.
// Functions that process user-supplied text (e.g. messages)
// prior to displaying it to users.
// Goals:
// - Security (don't send evil javascript)
// - obey user preferences
// - improve formatting (e.g., convert newlines to
tags)
require_once('../inc/sanitize_html.inc');
class output_options {
var $bb2html; // BBCode as HTML? (on)
var $images_as_links; // Images as hyperlinks? (off)
var $link_popup; // Links in new windows? (off)
var $nl2br; // Convert newlines to
's? (on)
var $htmlitems; // Convert special chars to HTML entities? (on)
var $htmlscrub; // Scrub "bad" HTML tags? (off)
var $highlight_terms;// Array of terms to be highlighted (off)
// Constructor - set the defaults.
function __construct() {
$this->bb2html = 1;
$this->images_as_links = 0;
$this->link_popup = 0;
$this->nl2br = 1;
$this->htmlitems = 1;
$this->htmlscrub = 0;
$this->highlight_terms = 0;
return true;
}
// Define the terms to be highlighted (for use with searches and such)
function setHighlightTerms($terms) {
if (is_array($terms)) {
$this->highlight_terms = $terms;
} else {
return false;
}
return true;
}
}
// Do the actual transformation of the text.
// TODO: Make this part of the above class.
function output_transform($text, $options = NULL) {
// Options is a output_options object, defined above
if (!$options) {
$options = new output_options; // Defaults in the class definition
}
if ($options->htmlitems) {
$text = htmlspecialchars($text, ENT_COMPAT | ENT_HTML401 | ENT_SUBSTITUTE);
}
if (is_array($options->highlight_terms)) {
$text = highlight_terms($text, $options->highlight_terms);
}
// if ($options->htmlscrub) {
// $text = sanitize_html($text);
// }
if ($options->nl2br) {
$text = nl2br($text);
}
if ($options->bb2html) {
$text = bb2html($text);
}
if ($options->images_as_links) {
$text = image_as_link($text);
}
if ($options->link_popup) {
$text = externalize_links($text);
}
return $text;
}
function get_output_options($user) {
$options = new output_options();
if ($user) {
if ($user->prefs->images_as_links) $options->images_as_links = 1;
if ($user->prefs->link_popup) $options->link_popup = 1;
}
return $options;
}
// Converts bbcode to HTML
// If $export is true, don't use BOINC CSS
// handle [pre] and [code] separately because we need to remove
s
//
function replace_pre_code($text, $export) {
if ($export) {
$text = preg_replace_callback(
"@\[pre\](.*?)\[/pre\]@is",
function ($matches) {
$x = remove_br(substr($matches[0], 5, -6));
$x = htmlspecialchars($x, ENT_COMPAT, "UTF-8", false);
$x = str_replace("[", "[", $x);
return "
$x"; }, $text ); return preg_replace_callback( "@\[code\](.*?)\[/code\]@is", function ($matches) { $x = remove_br(substr($matches[0], 6, -7)); $x = htmlspecialchars($x, ENT_COMPAT, "UTF-8", false); $x = str_replace("[", "[", $x); return "
$x
";
},
$text
);
} else {
$text = preg_replace_callback(
"@\[pre\](.*?)\[/pre\]@is",
function ($matches) {
$x = remove_br(substr($matches[0], 5, -6));
$x = htmlspecialchars($x, ENT_COMPAT, "UTF-8", false);
$x = str_replace("[", "[", $x);
return "$x"; }, $text ); return preg_replace_callback( "@\[code\](.*?)\[/code\]@is", function ($matches) { $x = remove_br(substr($matches[0], 6, -7)); $x = htmlspecialchars($x, ENT_COMPAT, "UTF-8", false); $x = str_replace("[", "[", $x); return "
$x"; }, $text ); } } function bb2html($text, $export=false) { $urlregex = "(?:\"?)(?:(http\:\/\/)?)([^\[\"<\ ]+)(?:\"?)"; // NOTE: // This matches https:// too; I don't understand why. // sample results: // Array // ( // [0] => [img]https://a.b.c[/img] // [1] => // [2] => https://a.b.c // ) // Array // ( // [0] => [img]http://a.b.c[/img] // [1] => http:// // [2] => a.b.c // ) $httpsregex = "(?:\"?)https\:\/\/([^\[\"<\ ]+)(?:\"?)"; // List of allowable tags $bbtags = array ( "@\[b\](.*?)\[/b\]@is", "@\[i\](.*?)\[/i\]@is", "@\[u\](.*?)\[/u\]@is", "@\[s\](.*?)\[/s\]@is", "@\[sup\](.*?)\[/sup\]@is", "@\[url=$httpsregex\](.*?)\[/url\]@is", "@\[url\]$httpsregex\[/url\]@is", "@\[link=$urlregex\](.*?)\[/link\]@is", "@\[link\]$urlregex\[/link\]@is", "@\[url=$urlregex\](.*?)\[/url\]@is", "@\[url\]$urlregex\[/url\]@is", "@\[quote=(.*?)\](.*?)\[/quote\]@is", "@\[quote\](.*?)\[/quote\]@is", "@\[list\](.*?)\[/list\]@is", "@\[list=1\](.*?)\[/list\]@is", "@\[img\]$urlregex\[/img\]@is", "@\[sm_img\]$urlregex\[/sm_img\]@is", "@\[color=(?:\"?)(.{3,8})(?:\"?)\](.*?)\[/color\]@is", "@((?:
\\2", "
\\1", "
", "
", " ", " ", "\\2", "\\1
\\2", "
\\1", "
", "
", " ", " ", "\\2", "\\1
containers // The original \n was retained after the br when it was added // function remove_br($text){ return str_replace("
", "", $text); } // Make links open in new windows. // function externalize_links($text) { // TODO: Convert this to PCRE $i=0; $linkpos=true; $out = ""; while (true){ //Find a link // $linkpos=strpos($text, "]+?)>@si'; $replacement = '[Image link]'; // Turns that URL into a hyperlink $text = preg_replace($pattern, $replacement, $text); return $text; } // Highlight terms in text (most likely used with searches) function highlight_terms($text, $terms) { $search = $terms; $replace = array(); foreach ($search as $key => $value) { $replace[$key] = "".$value.""; } if (substr(phpversion(), 0, 1) > 4) { // PHP 4.x doesn't support str_ireplace return str_ireplace($search, $replace, $text); } else { return str_replace($search, $replace, $text); } } $cvs_version_tracker[]="\$Id$"; //Generated automatically - do not edit ?>