix'].$matches['link']; return $this->mycode_parse_url($url, $url).$external;
} /**	} /**
Zeile 1575	Zeile 1760
$message = "[*]{$message}"; }	$message = "[*]{$message}"; }
$message = preg_replace("#[^\S\n\r]\[\\]\s*#", "</li>\n<li>", $message); $message .= "</li>";	$message = preg_split("#[^\S\n\r]\[\\]\s*#", $message); if(isset($message[0]) && trim($message[0]) == '') { array_shift($message); } $message = '<li>'.implode("</li>\n<li>", $message)."</li>\n";
if($type)	if($type)
{	{
$list = "\n<ol type=\"$type\" class=\"mycode_list\">$message</ol>\n"; } else	$list = "\n<ol type=\"$type\" class=\"mycode_list\">$message</ol>\n"; } else
Zeile 1597	Zeile 1786
* @return string The parsed message. */ function mycode_parse_list_callback($matches)	* @return string The parsed message. */ function mycode_parse_list_callback($matches)
{	{
return $this->mycode_parse_list($matches[3], $matches[2]); }	return $this->mycode_parse_list($matches[3], $matches[2]); }
Zeile 1614	Zeile 1803
{ $count = array_pop($this->list_elements); if($count !== NULL)	{ $count = array_pop($this->list_elements); if($count !== NULL)
{	{
return "[/list&{$count}]"; } else { // No open list tag... return $matches[0];	return "[/list&{$count}]"; } else { // No open list tag... return $matches[0];
} }	} }
else { ++$this->list_count;	else { ++$this->list_count;
Zeile 1647	Zeile 1836
function strip_smilies($message) { if($this->smilies_cache == 0)	function strip_smilies($message) { if($this->smilies_cache == 0)
{	{
$this->cache_smilies(); } if(is_array($this->smilies_cache))	$this->cache_smilies(); } if(is_array($this->smilies_cache))
{	{
$message = str_replace($this->smilies_cache, array_keys($this->smilies_cache), $message); } return $message;	$message = str_replace($this->smilies_cache, array_keys($this->smilies_cache), $message); } return $message;
Zeile 1672	Zeile 1861
} if(is_array($this->highlight_cache) && !empty($this->highlight_cache))	} if(is_array($this->highlight_cache) && !empty($this->highlight_cache))
{	{
$message = preg_replace(array_keys($this->highlight_cache), $this->highlight_cache, $message); }	$message = preg_replace(array_keys($this->highlight_cache), $this->highlight_cache, $message); }
Zeile 1691	Zeile 1880
global $plugins; if(empty($this->options))	global $plugins; if(empty($this->options))
{	{
$this->options = $options;	$this->options = $options;
	} else { foreach($options as $option_name => $option_value) { $this->options[$option_name] = $option_value; }
} // Filter bad words if requested. if(!empty($this->options['filter_badwords']))	} // Filter bad words if requested. if(!empty($this->options['filter_badwords']))
{	{
$message = $this->parse_badwords($message);	$message = $this->parse_badwords($message);
}	}
// Parse quotes first $message = $this->mycode_parse_quotes($message, true);	// Parse quotes first $message = $this->mycode_parse_quotes($message, true);

$message = preg_replace_callback("#\[php\](.?)\[/php\](\r\n?\|\n?)#is", array($this, 'mycode_parse_php_callback'), $message); $message = preg_replace_callback("#\[code\](.?)\[/code\](\r\n?\|\n?)#is", array($this, 'mycode_parse_code_callback'), $message);	$message = preg_replace_callback("#\[php\](.?)\[/php\](\r\n?\|\n?)#is", array($this, 'mycode_parse_php_callback'), $message); $message = preg_replace_callback("#\[code\](.?)\[/code\](\r\n?\|\n?)#is", array($this, 'mycode_parse_code_callback'), $message);

$find = array( "#\[(b\|u\|i\|s\|url\|email\|color\|img)\](.*?)\[/\\1\]#is",	$find = array( "#\[(b\|u\|i\|s\|url\|email\|color\|img)\](.*?)\[/\\1\]#is",
	"#\[(email\|color\|size\|font\|align\|video)=[^]]\](.?)\[/\\1\]#is",
