sciencenerd Posted May 31, 2007 Share Posted May 31, 2007 Hey, I'm creating a website that needs to allow users to submit content. However, I'm trying to "clean" that content to a large degree because it will show on the page, so if there's any malicious formatting or scripts I need to remove those. The code I'm about to post is *supposed* to remove all tags from $string except for <b >, <i > and <a > and additionally ensure that <b > and <i > have no arguments, while <a > only has the href="" argument and no others (note: spaces in tags to prevent the forum from rendering them). The code: $string = strip_tags($string, '<b><i><a>' . $exceptions); $pattern[0] = '/(\<b)(.*)(\>)/e'; $pattern[1] = '/(\<i)(.+?)(\>)/e'; $pattern[2] = '/(\<a)(.+?)(href=\")(.+?)(\")(.+?)(\>)/e'; $replacement[0] = '\\1\\3'; $replacement[1] = '\\1\\3'; $replacement[2] = '\\1\\3\\4\\5\\7'; $string = preg_replace($pattern, $replacement, $string); When I try to run this on the string '<b >test</b >', for example, the following errors are generated by the compiler: Parse error: parse error, unexpected '<' in /home/www/URL of site/standardfunctions.php(56) : regexp code on line 1 Fatal error: preg_replace(): Failed evaluating code: <b > *SPACE ADDED* in /home/www/URL of site/standardfunctions.php on line 56 Line 56 in this case corresponds to the final line of my posted code. Thanks in advance for any insight on this annoying problem! Link to comment https://forums.phpfreaks.com/topic/53689-preg_replace-syntax/ Share on other sites More sharing options...
btherl Posted May 31, 2007 Share Posted May 31, 2007 That code doesn't produce errors here. Can you post your entire script please? Link to comment https://forums.phpfreaks.com/topic/53689-preg_replace-syntax/#findComment-265400 Share on other sites More sharing options...
sciencenerd Posted May 31, 2007 Author Share Posted May 31, 2007 Okay, here's the whole function (I commented out everything else in the file to see if it would help, but no dice. My problem has to be inside the function I think). <?php function CleanText($string, $class=null, $exceptions=null) { if ($class == 'strict') { $string = strip_tags($string, '<b ><i ><a >' . $exceptions); $pattern[0] = '/(\<b)(.*)(\>)/e'; $pattern[1] = '/(\<i)(.+?)(\>)/e'; $pattern[2] = '/(\<a)(.+?)(href=\")(.+?)(\")(.+?)(\>)/e'; $replacement[0] = '\\1\\3'; $replacement[1] = '\\1\\3'; $replacement[2] = '\\1\\3\\4\\5\\7'; $string = preg_replace($pattern, $replacement, $string); } elseif ($class == 'lax') { $string = strip_tags($string, '<b ><i ><a ><span ><div ><table ><tr ><td ><h1 ><h2 ><h3 ><h4 ><h5 ><h6 ><br ><br /><ol ><ul ><li ><img ><img />' . $exceptions); } elseif ($class == null) { $string = strip_tags($string, $exceptions); $string = preg_replace('/\"/', '', $string); } return $string; } echo CleanText('<b test>is a test</b test>', 'strict'); ?> Link to comment https://forums.phpfreaks.com/topic/53689-preg_replace-syntax/#findComment-265507 Share on other sites More sharing options...
MadTechie Posted May 31, 2007 Share Posted May 31, 2007 no syntax errors in thats code.. Link to comment https://forums.phpfreaks.com/topic/53689-preg_replace-syntax/#findComment-265530 Share on other sites More sharing options...
sciencenerd Posted May 31, 2007 Author Share Posted May 31, 2007 Ok, my mistake. The reason the previous code compiled correctly is because of the spaces I put in the HTML tags to keep them from formatting my text when copying it to the form. Now that I've found the "code" attribute on the forum, I can copy-paste directly. Here's the code without the spaces in tags. This is the code I've tested EXACTLY that produces the errors. My apologies for the earlier ones that didn't. <?php function CleanText($string, $class=null, $exceptions=null) { if ($class == 'strict') { $string = strip_tags($string, '<b><i><a>' . $exceptions); $pattern[0] = '/(\<b)(.*)(\>)/e'; $pattern[1] = '/(\<i)(.+?)(\>)/e'; $pattern[2] = '/(\<a)(.+?)(href=\")(.+?)(\")(.+?)(\>)/e'; $replacement[0] = '\\1\\3'; $replacement[1] = '\\1\\3'; $replacement[2] = '\\1\\3\\4\\5\\7'; $string = preg_replace($pattern, $replacement, $string); } elseif ($class == 'lax') { $string = strip_tags($string, '<b><i><a><span><div><table><tr><td><h1><h2><h3><h4><h5><h6><br><ol><ul><li><img><img />' . $exceptions); } elseif ($class == null) { $string = strip_tags($string, $exceptions); $string = preg_replace('/\"/', '', $string); } return $string; } echo CleanText('<b test>is a test</b test>', 'strict'); ?> Link to comment https://forums.phpfreaks.com/topic/53689-preg_replace-syntax/#findComment-265894 Share on other sites More sharing options...
sciencenerd Posted June 1, 2007 Author Share Posted June 1, 2007 Ok, my partner found the issue with my code, for some reason when I removed the "e" modifier from the pattern string it works out fine. Thanks for trying to help though, if I have any more questions throughout the development I'll surely ask them here! Link to comment https://forums.phpfreaks.com/topic/53689-preg_replace-syntax/#findComment-266041 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.