Jump to content


Photo

Problem with BBCode


  • Please log in to reply
12 replies to this topic

#1 pixy

pixy
  • Members
  • PipPipPip
  • Advanced Member
  • 295 posts

Posted 15 July 2006 - 01:49 AM

I made some replacements to do the URL bbcode on a forum script i'm making. But i can't figure out why it's acting up...

This is what it looks like in the bar:
Posted Image

This is the HTML the PHP spits out:
Posted Image

And this is the PHP that i'm using:
Posted Image

And this is the part of the function i'm using:
<?php
// This is only part of the function, so that part where it actually starts is up a ways...
        $patterns[] = "#\[url\]([a-z]+?://){1}([^\"'<>]*?)\[/url\]#Smi";
        $replacements[] = '<a href="\1\2" target="_blank">\1\2</a>';

        $patterns[] = "#\[url\]([^\"'<>]*?)\[/url\]#Smi";
        $replacements[] = '<a href="http://\1" target="_blank">\1</a>';

        $patterns[] = "#\[url=([a-z]+?://){1}([^\"'<>]*?)\](.*?)\[/url\]#Smi";
        $replacements[] = '<a href="\1\2" target="_blank">\3</a>';

        $patterns[] = "#\[url=([^\"'<>]*?)\](.*?)\[/url\]#Smi";
        $replacements[] = '<a href="http://\1" target="_blank">\2</a>';
?>

This is a .44 Caliber Loveletter straight through my heart.

Tabulas + Threadless + Hire Me!


#2 akitchin

akitchin
  • Staff Alumni
  • Advanced Member
  • 2,516 posts
  • LocationCalgary, AB, Canada

Posted 15 July 2006 - 01:55 AM

can we see the portion where you're actually performing the regex functions, as well as the lines leading up to the variable's storage?

#3 ShogunWarrior

ShogunWarrior
  • Members
  • PipPipPip
  • Advanced Member
  • 528 posts
  • LocationIreland

Posted 15 July 2006 - 01:59 AM

Something's quoting those quotes, so yes it seems like it may be under that line.
<a href="http://www.daviddora...nmedia.com/">My New Site/Blog</a> | <a href="http://www.daviddora...m/check/">Check your page for broken links/images/scripts</a>

Zend Certified Engineer
Follow me on Twitter: http://twitter.com/davidd

#4 pixy

pixy
  • Members
  • PipPipPip
  • Advanced Member
  • 295 posts

Posted 15 July 2006 - 02:32 AM

This is my entire BBCode function...

I think you're going to have to look at the source of this, since the fact that i'm using BBCode is messing up the [ code ] stuff...

EDIT:
See my next post.

This is a .44 Caliber Loveletter straight through my heart.

Tabulas + Threadless + Hire Me!


#5 pixy

pixy
  • Members
  • PipPipPip
  • Advanced Member
  • 295 posts

Posted 15 July 2006 - 02:37 AM

Here, i attached it as text since it was messing up the boards...

[attachment deleted by admin]

This is a .44 Caliber Loveletter straight through my heart.

Tabulas + Threadless + Hire Me!


#6 akitchin

akitchin
  • Staff Alumni
  • Advanced Member
  • 2,516 posts
  • LocationCalgary, AB, Canada

Posted 15 July 2006 - 02:46 AM

i can't see any attachments.

we really only need to see youre regex functions themselves, as well as what you end up doing with the variable.  i have a feeling you're running addslashes one or two too many times.

#7 pixy

pixy
  • Members
  • PipPipPip
  • Advanced Member
  • 295 posts

Posted 15 July 2006 - 02:57 AM

^ Its right where the signature would be in my last post:

Re: Problem with BBCode
« Reply #4 on: Today at 09:37:22 pm » Quote Modify Remove 

--------------------------------------------------------------------------------
Here, i attached it as text since it was messing up the boards... 

--------------------------------------------------------------------------------
stuff.txt (5.17 KB - downloaded 0 times.)

Report to moderator  IP

This is a .44 Caliber Loveletter straight through my heart.

Tabulas + Threadless + Hire Me!


#8 akitchin

akitchin
  • Staff Alumni
  • Advanced Member
  • 2,516 posts
  • LocationCalgary, AB, Canada

Posted 15 July 2006 - 03:18 AM

can't see it.  can anyone else?

in the meantime, try posting some of the code i'd mentioned (regex functions and whatever you do to those variables afterward).

#9 pixy

pixy
  • Members
  • PipPipPip
  • Advanced Member
  • 295 posts

Posted 15 July 2006 - 03:21 AM

http://www.phpfreaks...627.0;attach=92

Thats the link it gave me...

