bbcode parser problem

[Monkuar]

Everything works fine, unless I add this stupid thing to get rid of people using HTML

$text = pun_htmlspecialchars($text);

 

Once I add that to my function, no bbcodes work at all?  But I cant use html.. (which is good) but I need to beable to use BBCODE, and parse hackers from using html also, any help?

 

 

 

MY CODE absolutely destroyed the forum page

 

here it is:

 

http://pastebin.com/jv7m47kn

[scootstah]

Use htmlspecialchars before you parse the bbcode.

[Monkuar]

I added

 

$text = pun_htmlspecialchars($text);

 

above the restof the code scoots, but it now just shows

 

<b>hey</b> instead of actually formatting it into a bolded "b"?

[ManiacDan]

what does pun_htmlspecialchars do?

 

The proper thing to do is:

1)  call htmlspecialchars on the string

 

2)  parse the BBcode to turn BBcode into HTML

 

3)  display

[Monkuar]

what does pun_htmlspecialchars do?

 

The proper thing to do is:

1)  call htmlspecialchars on the string

 

2)  parse the BBcode to turn BBcode into HTML

 

3)  display

 

does

 

function pun_htmlspecialchars($str)
{
return htmlspecialchars($str, ENT_QUOTES, 'UTF-8');
}

 

This is my code:

 

http://pastebin.com/m0gmXAfQ

 

see my

$text = pun_htmlspecialchars($text);

right under global?

 

i am calling it before?

[ManiacDan]

There's a lot of functionality missing here that we'd need to see.  This is so huge and poorly organized that you're going to have to debug this yourself, step by step.  Do you know where the disconnect is?  Does clean_paragraphs do anything special?  Why do you only replace 7 smilies? 

[Monkuar]

There's a lot of functionality missing here that we'd need to see.  This is so huge and poorly organized that you're going to have to debug this yourself, step by step.  Do you know where the disconnect is?  Does clean_paragraphs do anything special?  Why do you only replace 7 smilies?

 

Well because I dont want people to spam smiley images on my message board and eat up bandwidth so I only make it so people can use 7 of each smiley,

 

all I do is wrap

 

$db->escape(parse_message($message))

 

before it enters into my database, should I use the html entities thing before that? then use parse?

[scootstah]

You shouldn't parse it before it goes into the database. If anybody ever edits it you are going to have to convert all the HTML back into bbcode, or else it will just be turned to entities.

[ManiacDan]

This won't do 7 of each, it will do 7 total.  Even if you did do 7 of each, browsers are smart enough not to download 8,000 copies of the same image, they'll use the one they downloaded for every <img> tag.

 

You keep describing your code using functions that none of us can see.  We had to ask about your custom htmlentities function, which apparently did nothing other than the built-in one, but you've now introduced escape(), parse_message(), and clean_paragraphs()

 

Again, debug this yourself.  Dump the input to a log file every step of the way, figure out when [ b ] turns into <b> and/or when it turns into <b>

 

And Scoot is right, parsing BBcode is a display event, not a storage event.

[Monkuar]

Well everything seems to work now maniac. Here is everthing.

 

I use the

 

$message = parse_message($message, $errors); 

 

Then when it enters into my database: I use

 

$db->escape($message)

 

$db escape is just a mysql escape string return function.

 

 

Then when I view the message, I dont use any parser to read it, I let html read it, because it's already been converted into html.

 

It's not letting me submit <b>hey</b> or html tags though! so that's good! (no hackers)

 

Here is the full parser:

 

http://pastebin.com/DSKzHGLm

 

the prob was I was calling the parser on $message before it entered the database twice, which was making it do weird thing.

 

 

What I just explained above, is working now, html is not working and bbcode's are.

 

I have unconvert functions though so people can edit, but will work on that later

 

 

 

 

[ManiacDan]

What we're saying is:  Don't write your unconvert function, ever.  Store the RAW post in the database, and then only convert the BBCode on display.  That way, if someone wants to edit, you just show them what they posted already.