allistera Posted April 21, 2008 Share Posted April 21, 2008 Hey there, I am writing a blog and want to replace: [ code=php ]<?php echo "OK"; ?>[ /code ] with: SyntaxHilighter::hilight("<?php echo "OK"; ?>, "php") Here is what I have to far: preg_replace ('/\[code\=(.*?)\](.*?)\[\/code\]/is', ' ?? $1 $2?? ', $str); I don't know what to put in the ???? part because it will output as text rather than PHP. Thanks for all help Quote Link to comment Share on other sites More sharing options...
allistera Posted April 21, 2008 Author Share Posted April 21, 2008 Anyone? Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted April 21, 2008 Share Posted April 21, 2008 If you want use PHP code in the replacement then use the e pattern modifier in your regex, ge: preg_replace ('/\[code\=(.*?)\](.*?)\[\/code\]/ies', "SyntaxHilighter::hilight(\"$1\", \"$2\")", $str); Quote Link to comment Share on other sites More sharing options...
allistera Posted April 21, 2008 Author Share Posted April 21, 2008 Ok I tried that but only the $1 outputs, when I try to output the second varable ($2) it exits. Here is the test code I am using: $str = preg_replace('/\[code\=(.*?)\](.*?)\[\/code\]/ies', "SyntaxHilighter::hilight(\"$1\", \"$2\")", $str); But when I remove the "e" the $2 works :S Quote Link to comment Share on other sites More sharing options...
allistera Posted April 22, 2008 Author Share Posted April 22, 2008 No one? Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted April 22, 2008 Share Posted April 22, 2008 I put the params round the wrong way, try: $str = preg_replace('/\[code\=([a-z]+)\](.*?)\[\/code\]/ies', "SyntaxHilighter::hilight(\"$2\", \"$1\")", $str); Quote Link to comment Share on other sites More sharing options...
allistera Posted April 22, 2008 Author Share Posted April 22, 2008 Thanks! Worked now, but now it's outputting: <?php echo "Hello"; ?> As: <?php echo "Hello"; ?> Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted April 22, 2008 Share Posted April 22, 2008 It must be a problem with your hilight function in the SyntaxHilighter class. We'll have to see more code. Quote Link to comment Share on other sites More sharing options...
allistera Posted April 22, 2008 Author Share Posted April 22, 2008 Here is the syntax_hilight.php script: <?php /* Plugin Name: Syntax Highlighter Enscript Plugin URI: http://scott.yang.id.au/category/syntax-hilite/ Description: Adds syntax highlighting to your pre tags with an optional lang attribute to specify which language to base the syntax on. It uses "enscript" and PHP's built-in highlight_string() to perform the syntax highlight. Version: 1.3 Author: Scott Yang Author URI: http://scott.yang.id.au/ */ class SyntaxHilighter { function hilight($code, $lang) { if ($lang == 'php') { $code = SyntaxHilighter::hilight_php($code); } else { $code = SyntaxHilighter::hilight_enscript($code, $lang); } // Making it XHTML compatible. $code = preg_replace('/<FONT COLOR="/i', '<span style="color:', $code); $code = preg_replace('/<\/FONT>/i', '</span>', $code); return $code; } function hilight_enscript($code, $lang) { $argv = "enscript -q -p - --highlight=$lang --language=html --color"; // Calling enscript to format it. Note thata proc_open requires PHP // 4.3. Otherwise, we will use a temp file and then popen(). if (function_exists('proc_open')) { $desc = array( 0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w"), ); $proc = proc_open($argv, $desc, $pipe); if (is_resource($proc)) { fwrite($pipe[0], $code); fclose($pipe[0]); $code = ''; while (!feof($pipe[1])) $code .= fgets($pipe[1], 4096); fclose($pipe[1]); fclose($pipe[2]); proc_close($proc); } } else { // FIXME: We are hardcoding the path to the temporary file name // here. It needs to be changed to be system independent. $file = tempnam('/tmp', '_syntax'); $handle = fopen($file, 'w'); fwrite($handle, $code); fclose($handle); $argv .= ' '.escapeshellcmd($file).' 2>&1'; $proc = popen($argv, 'r'); $code = ''; while (!feof($proc)) $code .= fgets($proc, 4096); pclose($proc); unlink($file); } $code = eregi_replace("^.*<PRE>\n", '', $code); $code = eregi_replace("\n?</PRE>.*$", '', $code); return '<!--BEGIN enscript-->'.$code.'<!--END enscript-->'; } function hilight_file($filename, $lang) { ob_start(); readfile($filename); $code = ob_get_contents(); ob_end_clean(); return SyntaxHilight::hilight($code, $lang); } function hilight_php($code) { $append_php = false; if (!ereg('^<\\?', $code)) { $append_php = true; $code = "<?php\n".$code."\n?>"; } // Using PHP's highlight_string to do the syntax highlighting. // However, we need to tidy up the result for line breaks. $code = highlight_string( $code, true ); $code = eregi_replace('^.