Problem with BBCode

[pixy]

I made some replacements to do the URL bbcode on a forum script i'm making. But i can't figure out why it's acting up...

This is what it looks like in the bar:
[IMG]http://img.photobucket.com/albums/v72/vanillachick/wronglink.gif[/img]

This is the HTML the PHP spits out:
[IMG]http://img.photobucket.com/albums/v72/vanillachick/wronglink_html.gif[/img]

And this is the PHP that i'm using:
[IMG]http://img.photobucket.com/albums/v72/vanillachick/wronglink_php.gif[/img]

And this is the part of the function i'm using:
[code]
<?php
// This is only part of the function, so that part where it actually starts is up a ways...
        $patterns[] = "#\[url\]([a-z]+?://){1}([^\"'<>]*?)\[/url\]#Smi";
        $replacements[] = '<a href="\1\2" target="_blank">\1\2</a>';

        $patterns[] = "#\[url\]([^\"'<>]*?)\[/url\]#Smi";
        $replacements[] = '<a href="http://\1" target="_blank">\1</a>';

        $patterns[] = "#\[url=([a-z]+?://){1}([^\"'<>]*?)\](.*?)\[/url\]#Smi";
        $replacements[] = '<a href="\1\2" target="_blank">\3</a>';

        $patterns[] = "#\[url=([^\"'<>]*?)\](.*?)\[/url\]#Smi";
        $replacements[] = '<a href="http://\1" target="_blank">\2</a>';
?>
[/code]

[akitchin]

can we see the portion where you're actually performing the regex functions, as well as the lines leading up to the variable's storage?

[ShogunWarrior]

Something's quoting those quotes, so yes it seems like it may be under that line.

[pixy]

This is my entire BBCode function...

I think you're going to have to look at the source of this, since the fact that i'm using BBCode is messing up the [ code ] stuff...

EDIT:
See my next post.

[pixy]

Here, i attached it as text since it was messing up the boards...

[attachment deleted by admin]

[akitchin]

i can't see any attachments.

we really only need to see youre regex functions themselves, as well as what you end up doing with the variable.  i have a feeling you're running addslashes one or two too many times.

[pixy]

^ Its right where the signature would be in my last post:

Re: Problem with BBCode
« Reply #4 on: Today at 09:37:22 pm » Quote Modify Remove 

--------------------------------------------------------------------------------
Here, i attached it as text since it was messing up the boards... 

--------------------------------------------------------------------------------
[b]stuff.txt (5.17 KB - downloaded 0 times.)[/b]

Report to moderator  IP

[akitchin]

can't see it.  can anyone else?

in the meantime, try posting some of the code i'd mentioned (regex functions and whatever you do to those variables afterward).

[pixy]

http://www.phpfreaks.com/forums/index.php?action=dlattach;topic=100627.0;attach=92

Thats the link it gave me...

Here's the part i was working on...
[code]
<?php
// These patterns replace URL BB code
$patterns = array();
        $replacements = array();

        $patterns[] = "#\[color=([^\"'<>]*?)\](.*?)\[/color\]#Ssi";
        $replacements[] = '<font color="\1">\2</font>';

        $patterns[] = "#\[size=([+-]?[0-9]{1,2})\](.*?)\[/size\]#Ssie";
        $replacements[] = '"<font style=\"font-size: ".createAbsFSizeFromRel(\'$1\').";\">".stripslashes(\'$2\')."</font>"';

        $patterns[] = "#\[font=([a-z\r\n\t 0-9]+)\](.*?)\[/font\]#Ssi";
        $replacements[] = '<font face="\1">\2</font>';

        $patterns[] = "#\[align=([a-z]+)\](.*?)\[/align\]#Ssi";
        $replacements[] = '<p align="\1">\2</p>';

    $patterns[] = "#\[url\]([a-z]+?://){1}([^\"'<>]*?)\[/url\]#Smi";
        $replacements[] = '<a href="\1\2" target="_blank">\1\2</a>';

        $patterns[] = "#\[url\]([^\"'<>]*?)\[/url\]#Smi";
        $replacements[] = '<a href="http://\1" target="_blank">\1</a>';

        $patterns[] = "#\[url=([a-z]+?://){1}([^\"'<>]*?)\](.*?)\[/url\]#Smi";
        $replacements[] = '<a href="\1\2" target="_blank">\3</a>';

        $patterns[] = "#\[url=([^\"'<>]*?)\](.*?)\[/url\]#Smi";
        $replacements[] = '<a href="http://\1" target="_blank">\2</a>';

        $patterns[] = "#\[email\]([^\"'<>]*?)\[/email\]#Smi";
        $replacements[] = '<a href="mailto:\1">\1</a>';

        $patterns[] = "#\[email=([^\"'<>]*?){1}([^\"]*?)\](.*?)\[/email\]#Smi";
        $replacements[] = '<a href="mailto:\1\2">\3</a>';

        $message = preg_replace($patterns, $replacements, $message);
        $message = addslashes($message);
$message = nl2br($message);
return $message;
}
?>
[/code]

[akitchin]

that would explain it - are you running addslashes or any such escaping function on it additionally before entering it into the database?  if so, you'll end up with \\", which goes into MySQL as \".

[pixy]

It doesn't go into a database, I'm doing this when it comes out. This is for a forum script I'm writing, and if I insert into the database the bbcode($msg) then it'll change it all in the database and when they go to edit a post it would show all the code--which I dont allow and strip out with htmlspecialchars();

I have an escape_data() function I wrote that validates data to combat magic quotes...but I use that on EVERYTHING. O_O

[akitchin]

didn't realize this is when it comes out.  i totally misread your original post, sorry.

the reason you're getting the backslashes when it echoes back out is because you've run addslashes.  the variable contains the \", so that's what gets put out.  normally you only run addslashes when it's going to be plugged into a database, or used in an application that requires that the quotes be escaped.

try either going:

[code]$var = bbcode(shortenString($message));
echo "$var";[/code]

or removing addslashes().  there's no security issue when you're just outputting it into the browser.

[pixy]

Alrighty, well my escape_data funtion detects if magic_quotes is on, and fixes the info based on that.

I'll remove addslashes, that makes sense that it doesn't work because of it. I've got localhost installed on my other computer so I'll try it later. Thank you [b]so much[/b] for your help. <333