. require_once('../inc/sanitize_html.inc'); // Functions that process user-supplied text (e.g. messages) // prior to displaying it to users. // Goals: // - Security (don't send evil javascript) // - obey user preferences // - improve formatting (e.g., convert newlines to
tags) class output_options { var $bb2html; // BBCode as HTML? (on) var $images_as_links; // Images as hyperlinks? (off) var $link_popup; // Links in new windows? (off) var $nl2br; // Convert newlines to
's? (on) var $htmlitems; // Convert special chars to HTML entities? (on) var $htmlscrub; // Scrub "bad" HTML tags? (off) var $highlight_terms;// Array of terms to be highlighted (off) // Constructor - set the defaults. function output_options() { $this->bb2html = 1; $this->images_as_links = 0; $this->link_popup = 0; $this->nl2br = 1; $this->htmlitems = 1; $this->htmlscrub = 0; $this->highlight_terms = 0; return true; } // Define the terms to be highlighted (for use with searches and such) function setHighlightTerms($terms) { if (is_array($terms)) { $this->highlight_terms = $terms; } else { return false; } return true; } } // Do the actual transformation of the text. // TODO: Make this part of the above class. function output_transform($text, $options = NULL) { // Options is a output_options object, defined above if (!$options) { $options = new output_options; // Defaults in the class definition } if ($options->htmlitems) { //$text = htmlentities($text); $text = htmlspecialchars($text); } if (is_array($options->highlight_terms)) { $text = highlight_terms($text, $options->highlight_terms); } // if ($options->htmlscrub) { // $text = sanitize_html($text); // } if ($options->nl2br) { $text = nl2br($text); } if ($options->bb2html) { $text = bb2html($text); } if ($options->images_as_links) { $text = image_as_link($text); } if ($options->link_popup) { $text = externalize_links($text); } return $text; } function get_output_options($user) { $options = new output_options(); if ($user) { if ($user->prefs->images_as_links) $options->images_as_links = 1; if ($user->prefs->link_popup) $options->link_popup = 1; } return $options; } // Converts bbcode to proper HTML function bb2html($text) { $urlregex = "(?:\"?)(?:(http\:\/\/)?)([^\[\"<\ ]+)(?:\"?)"; $httpsregex = "(?:\"?)https\:\/\/([^\[\"<\ ]+)(?:\"?)"; // List of allowable tags $bbtags = array ( "@\[code\](.*?)\[/code\]@eis", "@\[b\](.*?)\[/b\]@is", "@\[i\](.*?)\[/i\]@is", "@\[u\](.*?)\[/u\]@is", "@\[url=$httpsregex\](.*?)\[/url\]@i", "@\[url\]$httpsregex\[/url\]@i", "@\[link=$urlregex\](.*?)\[/link\]@i", "@\[link\]$urlregex\[/link\]@i", "@\[url=$urlregex\](.*?)\[/url\]@i", "@\[url\]$urlregex\[/url\]@i", "@\[quote=(.*?)\](.*?)\[/quote\]@is", "@\[quote\](.*?)\[/quote\]@is", "@\[list\](.*?)\[/list\]@is", "@\[list=1\](.*?)\[/list\]@is", "@\[pre\](.*?)\[/pre\]@is", "@\[img\]$urlregex\[/img\]@is", "@\[color=(?:\"?)(.{3,8})(?:\"?)\](.*?)\[/color\]@is", "@((?:
    |
|))@is", "@\[size=([1-9]|[0-2][0-9])\](.*?)\[/size\]@is", "@\[mailto\](.*?)\[/mailto\]@is", "@\[email\](.*?)\[/email\]@is", "@\[trac\](?:\#|ticket:)(\d+)\[/trac\]@is", "@\[trac\]wiki:(.*?)\[/trac\]@is", "@\[trac\]changeset:(\d+)\[/trac\]@is" //Note: The above list array member ensures we're within a list //when doing list item transformations. //TODO: Make sure we're not between two lists ); // What the above tags are turned in to $htmltags = array ( "'
'.stop_recursion('\\1').'
'", "\\1", "\\1", "\\1", "\\2", "https://\\1", "\\3", "http://\\2", "\\3", "http://\\2", "
\\1 wrote:
\\2
", "
\\1
", "

", "

    \\1

", "

\\1
", "", "\\2", "\\1
  • \\2\n\\3", "\\2", "\\1", "\\1", "#\\1", "\\1", "[\\1]" ); // Do the actual replacing - iterations for nested items $lasttext = ""; $i = 0; // $i<20 to prevent DoS while ($text != $lasttext && $i<20) { $lasttext = $text; $text = preg_replace($bbtags,$htmltags,$text); $i = $i + 1; } return $text; } /** * Stops recursion of BBCode by escaping any [ in the given text * @param $text The text to stop recursion in * @return A text that no longer can cause recursion **/ function stop_recursion($text){ return str_replace("[", "[", $text); } // Make links open in new windows. function externalize_links($text) { // TODO: Convert this to PCRE $i=0;$linkpos=true; while (true){ //Find a link $linkpos=strpos($text," $value) { $replace[$key] = "".$value.""; } if (substr(phpversion(), 0, 1) > 4) { // PHP 4.x doesn't support str_ireplace return str_ireplace($search, $replace, $text); } else { return str_replace($search, $replace, $text); } } $cvs_version_tracker[]="\$Id$"; //Generated automatically - do not edit ?>