"#\[img=([1-9][0-9])x([1-9][0-9])\](\r\n?\|\n?)(https?://([^<>\"']+?))\[/img\]#is", "#\[url=((?!javascript)[a-z]+?://)([^\r\n\"<]+?)\](.+?)\[/url\]#si", "#\[url=((?!javascript:)[^\r\n\"<&]+?)\](.+?)\[/url\]#si",	"#\[img=([1-9][0-9])x([1-9][0-9])\](\r\n?\|\n?)(https?://([^<>\"']+?))\[/img\]#is", "#\[url=((?!javascript)[a-z]+?://)([^\r\n\"<]+?)\](.+?)\[/url\]#si", "#\[url=((?!javascript:)[^\r\n\"<&]+?)\](.+?)\[/url\]#si",
	"#\[attachment=([0-9]+?)\]#i",
); $replace = array(	); $replace = array(
	"$2",
"$2", "$4", "$3 ($1$2)", "$2 ($1)",	"$2", "$4", "$3 ($1$2)", "$2 ($1)",
	"",
);	);
$message = preg_replace($find, $replace, $message);	$messageBefore = ""; // The counter limit for this "for" loop is for defensive programming purpose only. It protects against infinite repetition. for($cnt = 1; $cnt < 20 && $message != $messageBefore; $cnt++) { $messageBefore = $message; $message = preg_replace($find, $replace, $messageBefore); }
// Replace "me" code and slaps if we have a username if(!empty($this->options['me_username']))	// Replace "me" code and slaps if we have a username if(!empty($this->options['me_username']))
Zeile 1749	Zeile 1956
$message = $plugins->run_hooks("text_parse_message", $message); return $message;	$message = $plugins->run_hooks("text_parse_message", $message); return $message;
	} /** * Replaces certain characters with their entities in a URL. * * @param string $url The URL to be escaped. * @return string The escaped URL. / function encode_url($url) { $entities = array('$' => '%24', '$' => '%24', '^' => '%5E', '`' => '%60', '[' => '%5B', ']' => '%5D', '{' => '%7B', '}' => '%7D', '"' => '%22', '<' => '%3C', '>' => '%3E', ' ' => '%20'); $url = str_replace(array_keys($entities), array_values($entities), $url); return $url; } /* * Determines whether the resulting HTML syntax is acceptable for output, * according to the parser's validation policy and HTML support. * * @param string $source The original MyCode. * @param string $output The output HTML code. * @return bool / function output_allowed($source, $output) { if($this->output_validation_policy === self::VALIDATION_DISABLE \|\| !empty($this->options['allow_html'])) { return true; } else { $output_valid = $this->validate_output($source, $output); if($this->output_validation_policy === self::VALIDATION_REPORT_ONLY) { return true; } else { return $output_valid === true; } } } /* * Validate HTML syntax and pass errors to the error handler. * * @param string $source The original MyCode. * @param string $output The output HTML code. * @return bool / function validate_output($source, $output) { global $error_handler; $ignored_error_codes = array( // entities may be broken through smilie parsing; cache_smilies() method workaround doesn't cover all entities 'XML_ERR_INVALID_DEC_CHARREF' => 7, 'XML_ERR_INVALID_CHAR' => 9, 'XML_ERR_UNDECLARED_ENTITY' => 26, // unrecognized HTML entities 'XML_ERR_ATTRIBUTE_WITHOUT_VALUE' => 41, 'XML_ERR_TAG_NAME_MISMATCH' => 76, // the parser may output tags closed in different levels and siblings ); libxml_use_internal_errors(true); @libxml_disable_entity_loader(true); simplexml_load_string('<root>'.$output.'</root>', 'SimpleXMLElement', 524288 / LIBXML_PARSEHUGE */); $errors = libxml_get_errors(); libxml_use_internal_errors(false); if( $errors && array_diff( array_column($errors, 'code'), $ignored_error_codes ) ) { $data = array( 'sourceHtmlEntities' => htmlspecialchars_uni($source), 'outputHtmlEntities' => htmlspecialchars_uni($output), 'errors' => $errors, ); $error_message = "Parser output validation failed.\n"; $error_message .= var_export($data, true); $error_handler->error(E_USER_WARNING, $error_message, __FILE__, __LINE__, false); return false; } else { return true; }
} }	} }