Jump to content


Photo

preg_replace does not accept HTML chars?


  • Please log in to reply
7 replies to this topic

#1 Prismatic

Prismatic
  • Members
  • PipPipPip
  • Advanced Member
  • 503 posts
  • LocationSan Diego

Posted 27 March 2006 - 12:22 AM

Ok, I have a problem :( on my forums I have code blocks. These blocks accept all code and show the proper indents and whatnot. My whole code to do the matching and replacing is:

if (strstr($text, "[bbcode]")){
        $str = str_replace("]\n", "]", $text);
        //Pattern for Preg_Replace
        $match = array('@\[bbcode\](.*?)\[\/bbcode\]@esi');
        
        //Pattern for Preg_Match_All
        $match_String = '@\[bbcode\](.*?)\[\/bbcode\]@esi';
        
        //preg_match($match_String, $text, $matches, PREG_OFFSET_CAPTURE);
        preg_match_all($match_String, $str, $matches, PREG_SET_ORDER);
        
        //Iterate through the array $matches
        foreach($matches as $key){
               $Value = $key[1];
            
            //So code indenting works.
            $Value = str_replace(" ", " ", $Value);
            $Value = str_replace("    ", "     ", $Value); 
                
            //The character ")" was causing an issue.
            $Value = str_replace(")", ")", $Value);
                
            //Replace array.
            $replace = array("'<table width=\"95%\" align=\"center\" border=\"0\"><tr><td class=\"BoardColumn\"><a class=\"SmallText_Code_Block\"><b>Code Block</b></a></td></tr><tr><td class=\"MainMenuRow\"><a class=\"SmallText\">$Value</a></td></tr></table>'");
                
            //Show the block in all it's glory
            $text= preg_replace($match, $replace, $text, 1);
        }
    }    
    return $text;

Thing is, to make preg_replace work I need to first change ALL html chars to the resulting html codes. I do that when the post is made with:

/* Clean up the post to make it good for storing in the database */
    $body = htmlentities($_POST[message_body]);
    $body = str_replace("(", "(", $body);
    $body = str_replace(")", ")", $body);
    $body = str_replace("'", "'", $body);
    $body = str_replace("$", "$", $body);
    $body = str_replace("_", "_", $body);
    $body = str_replace("Y", "Υ", $body);

All those str_replaces were causing the preg_replace to fail, dont know why, they just were. Posting code works fine as it is, it gives no errors or anything, except now I want to highlight the code. This is causing a problem since the origonal code has been bastardized to get it to pass through the preg_replace without causing an error. IE:

this posted
A 'quote' is <b>bold</b>

turns into this:

A 'quote' is &lt;b&gt;bold&lt;/b&gt;

It displays fine, but code highlighting is killed in the process.

Is there any way to make preg_replace accept those html special chars without giving an error? This is the kind of error returned if I try to have it process code normally:

Parse error: parse error, unexpected '<' in functions.php(486) : regexp code on line 3

Fatal error: preg_replace() [function.preg-replace]: Failed evaluating code: '<table width="95%" align="center" border="0"><tr><td class="BoardColumn"><a class="SmallText_Code_Block"><b>Code Block</b></a></td></tr><tr><td class="MainMenuRow"><a class="SmallText"> echo&nbsp;"test!'; </a></td></tr></table>' in functions.php on line 486


#2 shoz

shoz
  • Staff Alumni
  • Advanced Member
  • 600 posts

Posted 27 March 2006 - 12:34 AM

[a href=\"http://www.php.net/preg_quote\" target=\"_blank\"]preg_quote[/a] may be what you're looking for.

#3 Prismatic

Prismatic
  • Members
  • PipPipPip
  • Advanced Member
  • 503 posts
  • LocationSan Diego

Posted 27 March 2006 - 12:41 AM

Would that prevent error's when preg_replace tries to process strings that contain characters such as < > / ( ) ; and stuff like that?

#4 shoz

shoz
  • Staff Alumni
  • Advanced Member
  • 600 posts

Posted 27 March 2006 - 01:53 AM

Would that prevent error's when preg_replace tries to process strings that contain characters such as < > / ( ) ; and stuff like that?

It should.

Post the changes you've made, when you're finished.


#5 Prismatic

Prismatic
  • Members
  • PipPipPip
  • Advanced Member
  • 503 posts
  • LocationSan Diego

Posted 27 March 2006 - 03:12 AM

[!--quoteo(post=358733:date=Mar 26 2006, 08:53 PM:name=shoz)--][div class=\'quotetop\']QUOTE(shoz @ Mar 26 2006, 08:53 PM) View Post[/div][div class=\'quotemain\'][!--quotec--]
It should.

