. require_once('../inc/sanitize_html.inc'); // Functions that process user-supplied text (e.g. messages) // prior to displaying it to users. // Goals: // - Security (don't send evil javascript) // - obey user preferences // - improve formatting (e.g., convert newlines to
tags) class output_options { var $bb2html; // BBCode as HTML? (on) var $images_as_links; // Images as hyperlinks? (off) var $link_popup; // Links in new windows? (off) var $closeTags; // Close extra HTML tags? (on) var $nl2br; // Convert newlines to
's? (on) var $htmlitems; // Convert special chars to HTML entities? (on) var $htmlscrub; // Scrub "bad" HTML tags? (off) var $highlight_terms;// Array of terms to be highlighted (off) // Constructor - set the defaults. function output_options() { $this->bb2html = 1; $this->images_as_links = 0; $this->link_popup = 0; $this->closeTags = 1; $this->nl2br = 1; $this->htmlitems = 1; $this->htmlscrub = 0; $this->highlight_terms = 0; return true; } // Define the terms to be highlighted (for use with searches and such) function setHighlightTerms($terms) { if (is_array($terms)) { $this->highlight_terms = $terms; } else { return false; } return true; } } // Do the actual transformation of the text. // TODO: Make this part of the above class. function output_transform($text, $options = NULL) { // Options is a output_options object, defined above if (!$options) { $options = new output_options; // Defaults in the class definition } if ($options->htmlitems) { //$text = htmlentities($text); $text = htmlspecialchars($text); } // if ($options->htmlscrub) { // $text = sanitize_html($text); // } if ($options->nl2br) { $text = nl2br($text); } if ($options->bb2html) { $text = bb2html($text); } if ($options->images_as_links) { $text = image_as_link($text); } if ($options->link_popup) { $text = externalize_links($text); } if (is_array($options->highlight_terms)) { $text = highlight_terms($text, $options->highlight_terms); } return $text; } function get_output_options($user) { $options = new output_options(); if ($user) { if ($user->prefs->images_as_links) $options->images_as_links = 1; if ($user->prefs->link_popup) $options->link_popup = 1; } return $options; } // Converts bbcode to proper HTML function bb2html($text) { $urlregex = "(?:\"?)(?:(http\:\/\/)?)([^\[\"<\ ]+)(?:\"?)"; $httpsregex = "(?:\"?)https\:\/\/([^\[\"<\ ]+)(?:\"?)"; // List of allowable tags $bbtags = array ( "@\[b\](.*?)\[/b\]@is", "@\[i\](.*?)\[/i\]@is", "@\[u\](.*?)\[/u\]@is", "@\[url=$httpsregex\](.*?)\[/url\]@i", "@\[url\]$httpsregex\[/url\]@i", "@\[link=$urlregex\](.*?)\[/link\]@i", "@\[link\]$urlregex\[/link\]@i", "@\[url=$urlregex\](.*?)\[/url\]@i", "@\[url\]$urlregex\[/url\]@i", "@\[quote=(.*?)\](.*?)\[/quote\]@is", "@\[quote\](.*?)\[/quote\]@is", "@\[list\](.*?)\[/list\]@is", "@\[list=1\](.*?)\[/list\]@is", "@\[pre\](.*?)\[/pre\]@is", "@\[img\]$urlregex\[/img\]@is", "@\[color=(?:\"?)(.{3,8})(?:\"?)\](.*?)\[/color\]@is", "@((?:
    |
|))@is", "@\[size=([1-9]|[0-2][0-9])\](.*?)\[/size\]@is", "@\[code\](.*?)\[/code\]@is", "@\[mailto\](.*?)\[/mailto\]@is", "@\[email\](.*?)\[/email\]@is", "@\[trac\](?:\#|ticket:)(\d+)\[/trac\]@is", "@\[trac\]wiki:(.*?)\[/trac\]@is", "@\[trac\]changeset:(\d+)\[/trac\]@is" //Note: The above list array member ensures we're within a list //when doing list item transformations. //TODO: Make sure we're not between two lists ); // What the above tags are turned in to $htmltags = array ( "\\1", "\\1", "\\1", "\\2", "https://\\1", "\\3", "http://\\2", "\\3", "http://\\2", "
\\1 wrote:
\\2
", "
\\1
", "

", "

    \\1

", "

\\1
", "", "\\2", "\\1
  • \\2
  • \n\\3", "\\2", "
    \\1
    ", "\\1", "\\1", "#\\1", "\\1", "[\\1]" ); // Do the actual replacing - iterations for nested items $lasttext = ""; $i = 0; // $i<20 to prevent DoS while ($text != $lasttext && $i<20) { $lasttext = $text; $text = preg_replace($bbtags,$htmltags,$text); $i = $i + 1; } return $text; } // Make links open in new windows. function externalize_links($text) { // TODO: Convert this to PCRE $i=0;$linkpos=true; while (true){ //Find a link $linkpos=strpos($text,"]?', 'strong', 'ul', 'li', 'pre', 'blockquote', 'u'); // Note on $tags - no br or img, as they have no closing tags - can we define this above? // Maybe define two arrays, those with closing tags and those without, and combine the // two of them for the standard HTML sanitizing function? // Don't do anything if the string is too short if (strlen($str) < 3) { return $str; } else { // Loop over $str and count the opening and closing for each tag in $tags foreach ($tags as $tag) { $m = array(); $o = preg_match_all("/<(".$tag.")>/", $str, $m); $c = substr_count($str, ""); $open[$tag] = ($o < $c) ? $c - $o : 0; $close[$tag] = ($c < $o) ? $o - $c : 0; // Debuggin' //echo "
    Tag: {$tag}\nOpen: {$o}\nClose: {$c}\nOT: {$open[$tag]}\nCT: {$close[$tag]}

    "; } // Prepend the return string with an opening tag as needed /* $pre = ''; ...uhh... doesn't work right foreach ($open as $tag => $cnt) { $pre .= ($cnt > 0) ? "<{$tag}>" : ''; } */ // Append the return string with a closing tag as needed $post = ''; foreach ($close as $tag => $cnt) { $post .= ($cnt > 0) ? "" : ''; } return /*$pre.*/$str.$post; } } // Highlight terms in text (most likely used with searches) function highlight_terms($text, $terms) { $search = $terms; $replace = array(); foreach ($search as $key => $value) { $replace[$key] = "".$value.""; } if (substr(phpversion(), 0, 1) > 4) { // PHP 4.x doesn't support str_ireplace return str_ireplace($search, $replace, $text); } else { return str_replace($search, $replace, $text); } } $cvs_version_tracker[]="\$Id$"; //Generated automatically - do not edit ?>