From 6bbe407e18681f2812db4345036bb5ae639f5973 Mon Sep 17 00:00:00 2001 From: Michael Foster Date: Wed, 31 Jul 2013 19:18:55 -0400 Subject: [PATCH] Markup modifiers: raw HTML --- inc/functions.php | 65 +++++++++++++++++++++++++---------------------- post.php | 7 +++-- 2 files changed, 39 insertions(+), 33 deletions(-) diff --git a/inc/functions.php b/inc/functions.php index e638f016..7cde156b 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -1421,6 +1421,39 @@ function markup(&$body, $track_cites = false) { $body = str_replace("\r", '', $body); $body = utf8tohtml($body); + if (preg_match_all('@<tinyboard ([\w\s]+)>(.+)</tinyboard>@um', $body, $modifiers, PREG_SET_ORDER | PREG_OFFSET_CAPTURE)) { + $skip_chars = 0; + $body_tmp = $body; + + foreach ($modifiers as $modifier) { + // preg_match_all is not multibyte-safe + foreach ($modifier as &$match) { + $match[1] = mb_strlen(substr($body_tmp, 0, $match[1])); + } + + $modifier['type'] = $modifier[1][0]; + $modifier['content'] = $modifier[2][0]; + + if ($modifier['type'] == 'ban message') { + // Public ban message + $replacement = sprintf($config['mod']['ban_message'], $modifier['content']); + } elseif ($modifier['type'] == 'raw html') { + $body = html_entity_decode($modifier['content']); + return array(); + } elseif (preg_match('/^escape /', $modifier['type'])) { + // Escaped (not a real modifier) + $replacement = '<tinyboard ' . substr($modifier['type'], strlen('escape ')) . '>' . $modifier['content'] . '</tinyboard>'; + } else { + // Unknown + $replacement = ''; + } + + $body = mb_substr_replace($body, $replacement, $modifier[0][1] + $skip_chars, mb_strlen($modifier[0][0])); + $skip_chars += mb_strlen($replacement) - mb_strlen($modifier[0][0]); + + } + } + if (mysql_version() < 50503) $body = mb_encode_numericentity($body, array(0x010000, 0xffffff, 0, 0xffffff), 'UTF-8'); @@ -1456,36 +1489,6 @@ function markup(&$body, $track_cites = false) { } } - if (preg_match_all('@<tinyboard ([\w\s]+)>(.+)</tinyboard>@', $body, $modifiers, PREG_SET_ORDER | PREG_OFFSET_CAPTURE)) { - $skip_chars = 0; - $body_tmp = $body; - - foreach ($modifiers as $modifier) { - // preg_match_all is not multibyte-safe - foreach ($modifier as &$match) { - $match[1] = mb_strlen(substr($body_tmp, 0, $match[1])); - } - - $modifier['type'] = $modifier[1][0]; - $modifier['content'] = $modifier[2][0]; - - if ($modifier['type'] == 'ban message') { - // Public ban message - $replacement = sprintf($config['mod']['ban_message'], $modifier['content']); - } elseif (preg_match('/^escape /', $modifier['type'])) { - // Escaped (not a real modifier) - $replacement = '<tinyboard ' . substr($modifier['type'], strlen('escape ')) . '>' . $modifier['content'] . '</tinyboard>'; - } else { - // Unknown - $replacement = ''; - } - - $body = mb_substr_replace($body, $replacement, $modifier[0][1] + $skip_chars, mb_strlen($modifier[0][0])); - $skip_chars += mb_strlen($replacement) - mb_strlen($modifier[0][0]); - - } - } - // replace tabs with 8 spaces $body = str_replace("\t", ' ', $body); @@ -1592,7 +1595,7 @@ function markup(&$body, $track_cites = false) { } function escape_markup_modifiers($string) { - return preg_replace('@(.+)@', '$2', $string); + return preg_replace('@(.+)@m', '$2', $string); } function utf8tohtml($utf8) { diff --git a/post.php b/post.php index adb44b58..db077866 100644 --- a/post.php +++ b/post.php @@ -379,6 +379,10 @@ if (isset($_POST['delete'])) { wordfilters($post['body']); $post['body'] = escape_markup_modifiers($post['body']); + if ($mod && isset($post['raw']) && $post['raw']) { + $post['body'] = '' . $post['body'] . ''; + } + if (mysql_version() >= 50503) { $post['body_nomarkup'] = $post['body']; // Assume we're using the utf8mb4 charset } else { @@ -396,8 +400,7 @@ if (isset($_POST['delete'])) { } } - if (!($mod && isset($post['raw']) && $post['raw'])) - $post['tracked_cites'] = markup($post['body'], true); + $post['tracked_cites'] = markup($post['body'], true); // Check for a flood if (!hasPermission($config['mod']['flood'], $board['uri']) && checkFlood($post)) {