's? (on)
var $htmlitems; // Convert special chars to HTML entities? (off)
var $htmlscrub; // Scrub "bad" HTML tags? (off)
var $stripslashes; // Strip slashes (depends)
function output_options() {
// Set defaults - should we DEFINE these somewhere else?
$this->bb2html = 1;
$this->images_as_links = 0;
$this->link_popup = 0;
$this->closeTags = 1;
$this->nl2br = 1;
$this->htmlitems = 0;
$this->htmlscrub = 0;
if (get_magic_quotes_gpc()) {
$this->stripslashes = 1;
}
return true;
}
}
function output_transform($text, $options = NULL) {
// Options is a output_options object, defined above
if (!$options) {
$options = new output_options; // Defaults in the class definition
}
if ($options->stripslashes) {
$text = stripslashes($text);
}
if ($options->htmlitems) {
$text = htmlentities($text);
}
if ($options->htmlscrub) {
$text = sanitize_html($text);
}
if ($options->nl2br) {
$text = nl2br($text);
}
if ($options->bb2html) {
$text = bb2html($text);
}
if ($options->images_as_links) {
$text = image_as_link($text);
}
if ($options->link_popup) {
$text = externalize_links($text);
}
return $text;
}
function get_transform_settings_from_user($user, $options = '') {
// $user - a user object
// $options - a output_options object (optional)
if (!$options) {
$options = new output_options; // Give defaults
}
if ($user->images_as_links==1){
$options->images_as_links = 1;
}
if ($user->link_popup==1){
$options->link_popup = 1;
}
return $options;
}
function bb2html($text) {
// Function converts bbcode to HTML
$urlregex = "(?:\"?)(?:(http\:\/\/)?)([^\[\"<\ ]+)(?:\"?)";
// List of allowable tags
$bbtags = array (
"@\[b\](.*?)\[/b\]@is",
"@\[i\](.*?)\[/i\]@is",
"@\[u\](.*?)\[/u\]@is",
"@\[link=$urlregex\](.*?)\[/link\]@i",
"@\[link\]$urlregex\[/link\]@i",
"@\[url=$urlregex\](.*?)\[/url\]@i",
"@\[url\]$urlregex\[/url\]@i",
"@\[quote=(.*?)\](.*?)\[/quote\]@is",
"@\[quote\](.*?)\[/quote\]@is",
"@\[font=(.*?)\](.*?)\[/font\]@is",
"@\[list\](.*?)\[/list\]@is",
"@\[list=1\](.*?)\[/list\]@is",
"@\[pre\](.*?)\[/pre\]@is",
"@\[img\]$urlregex\[/img\]@is",
"@\[color=(?:\"?)(.{3,8})(?:\"?)\](.*?)\[/color\]@is",
"@((?:|
|))@is",
"@\[size=([1-9]|[0-2][0-9])\](.*?)\[/size\]@is",
"@\[code\](.*?)\[/code\]@is",
"@\[mailto\](.*?)\[/mailto\]@is",
"@\[email\](.*?)\[/email\]@is"
//Note: The above list array member ensures we're within a list
// when doing list item transformations.
//TODO: Make sure we're not between two lists
);
// What the above tags are turned in to
$htmltags = array (
"\\1",
"\\1",
"\\1",
"\\3",
"http://\\2",
"\\3",
"http://\\2",
"\\2
",
"\\1
",
"\\2",
"",
"\\1
",
"\\1
",
"![](\"http://\\2\")
",
"\\2",
"\\1\\2\n\\3",
"\\2",
"\\1
",
"\\1",
"\\1"
);
// Do the actual replacing - iterations for nested items
$lasttext = "";
$i = 0;
// $i<10 to prevent DoS
while ($text != $lasttext && $i<10) {
$lasttext = $text;
$text = preg_replace($bbtags,$htmltags,$text);
$i = $i + 1;
}
return $text;
}
function externalize_links($text){
// TODO: Convert this to PCRE
$i=0;$linkpos=true;
while (true){ //Find a link
$linkpos=strpos($text,"]?', 'strong', 'ul', 'li', 'pre', 'blockquote', 'u');
// Note on $tags - no br or img, as they have no closing tags - can we define this above?
// Maybe define two arrays, those with closing tags and those without, and combine the
// two of them for the standard HTML sanitizing function?
// Don't do anything if the string is too short
if (strlen($str) < 3) {
return $str;
} else {
// Loop over $str and count the opening and closing for each tag in $tags
foreach ($tags as $tag) {
$m = array();
$o = preg_match_all("/<(".$tag.")>/", $str, $m);
$c = substr_count($str, "");
$open[$tag] = ($o < $c) ? $c - $o : 0;
$close[$tag] = ($c < $o) ? $o - $c : 0;
// Debuggin'
//echo "Tag: {$tag}\nOpen: {$o}\nClose: {$c}\nOT: {$open[$tag]}\nCT: {$close[$tag]}
";
}
// Prepend the return string with an opening tag as needed
/* $pre = ''; ...uhh... doesn't work right
foreach ($open as $tag => $cnt) {
$pre .= ($cnt > 0) ? "<{$tag}>" : '';
} */
// Append the return string with a closing tag as needed
$post = '';
foreach ($close as $tag => $cnt) {
$post .= ($cnt > 0) ? "" : '';
}
return /*$pre.*/$str.$post;
}
}
function cleanTextBox($content) {
/* Cleans current text boxes for display. Will be replaced with just an
* htmlentities() call after we stop allowing HTML posting.
*/
$answer = preg_replace('/</','<',preg_replace('/>/','>',$content));
return $answer;
}