# ATTENTION ATTENTION ATTENTION
# if you access to admin control panel with the URL like this:
# http://mysite.com/mybb/xxx_admin_xxx/index.php
# then you should change this code
#
# if(strpos($_SERVER['PHP_SELF'],"/admin")===false)
#
# to
#
# if(strpos($_SERVER['PHP_SELF'],"/xxx_admin_xxx")===false)
#
# LOOK BELOW
function htmlspecialchars_uni($message)
{
//EDITOR
global $_SERVER;
$message = preg_replace("#&(?!\#[0-9]+;)#si", "&", $message); // Fix & but allow unicode
$message = str_replace("<","<",$message);
$message = str_replace(">",">",$message);
$message = str_replace("\"",""",$message);
$message = str_replace(" ", " ", $message);
//EDITOR - PAY ATTENTION HERE
if(strpos($_SERVER['PHP_SELF'],"/admin")===false)
$message=get_hoteditor($message,0);
return $message;
}
//---------------------------------------------------------------------------------------------------------
//EDITOR - Replace text inside [EDITOR= .... EDITOR] to HTML code
function get_hoteditor($res="",$replace_quote=""){
global $_COOKIE;
preg_match_all("/\{EDITOR=(.*?)EDITOR\}/si",$res,$matches);
$get_code = $matches[1][0];
if($get_code !=""){
$res=str_replace("$get_code","{HOTEDITOR_TMP}",$res);
$get_code=str_replace("&","&",$get_code);
$get_code=str_replace("<","<",$get_code);
$get_code=str_replace(">",">",$get_code);
$get_code=str_replace("[<]","<",$get_code);
$get_code=str_replace("[>]",">",$get_code);
$get_code=str_replace("[<]","<",$get_code);
$get_code=str_replace("[>]",">",$get_code);
$get_code=str_replace("<br />","",$get_code);
if($replace_quote=="1") {
$get_code=str_replace(""","\"",$get_code);
}
$get_code=str_replace(" "," ",$get_code);
//Strip All Unwanted HTML Tags (incase user copy (Ctrl-C) and paste (Ctrl-V) stuff to HotEditor
$get_code=strip_tags($get_code,"<p><a><span><div><font><b><i><u><strong><em><ul><ol><li><blockquote><img><strike><sub><sup><hr><pre><tt><br>");
// Clear all onClick onMouseOver onMouseOut onMouseDown onMouseUp onMouseMove onBlur cursor
// position absolute visibility visible z-index
// Example <span onClick=alert('BOOOO')>Click here</span>
// will be replaced to <span =alert('BOOOO')>Click here</span>
// in this way your board won't mess up. Hope this will help.
$match_count = preg_match_all("/<(.*?)>/si", $get_code, $matches_code);
for ($i = 0; $i < $match_count; $i++){
$get_code1 = $matches_code[1][$i];
$get_code2 = $matches_code[1][$i];
$get_code2 = preg_replace("/id=/si", "", $get_code2);
$get_code2 = preg_replace("/name=/si", "", $get_code2);
$get_code2 = preg_replace("/onclick=/si", "", $get_code2);
$get_code2 = preg_replace("/onmouseover=/si", "", $get_code2);
$get_code2 = preg_replace("/onmouseout=/si", "", $get_code2);
$get_code2 = preg_replace("/onmousedown=/si", "", $get_code2);
$get_code2 = preg_replace("/onmouseup=/si", "", $get_code2);
$get_code2 = preg_replace("/onmousemove=/si", "", $get_code2);
$get_code2 = preg_replace("/onblur=/si", "", $get_code2);
$get_code2 = preg_replace("/ondblclick=/si", "", $get_code2);
$get_code2 = preg_replace("/onload=/si", "", $get_code2);
$get_code2 = preg_replace("/onsubmit=/si", "", $get_code2);
$get_code2 = preg_replace("/onchange=/si", "", $get_code2);
$get_code2 = preg_replace("/onfocus=/si", "", $get_code2);
$get_code2 = preg_replace("/onselect=/si", "", $get_code2);
$get_code2 = preg_replace("/onunload=/si", "", $get_code2);
$get_code2 = preg_replace("/onkeypress=/si", "", $get_code2);
$get_code2 = preg_replace("/position:/si", "", $get_code2);
$get_code =str_replace($get_code1,$get_code2,$get_code);
}
$get_code=str_replace("\r\n",' ',$get_code);
$get_code=str_replace("\n",' ',$get_code);
$res=str_replace("{HOTEDITOR_TMP}","$get_code",$res);
$res=str_replace("{EDITOR=","",$res);
$res=str_replace("EDITOR}","",$res);
}
else{
$res=str_replace("\r\n",'<br>',$res);
$res=str_replace("\n",'',$res);
$res=str_replace("{EDITOR= EDITOR}","",$res);
}
return $res ;
}