Jump to content

preg_replace not catching '<3' as a replaceable text


Go to solution Solved by requinix,

Recommended Posts

Here are my smileys:

 

// Here you can add additional smilies if you like (please note that you must escape single quote and backslash)
$smilies = array(
	':)' => 'smile.gif',
	';)' => 'wink.gif',
	':(' => 'sad.gif',
	':mellow:' => 'mellow.gif',
	':(' => 'sad.gif',
	':angry:' => 'mad.gif',
	':cry:' => 'cry.gif',
	':banana:' => 'banana.gif',
	':locked:' => 'dancinglock.gif',
	':hug:' => 'hug.gif',
	':bonk:' => 'bangin.gif',
	':love:' => 'heart2.gif',
	'<3' => 'heart.gif',
	':blush:' => 'blush.gif',
	':p' => 'tongue.png',
	':lol:' => 'lol.png',
	':mad:' => 'mad.png',
	':rolleyes:' => 'roll.png',
	':cool:' => 'cool.png');
And here is the function to convert them to images using preg_replace

 


function do_smilies($text)
{
	global $smilies;

	$text = ' '.$text.' ';

	foreach ($smilies as $smiley_text => $smiley_img)
	{
		if (strpos($text, $smiley_text) !== false)
			$text =  preg_replace('%(?<=[>\s])'.preg_quote($smiley_text, '%').'(?=[^\p{L}\p{N}])%um', '<img src="/img/emoticons/'.$smiley_img.'" alt="'.$smiley_text.'">', $text);
	}

	return substr($text, 1, -1);
}
All of them are being replaced except for '<3', why? I tried:

 \<3 
AND

 <\3 
to see if I needed to escape the left carrot (<), but still no luck. Edited by Monkuar
Link to comment
https://forums.phpfreaks.com/topic/293789-preg_replace-not-catching/
Share on other sites

Hi,

 

I think (though could be wrong) that this may be the reason. I found an issue somebody was having with preg_match on stackoverflow that seems similar and could explain your issue. Here's the link: http://stackoverflow.com/questions/21063742/greater-than-and-less-than-symbol-in-regular-expressions

 

The answer by boris the spider - at the top when I looked - is the one you're looking for.

 

Good luck.

Edited by wezhind

Does it work if you try

'<3' => 'heart.gif'

 

LOL!!! Yep. I was calling

htmlspecialchars
before. I should of inspected the freaking source code before making this topic, my apologizes. Thank you!

 

Hi,

 

I think (though could be wrong) that this may be the reason. I found an issue somebody was having with preg_match on stackoverflow that seems similar and could explain your issue. Here's the link: http://stackoverflow.com/questions/21063742/greater-than-and-less-than-symbol-in-regular-expressions

 

The answer by boris the spider - at the top when I looked - is the one you're looking for.

 

Good luck.

Oh, yeah. Nice find :)

 

Thanks guys!

LOL!!! Yep. I was calling

htmlspecialchars
before. I should of inspected the freaking source code before making this topic, my apologizes. Thank you!

 

Always save functions like htmlspecialchars() until the very end, just before you're about to embed the text in HTML (be that with output or when pre-rendering HTML).

Always save functions like htmlspecialchars() until the very end, just before you're about to embed the text in HTML (be that with output or when pre-rendering HTML).

I assume for minimal XSS protection, incase someone crafts up an exploit in one of the bbcode functions correct?

 

I should just run the htmlspecialchars at the end then. Then, I don't have to use the html entities in my smileys array to check via regex as well, and I would of never even had this problem right? Lol, I'm a debby downer sometimes, I apologize...

Edited by Monkuar

I assume for minimal XSS protection, incase someone crafts up an exploit in one of the bbcode functions correct?

There's an imaginary point in the processing where before you were dealing with raw text and after you're dealing with HTML. Right then is when you apply htmlspecialchars().

do_smilies() does deal with HTML so it is after that point.

 

I should just run the htmlspecialchars at the end then. Then, I don't have to use the html entities in my smileys array to check via regex as well, and I would of never even had this problem right?

Not at the end, otherwise you'd be escaping your tags.

 

do_smilies() or some other BBCode-type replacement is probably where you make the transition to dealing with HTML, so immediately before that would be when you apply htmlspecialchars().

Edited by requinix
  • Like 1
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.