. // Functions that process user-supplied text (e.g. messages) // prior to displaying it to users. // Goals: // - Security (don't send evil javascript) // - obey user preferences // - improve formatting (e.g., convert newlines to
tags) require_once('../inc/sanitize_html.inc'); class output_options { var $bb2html; // BBCode as HTML? (on) var $images_as_links; // Images as hyperlinks? (off) var $link_popup; // Links in new windows? (off) var $nl2br; // Convert newlines to
's? (on) var $htmlitems; // Convert special chars to HTML entities? (on) var $htmlscrub; // Scrub "bad" HTML tags? (off) var $highlight_terms;// Array of terms to be highlighted (off) // Constructor - set the defaults. function __construct() { $this->bb2html = 1; $this->images_as_links = 0; $this->link_popup = 0; $this->nl2br = 1; $this->htmlitems = 1; $this->htmlscrub = 0; $this->highlight_terms = 0; return true; } // Define the terms to be highlighted (for use with searches and such) function setHighlightTerms($terms) { if (is_array($terms)) { $this->highlight_terms = $terms; } else { return false; } return true; } } // Do the actual transformation of the text. // TODO: Make this part of the above class. function output_transform($text, $options = NULL) { // Options is a output_options object, defined above if (!$options) { $options = new output_options; // Defaults in the class definition } if ($options->htmlitems) { $text = htmlspecialchars($text, ENT_COMPAT | ENT_HTML401 | ENT_SUBSTITUTE); } if (is_array($options->highlight_terms)) { $text = highlight_terms($text, $options->highlight_terms); } // if ($options->htmlscrub) { // $text = sanitize_html($text); // } if ($options->nl2br) { $text = nl2br($text); } if ($options->bb2html) { $text = bb2html($text); } if ($options->images_as_links) { $text = image_as_link($text); } if ($options->link_popup) { $text = externalize_links($text); } return $text; } function get_output_options($user) { $options = new output_options(); if ($user) { if ($user->prefs->images_as_links) $options->images_as_links = 1; if ($user->prefs->link_popup) $options->link_popup = 1; } return $options; } // Converts bbcode to HTML // If $export is true, don't use BOINC CSS // handle [pre] and [code] separately because we need to remove
s // function replace_pre_code($text, $export) { if ($export) { $text = preg_replace_callback( "@\[pre\](.*?)\[/pre\]@is", function ($matches) { $x = remove_br(substr($matches[0], 5, -6)); $x = htmlspecialchars($x, ENT_COMPAT, "UTF-8", false); $x = str_replace("[", "[", $x); return "
$x
"; }, $text ); return preg_replace_callback( "@\[code\](.*?)\[/code\]@is", function ($matches) { $x = remove_br(substr($matches[0], 6, -7)); $x = htmlspecialchars($x, ENT_COMPAT, "UTF-8", false); $x = str_replace("[", "[", $x); return "$x"; }, $text ); } else { $text = preg_replace_callback( "@\[pre\](.*?)\[/pre\]@is", function ($matches) { $x = remove_br(substr($matches[0], 5, -6)); $x = htmlspecialchars($x, ENT_COMPAT, "UTF-8", false); $x = str_replace("[", "[", $x); return "
$x
"; }, $text ); return preg_replace_callback( "@\[code\](.*?)\[/code\]@is", function ($matches) { $x = remove_br(substr($matches[0], 6, -7)); $x = htmlspecialchars($x, ENT_COMPAT, "UTF-8", false); $x = str_replace("[", "[", $x); return "
$x
"; }, $text ); } } function bb2html($text, $export=false) { $urlregex = "(?:\"?)(?:(http\:\/\/)?)([^\[\"<\ ]+)(?:\"?)"; // NOTE: // This matches https:// too; I don't understand why. // sample results: // Array // ( // [0] => [img]https://a.b.c[/img] // [1] => // [2] => https://a.b.c // ) // Array // ( // [0] => [img]http://a.b.c[/img] // [1] => http:// // [2] => a.b.c // ) $httpsregex = "(?:\"?)https\:\/\/([^\[\"<\ ]+)(?:\"?)"; // List of allowable tags $bbtags = array ( "@\[b\](.*?)\[/b\]@is", "@\[i\](.*?)\[/i\]@is", "@\[u\](.*?)\[/u\]@is", "@\[s\](.*?)\[/s\]@is", "@\[sup\](.*?)\[/sup\]@is", "@\[url=$httpsregex\](.*?)\[/url\]@is", "@\[url\]$httpsregex\[/url\]@is", "@\[link=$urlregex\](.*?)\[/link\]@is", "@\[link\]$urlregex\[/link\]@is", "@\[url=$urlregex\](.*?)\[/url\]@is", "@\[url\]$urlregex\[/url\]@is", "@\[quote=(.*?)\](.*?)\[/quote\]@is", "@\[quote\](.*?)\[/quote\]@is", "@\[list\](.*?)\[/list\]@is", "@\[list=1\](.*?)\[/list\]@is", "@\[img\]$urlregex\[/img\]@is", "@\[sm_img\]$urlregex\[/sm_img\]@is", "@\[color=(?:\"?)(.{3,8})(?:\"?)\](.*?)\[/color\]@is", "@((?:
    |
|))@is", "@\[size=([1-9]|[0-2][0-9])\](.*?)\[/size\]@is", "@\[mailto\](.*?)\[/mailto\]@is", "@\[email\](.*?)\[/email\]@is", "@\[github\](?:\#|ticket:)(\d+)\[/github\]@is", "@\[github\]wiki:(.*?)\[/github\]@is", ); // What the above tags are turned in to if ($export) { $htmltags = array ( "\\1", "\\1", "\\1", "\\1", "\\1", "\\2", "https://\\1", "\\3", "http://\\2", "\\3", "http://\\2", "\\1 wrote:
\\2
", "
\\1
", "

", "

    \\1

", " ", " ", "\\2", "\\1

  • \\2\n\\3", "\\2", "\\1", "\\1", "#\\1", "\\1", ); } else { $htmltags = array ( "\\1", "\\1", "\\1", "\\1", "\\1", "\\2", "https://\\1", "\\3", "http://\\2", "\\3", "http://\\2", "\\1 wrote:
    \\2
    ", "
    \\1
    ", "

    ", "

      \\1

    ", " ", " ", "\\2", "\\1

  • \\2\n\\3", "\\2", "\\1", "\\1", "#\\1", "\\1", ); } // Do the actual replacing - iterations for nested items $lasttext = ""; $i = 0; // $i<1000 to prevent DoS while ($text != $lasttext && $i<1000) { $lasttext = $text; $text = replace_pre_code($text, $export); $text = preg_replace($bbtags, $htmltags, $text); $i = $i + 1; } $text = str_replace("