*<code>', '', $code); $code = eregi_replace('</code>.*$', '', $code); // Join multiple lines. $code = str_replace("\n", "", $code); $code = str_replace(" ", " ", $code); $code = implode("\n", explode("<br />", $code)); return $code; } function htmlunspecialchars($code) { $func = create_function('$match', '$value = intval($match[1]);'. 'return ($value < 256) ? chr($value) : $match[1];'); $tran = get_html_translation_table(HTML_ENTITIES); $tran = array_flip($tran); $code = strtr($code, $tran); $code = preg_replace_callback("/&#([0-9]{1,5});/is", $func, $code); return $code; } } if (function_exists('add_filter')) { function __syntax_hilight($content) { return preg_replace_callback("/<pre([^>]*)>(.*?)<\/pre>/is", '__syntax_hilight_callback', $content); } function __syntax_hilight_callback($match) { global $wp_version; $attr = $match[1]; $code = $match[2]; if ($wp_version < '1.5') { // Fix up the formatting that WordPress has put into the HTML // code. (only 1.2.x is messing with the <pre/> output) $code = str_replace("<br />", "", $code); $code = preg_replace("/\\s*<p>/s", "\r\n\r\n", $code); $code = preg_replace("/<\/p>/s", "", $code); $code = str_replace("“", '"', $code); $code = str_replace("”", '"', $code); $code = str_replace("‘", "'", $code); $code = str_replace("’", "'", $code); $code = str_replace("–", "--", $code); } else { $code = str_replace('\"', '"', $code); } // Try to match the <pre lang="..."> tag, to determine what // programming language we need to hilight for, $re_lang = '/\s+lang\s*=\s*["\']?([^"\']+)["\']?/xi'; $num = preg_match($re_lang, $attr, $lang); if ($num) { // If we need to hilight the code, we will reverse the // htmlspecialchars, to convert XML entities back to the right // character. $code = SyntaxHilighter::htmlunspecialchars($code); $code = SyntaxHilighter::hilight($code, $lang[1]); $attr = preg_replace($re_lang, '', $attr); } return "<pre$attr>$code</pre>"; } add_filter('the_content', '__syntax_hilight'); } ?> Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted April 22, 2008 Share Posted April 22, 2008 Ok, that class runs fine for me. It must be what you're doing with $str where do you output $str to? Quote Link to comment Share on other sites More sharing options...
allistera Posted April 22, 2008 Author Share Posted April 22, 2008 I output $str like so: nl2br(bbcode_comments_format($str)) Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted April 22, 2008 Share Posted April 22, 2008 what does bbcode_comment_format do? Quote Link to comment Share on other sites More sharing options...
allistera Posted April 22, 2008 Author Share Posted April 22, 2008 function bbcode_comments_format ($str) { $str = htmlentities($str); $str = preg_replace('/\[code\=([a-z]+)\](.*?)\[\/code\]/ies', "SyntaxHilighter::hilight_php(\"$2\", \"$1\")", $str); return $str; } Mabie the htmlentities in that function? Edit: Thats what it was! when I removed that it worked!, Thanks for your help wildteen88 Quote Link to comment Share on other sites More sharing options...
allistera Posted April 22, 2008 Author Share Posted April 22, 2008 Ok, I have one more problem with this: This leaves the $str open to injection attacks because I removed the htmlentities function. For example: The [ code= php ] outputs fine, highlighted, the way I want it but if a malicious user enters any HTML/CSS/Javascript it will output. So how do I output the code so that the users can see it, but it won't run. Complex! Thanks Quote Link to comment Share on other sites More sharing options...
DarkWater Posted April 22, 2008 Share Posted April 22, 2008 Ok, I have one more problem with this: This leaves the $str open to injection attacks because I removed the htmlentities function. For example: The [ code= php ] outputs fine, highlighted, the way I want it but if a malicious user enters any HTML/CSS/Javascript it will output. So how do I output the code so that the users can see it, but it won't run. Complex! Thanks Use htmlspecialchars() on $str before you put it through preg(). Quote Link to comment Share on other sites More sharing options...
allistera Posted April 22, 2008 Author Share Posted April 22, 2008 Ok, so my new code is like so: $str = nl2br(bbcode_comments_format(htmlspecialchars($str))); echo $str; That outputs: <?php <?php echo "test"; ?> ?> Still got they entities in there... Quote Link to comment Share on other sites More sharing options...
allistera Posted April 22, 2008 Author Share Posted April 22, 2008 Anyone got any ideas?... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.