Here's the part i was working on...
<?php
	// These patterns replace URL BB code
		$patterns = array();
        $replacements = array();

        $patterns[] = "#\[color=([^\"'<>]*?)\](.*?)\[/color\]#Ssi";
        $replacements[] = '<font color="\1">\2</font>';

        $patterns[] = "#\[size=([+-]?[0-9]{1,2})\](.*?)\[/size\]#Ssie";
        $replacements[] = '"<font style=\"font-size: ".createAbsFSizeFromRel(\'$1\').";\">".stripslashes(\'$2\')."</font>"';

        $patterns[] = "#\[font=([a-z\r\n\t 0-9]+)\](.*?)\[/font\]#Ssi";
        $replacements[] = '<font face="\1">\2</font>';

        $patterns[] = "#\[align=([a-z]+)\](.*?)\[/align\]#Ssi";
        $replacements[] = '<p align="\1">\2</p>';
		
	    $patterns[] = "#\[url\]([a-z]+?://){1}([^\"'<>]*?)\[/url\]#Smi";
        $replacements[] = '<a href="\1\2" target="_blank">\1\2</a>';

        $patterns[] = "#\[url\]([^\"'<>]*?)\[/url\]#Smi";
        $replacements[] = '<a href="http://\1" target="_blank">\1</a>';

        $patterns[] = "#\[url=([a-z]+?://){1}([^\"'<>]*?)\](.*?)\[/url\]#Smi";
        $replacements[] = '<a href="\1\2" target="_blank">\3</a>';

        $patterns[] = "#\[url=([^\"'<>]*?)\](.*?)\[/url\]#Smi";
        $replacements[] = '<a href="http://\1" target="_blank">\2</a>';

        $patterns[] = "#\[email\]([^\"'<>]*?)\[/email\]#Smi";
        $replacements[] = '<a href="mailto:\1">\1</a>';

        $patterns[] = "#\[email=([^\"'<>]*?){1}([^\"]*?)\](.*?)\[/email\]#Smi";
        $replacements[] = '<a href="mailto:\1\2">\3</a>';

        $message = preg_replace($patterns, $replacements, $message);
        $message = addslashes($message);
		$message = nl2br($message);
		return $message;
}
?>

This is a .44 Caliber Loveletter straight through my heart.

Tabulas + Threadless + Hire Me!


#10 akitchin

akitchin
  • Staff Alumni
  • Advanced Member
  • 2,516 posts
  • LocationCalgary, AB, Canada

Posted 15 July 2006 - 03:25 AM

that would explain it - are you running addslashes or any such escaping function on it additionally before entering it into the database?  if so, you'll end up with \\", which goes into MySQL as \".

#11 pixy

pixy
  • Members
  • PipPipPip
  • Advanced Member
  • 295 posts

Posted 15 July 2006 - 03:28 AM

It doesn't go into a database, I'm doing this when it comes out. This is for a forum script I'm writing, and if I insert into the database the bbcode($msg) then it'll change it all in the database and when they go to edit a post it would show all the code--which I dont allow and strip out with htmlspecialchars();

I have an escape_data() function I wrote that validates data to combat magic quotes...but I use that on EVERYTHING. O_O

This is a .44 Caliber Loveletter straight through my heart.

Tabulas + Threadless + Hire Me!


#12 akitchin

akitchin
  • Staff Alumni
  • Advanced Member
  • 2,516 posts
  • LocationCalgary, AB, Canada

Posted 15 July 2006 - 03:40 AM

didn't realize this is when it comes out.  i totally misread your original post, sorry.

the reason you're getting the backslashes when it echoes back out is because you've run addslashes.  the variable contains the \", so that's what gets put out.  normally you only run addslashes when it's going to be plugged into a database, or used in an application that requires that the quotes be escaped.

try either going:

$var = bbcode(shortenString($message));
echo "$var";

or removing addslashes().  there's no security issue when you're just outputting it into the browser.

#13 pixy

pixy
  • Members
  • PipPipPip
  • Advanced Member
  • 295 posts

Posted 15 July 2006 - 03:45 AM

Alrighty, well my escape_data funtion detects if magic_quotes is on, and fixes the info based on that.

I'll remove addslashes, that makes sense that it doesn't work because of it. I've got localhost installed on my other computer so I'll try it later. Thank you so much for your help. <333

This is a .44 Caliber Loveletter straight through my heart.

Tabulas + Threadless + Hire Me!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users