Jump to content

preg_replace not catching '<3' as a replaceable text

Monkuar

By Monkuar
in PHP Coding Help

 Share
Go to solution Solved by requinix,

Recommended Posts

Monkuar Advanced Member

Monkuar

Posted
Posted (edited)

Here are my smileys:

 

// Here you can add additional smilies if you like (please note that you must escape single quote and backslash)
$smilies = array(
	':)' => 'smile.gif',
	';)' => 'wink.gif',
	':(' => 'sad.gif',
	':mellow:' => 'mellow.gif',
	':(' => 'sad.gif',
	':angry:' => 'mad.gif',
	':cry:' => 'cry.gif',
	':banana:' => 'banana.gif',
	':locked:' => 'dancinglock.gif',
	':hug:' => 'hug.gif',
	':bonk:' => 'bangin.gif',
	':love:' => 'heart2.gif',
	'<3' => 'heart.gif',
	':blush:' => 'blush.gif',
	':p' => 'tongue.png',
	':lol:' => 'lol.png',
	':mad:' => 'mad.png',
	':rolleyes:' => 'roll.png',
	':cool:' => 'cool.png');
And here is the function to convert them to images using preg_replace

 


function do_smilies($text)
{
	global $smilies;

	$text = ' '.$text.' ';

	foreach ($smilies as $smiley_text => $smiley_img)
	{
		if (strpos($text, $smiley_text) !== false)
			$text =  preg_replace('%(?<=[>\s])'.preg_quote($smiley_text, '%').'(?=[^\p{L}\p{N}])%um', '<img src="/img/emoticons/'.$smiley_img.'" alt="'.$smiley_text.'">', $text);
	}

	return substr($text, 1, -1);
}
All of them are being replaced except for '<3', why? I tried:

 \<3
AND

 <\3
to see if I needed to escape the left carrot (<), but still no luck. Edited by Monkuar
Link to comment
Share on other sites
wezhind Newbie

wezhind

Posted
Posted (edited)

Hi,

 

I think (though could be wrong) that this may be the reason. I found an issue somebody was having with preg_match on stackoverflow that seems similar and could explain your issue. Here's the link: http://stackoverflow.com/questions/21063742/greater-than-and-less-than-symbol-in-regular-expressions

 

The answer by boris the spider - at the top when I looked - is the one you're looking for.

 

Good luck.

Edited by wezhind
Link to comment
Share on other sites
Monkuar Advanced Member

Monkuar

Posted
  • Author
Posted

Does it work if you try

'<3' => 'heart.gif'

 

LOL!!! Yep. I was calling

htmlspecialchars
before. I should of inspected the freaking source code before making this topic, my apologizes. Thank you!

 

Hi,

 

I think (though could be wrong) that this may be the reason. I found an issue somebody was having with preg_match on stackoverflow that seems similar and could explain your issue. Here's the link: http://stackoverflow.com/questions/21063742/greater-than-and-less-than-symbol-in-regular-expressions

 

The answer by boris the spider - at the top when I looked - is the one you're looking for.

 

Good luck.

Oh, yeah. Nice find :)

 

Thanks guys!

Link to comment
Share on other sites
requinix Prolific Member

requinix

Posted
Posted

LOL!!! Yep. I was calling

htmlspecialchars
before. I should of inspected the freaking source code before making this topic, my apologizes. Thank you!

 

Always save functions like htmlspecialchars() until the very end, just before you're about to embed the text in HTML (be that with output or when pre-rendering HTML).
Link to comment
Share on other sites
Monkuar Advanced Member

Monkuar

Posted
  • Author
Posted (edited)

Always save functions like htmlspecialchars() until the very end, just before you're about to embed the text in HTML (be that with output or when pre-rendering HTML).

I assume for minimal XSS protection, incase someone crafts up an exploit in one of the bbcode functions correct?

 

I should just run the htmlspecialchars at the end then. Then, I don't have to use the html entities in my smileys array to check via regex as well, and I would of never even had this problem right? Lol, I'm a debby downer sometimes, I apologize...

Edited by Monkuar
Link to comment
Share on other sites
requinix Prolific Member

requinix

Posted
Posted (edited)

I assume for minimal XSS protection, incase someone crafts up an exploit in one of the bbcode functions correct?

There's an imaginary point in the processing where before you were dealing with raw text and after you're dealing with HTML. Right then is when you apply htmlspecialchars().

do_smilies() does deal with HTML so it is after that point.

 

I should just run the htmlspecialchars at the end then. Then, I don't have to use the html entities in my smileys array to check via regex as well, and I would of never even had this problem right?

Not at the end, otherwise you'd be escaping your tags.

 

do_smilies() or some other BBCode-type replacement is probably where you make the transition to dealing with HTML, so immediately before that would be when you apply htmlspecialchars().

Edited by requinix
  • Like 1
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.