terungwa Posted October 26, 2014 Share Posted October 26, 2014 I am building a whitelist based bbcode sanitiser that allows only permitted bbcode element (the tag. All other bbcode elements will be rejected regardless of what they are.Also, this system should reject empty bbcode tag This is the function below: $val = 'This is a post with code, [code]cmmcxm[/code]';/* The negative lookahead regex contruct in the function below ensures all opening square brackets must be followed by this regex inside the lookahead(code\](.)+\[\/code\])*/function isSuspect($val) { // create a pattern to whitelist allowed bbcode phrase $pattern = '/[(?!(code\](.)+\[\/code\]))/i'; // if one of the suspect phrases is found, reject \[(?!(code\]\[/code\])) if (preg_match($pattern, $val)) { return '<div id="login-alert" class="alert alert-danger col-sm-12">You can not post that, it appears you may have included banned words or code tags in your post.<br/>If you think this is not the case, kindly contact the portal administrator <a href="#"><img class="warning" src="assets/img/icons/mail-black.png" alt="" /> here</a></div>'; }}echo isSuspect($val); This function is not validating $val = 'This is a post with code, cmmcxm'; and I was thinking it should. I would appreciate inputs to finish this. Thanks. Quote Link to comment Share on other sites More sharing options...
hansford Posted November 30, 2014 Share Posted November 30, 2014 (edited) I was going to include the lookahead, but it doesn't appear you need it. I'll let others weigh in on this, but this is all you need from what I'm seeing. $pattern = '/\[code\](.)+\[\/code\]/i'; Edited November 30, 2014 by hansford Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.