Post the changes you've made, when you're finished.
[/quote]

Well, preg_quote gives me "\Test\<\/b\>" when I insert "<b>Test</b>" into the database..

WITHOUT preg_quote the word Test shows up bold (NOT what I want, I do NOT want the code to be executed, huge security risk)

Ive come to the conslusion it's impossible to get the best of both worlds. I can either get code blocks with no highlighting or not. Since the only way I can process code through preg_replace is by running all this on it before I send it off to the database:

    $body = htmlentities($_POST[message_body]);
    $body = str_replace("(", "(", $body);
    $body = str_replace(")", ")", $body);
    $body = str_replace("'", "'", $body);
    $body = str_replace("$", "$", $body);
    $body = str_replace("_", "_", $body);
    $body = str_replace("Y", "Υ", $body);
    $body = str_replace(")", ")", $body);

:( All those characters you see above were causing preg_replace to crash when it tried processing. Dont ask me, it just sucks I guess :|

Edit - nice, cant even post my real code :| all the replacment values for thsoe str_replaces are their respective html codes like &.#933; for Y (Without the period).

#6 shoz

shoz
  • Staff Alumni
  • Advanced Member
  • 600 posts

Posted 27 March 2006 - 03:53 AM

When looking through your question the first time I skimmed over it. Try removing the "e" from @esi in
        //Pattern for Preg_Replace
        $match = array('@\[bbcode\](.*?)\[\/bbcode\]@esi');
        
        //Pattern for Preg_Match_All
        $match_String = '@\[bbcode\](.*?)\[\/bbcode\]@esi';
Remember to remove/comment the code you've been using to change <> etc into &#etc

#7 Prismatic

Prismatic
  • Members
  • PipPipPip
  • Advanced Member
  • 503 posts
  • LocationSan Diego

Posted 27 March 2006 - 04:37 AM

[!--quoteo(post=358761:date=Mar 26 2006, 10:53 PM:name=shoz)--][div class=\'quotetop\']QUOTE(shoz @ Mar 26 2006, 10:53 PM) View Post[/div][div class=\'quotemain\'][!--quotec--]
When looking through your question the first time I skimmed over it. Try removing the "e" from @esi in
        //Pattern for Preg_Replace
        $match = array('@\[bbcode\](.*?)\[\/bbcode\]@esi');
        
        //Pattern for Preg_Match_All
        $match_String = '@\[bbcode\](.*?)\[\/bbcode\]@esi';
Remember to remove/comment the code you've been using to change <> etc into &#etc
[/quote]

Removed the E and the only thing that changes is I am now getting a ' above and below my code block. Text is still showing up bold (IE - It's running - big nono)

    if (strstr($text, "[bbcode]")){
        $str = str_replace("]\n", "]", $text);
        //Pattern for Preg_Replace
        $match = array('@\[bbcode\](.*?)\[\/bbcode\]@si');
        
        //Pattern for Preg_Match_All
        $match_String = '@\[bbcode\](.*?)\[\/bbcode\]@si';
        
        //preg_match($match_String, $text, $matches, PREG_OFFSET_CAPTURE);
        preg_match_all($match_String, $str, $matches, PREG_SET_ORDER);
        
        //Iterate through the array $matches
        foreach($matches as $key){
               $Value = $key[1];
            
            //So code indenting works.
            $Value = str_replace(" ", "&nbsp;", $Value);
            $Value = str_replace("    ", "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;", $Value); 
            
            $Value = preg_quote($Value, '/');
            
            //Replace array.
            $replace = array("'<table width=\"95%\" align=\"center\" border=\"0\"><tr><td class=\"BoardColumn\"><a class=\"SmallText_Code_Block\"><b>Code Block</b></a></td></tr><tr><td class=\"MainMenuRow\"><a class=\"SmallText\">$Value</a></td></tr></table>'");
                
            //Show the block in all it's glory
            $text = preg_replace($match, $replace, $text, 1);
        }
    }    
    return $text;

[img src=\"http://www.warrency.com/codeblock.JPG\" border=\"0\" alt=\"IPB Image\" /]

^^ What it looks like with preg_quote on..

#8 shoz

shoz
  • Staff Alumni
  • Advanced Member
  • 600 posts

Posted 27 March 2006 - 05:04 AM

Remove the preg_quote line. I offered it as a solution originally when I assumed to some degree what the error was because of how similar the problem is to one that preg_quote would solve.

Also change
class=\"SmallText\">$Value</a></td></tr></table>'"

//to

class=\"SmallText\">".htmlentities($Value)."</a></td></tr></table>'"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users