Jump to content

Archived

This topic is now archived and is closed to further replies.

pixy

Problem with BBCode

Recommended Posts

I made some replacements to do the URL bbcode on a forum script i'm making. But i can't figure out why it's acting up...

This is what it looks like in the bar:
[IMG]http://img.photobucket.com/albums/v72/vanillachick/wronglink.gif[/img]

This is the HTML the PHP spits out:
[IMG]http://img.photobucket.com/albums/v72/vanillachick/wronglink_html.gif[/img]

And this is the PHP that i'm using:
[IMG]http://img.photobucket.com/albums/v72/vanillachick/wronglink_php.gif[/img]

And this is the part of the function i'm using:
[code]
<?php
// This is only part of the function, so that part where it actually starts is up a ways...
        $patterns[] = "#\[url\]([a-z]+?://){1}([^\"'<>]*?)\[/url\]#Smi";
        $replacements[] = '<a href="\1\2" target="_blank">\1\2</a>';

        $patterns[] = "#\[url\]([^\"'<>]*?)\[/url\]#Smi";
        $replacements[] = '<a href="http://\1" target="_blank">\1</a>';

        $patterns[] = "#\[url=([a-z]+?://){1}([^\"'<>]*?)\](.*?)\[/url\]#Smi";
        $replacements[] = '<a href="\1\2" target="_blank">\3</a>';

        $patterns[] = "#\[url=([^\"'<>]*?)\](.*?)\[/url\]#Smi";
        $replacements[] = '<a href="http://\1" target="_blank">\2</a>';
?>
[/code]

Share this post


Link to post
Share on other sites
can we see the portion where you're actually performing the regex functions, as well as the lines leading up to the variable's storage?

Share this post


Link to post
Share on other sites
This is my entire BBCode function...

I think you're going to have to look at the source of this, since the fact that i'm using BBCode is messing up the [ code ] stuff...

EDIT:
See my next post.

Share this post


Link to post
Share on other sites
Here, i attached it as text since it was messing up the boards...

[attachment deleted by admin]

Share this post


Link to post
Share on other sites
i can't see any attachments.

we really only need to see youre regex functions themselves, as well as what you end up doing with the variable.  i have a feeling you're running addslashes one or two too many times.

Share this post


Link to post
Share on other sites
^ Its right where the signature would be in my last post:

Re: Problem with BBCode
« Reply #4 on: Today at 09:37:22 pm » Quote Modify Remove 

--------------------------------------------------------------------------------
Here, i attached it as text since it was messing up the boards... 

--------------------------------------------------------------------------------
[b]stuff.txt (5.17 KB - downloaded 0 times.)[/b]

Report to moderator  IP

Share this post


Link to post
Share on other sites
can't see it.  can anyone else?

in the meantime, try posting some of the code i'd mentioned (regex functions and whatever you do to those variables afterward).

Share this post


Link to post
Share on other sites
http://www.phpfreaks.com/forums/index.php?action=dlattach;topic=100627.0;attach=92

Thats the link it gave me...

Here's the part i was working on...
[code]
<?php
// These patterns replace URL BB code
$patterns = array();
        $replacements = array();

        $patterns[] = "#\[color=([^\"'<>]*?)\](.*?)\[/color\]#Ssi";
        $replacements[] = '<font color="\1">\2</font>';

        $patterns[] = "#\[size=([+-]?[0-9]{1,2})\](.*?)\[/size\]#Ssie";
        $replacements[] = '"<font style=\"font-size: ".createAbsFSizeFromRel(\'$1\').";\">".stripslashes(\'$2\')."</font>"';

        $patterns[] = "#\[font=([a-z\r\n\t 0-9]+)\](.*?)\[/font\]#Ssi";
        $replacements[] = '<font face="\1">\2</font>';

        $patterns[] = "#\[align=([a-z]+)\](.*?)\[/align\]#Ssi";
        $replacements[] = '<p align="\1">\2</p>';

    $patterns[] = "#\[url\]([a-z]+?://){1}([^\"'<>]*?)\[/url\]#Smi";
        $replacements[] = '<a href="\1\2" target="_blank">\1\2</a>';

        $patterns[] = "#\[url\]([^\"'<>]*?)\[/url\]#Smi";
        $replacements[] = '<a href="http://\1" target="_blank">\1</a>';

        $patterns[] = "#\[url=([a-z]+?://){1}([^\"'<>]*?)\](.*?)\[/url\]#Smi";
        $replacements[] = '<a href="\1\2" target="_blank">\3</a>';

        $patterns[] = "#\[url=([^\"'<>]*?)\](.*?)\[/url\]#Smi";
        $replacements[] = '<a href="http://\1" target="_blank">\2</a>';

        $patterns[] = "#\[email\]([^\"'<>]*?)\[/email\]#Smi";
        $replacements[] = '<a href="mailto:\1">\1</a>';

        $patterns[] = "#\[email=([^\"'<>]*?){1}([^\"]*?)\](.*?)\[/email\]#Smi";
        $replacements[] = '<a href="mailto:\1\2">\3</a>';

        $message = preg_replace($patterns, $replacements, $message);
        $message = addslashes($message);
$message = nl2br($message);
return $message;
}
?>
[/code]

Share this post


Link to post
Share on other sites
that would explain it - are you running addslashes or any such escaping function on it additionally before entering it into the database?  if so, you'll end up with \\", which goes into MySQL as \".

Share this post


Link to post
Share on other sites
It doesn't go into a database, I'm doing this when it comes out. This is for a forum script I'm writing, and if I insert into the database the bbcode($msg) then it'll change it all in the database and when they go to edit a post it would show all the code--which I dont allow and strip out with htmlspecialchars();

I have an escape_data() function I wrote that validates data to combat magic quotes...but I use that on EVERYTHING. O_O

Share this post


Link to post
Share on other sites
didn't realize this is when it comes out.  i totally misread your original post, sorry.

the reason you're getting the backslashes when it echoes back out is because you've run addslashes.  the variable contains the \", so that's what gets put out.  normally you only run addslashes when it's going to be plugged into a database, or used in an application that requires that the quotes be escaped.

try either going:

[code]$var = bbcode(shortenString($message));
echo "$var";[/code]

or removing addslashes().  there's no security issue when you're just outputting it into the browser.

Share this post


Link to post
Share on other sites
Alrighty, well my escape_data funtion detects if magic_quotes is on, and fixes the info based on that.

I'll remove addslashes, that makes sense that it doesn't work because of it. I've got localhost installed on my other computer so I'll try it later. Thank you [b]so much[/b] for your help. <333

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.