BBCode function help

[EchoFool]

Hey

 

I have a bbcode function and im trying to get it to reply with a php command so that it will display a result but i do not know how to do it.

 

This is what i got:

 

//bb code fucntion
//in this case $GameID = 1
function BBCode($BB,$GameID){
                    $BBCode = array(
                        "[user]" => "<?php echo getusername(",
                        "[/user]" => ",$GameID);?>"
                        );
                    
                    $Message = str_replace(array_keys($BBCode), array_values($BBCode), $BB);
                return $Message;
                                }

 

So user a puts [user]1[/user]

 

That would create:

 

<?php
echo getusername(1,1);
?>

 

 

How ever this doesn't work it displays the php in page source rather than executing it =/

[premiso]

It is unwise to do so, but you would have to eval the php code in order to process it.

 

It is unwise, because it can easily be exploited and your server compromised with such code.

[EchoFool]

So there is no way to go about it ? :S

[premiso]

There are other ways. The main thing is you need to make sure the data you are evaling is santized. So farify that GameID is an INT or convert it to an INT. Not doing so someone could possible hijack it to be:

 

[user]0); $fh=fopen('myh4x.php', 'w'); fwrite('<?php include($_GET["var"]); ?>');[/user]

 

Or something similar, and viola. They now have a valid loop hole into your code.

[EchoFool]

Hmm so how does forums do it where you have:

 

[quote={NAME}] [/quote]

 

And it replaces {NAME} to a <a href="">Link</a> ? IS that using the same method? I know this forum doesn't but some do.

[premiso]

A few ways it can be done, but you can download the bbcode / source code for the forum and see yourself.

 

But most likely it uses regular expressions with probably the 'e' modifer and or they use preg_match_all and preg_replace and just re-construct it then replace it that way.

[EchoFool]

You can't download server side php.

[Adam]

A better method would be to use regular expressions for this kind of complex string replacement. Have a good read into preg_match and preg_replace!

 

Passing the 'e' modifier to preg_replace() will allow you to evaluate the code within the replacement parameter -- similar to eval() really but in the situation below a lot less risky.

 

$str = preg_replace('/\[user\](\d+)\[\/user\]/', "getusername($1)", $str);

 

So the expression: \[user\](\d+)\[\/user\] will only match user tags with both an opening and closing tag, and with 1 or more digits in the middle. The matched digits are placed into the string containing the function, which is then evaluated and $str updated with the username.

 

You'll obviously need to make some modifications to use that in your own code, but it's the general idea.

[EchoFool]

I will reasearch into this ! Thanks guys