Jump to content

Archived

This topic is now archived and is closed to further replies.

Prismatic

preg_replace does not accept HTML chars?

Recommended Posts

Ok, I have a problem :( on my forums I have code blocks. These blocks accept all code and show the proper indents and whatnot. My whole code to do the matching and replacing is:

[code]
if (strstr($text, "[bbcode]")){
        $str = str_replace("]\n", "]", $text);
        //Pattern for Preg_Replace
        $match = array('@\[bbcode\](.*?)\[\/bbcode\]@esi');
        
        //Pattern for Preg_Match_All
        $match_String = '@\[bbcode\](.*?)\[\/bbcode\]@esi';
        
        //preg_match($match_String, $text, $matches, PREG_OFFSET_CAPTURE);
        preg_match_all($match_String, $str, $matches, PREG_SET_ORDER);
        
        //Iterate through the array $matches
        foreach($matches as $key){
               $Value = $key[1];
            
            //So code indenting works.
            $Value = str_replace(" ", " ", $Value);
            $Value = str_replace("    ", "     ", $Value);
                
            //The character ")" was causing an issue.
            $Value = str_replace(")", ")", $Value);
                
            //Replace array.
            $replace = array("'<table width=\"95%\" align=\"center\" border=\"0\"><tr><td class=\"BoardColumn\"><a class=\"SmallText_Code_Block\"><b>Code Block</b></a></td></tr><tr><td class=\"MainMenuRow\"><a class=\"SmallText\">$Value</a></td></tr></table>'");
                
            //Show the block in all it's glory
            $text= preg_replace($match, $replace, $text, 1);
        }
    }    
    return $text;
[/code]

Thing is, to make preg_replace work I need to first change ALL html chars to the resulting html codes. I do that when the post is made with:

[code]
/* Clean up the post to make it good for storing in the database */
    $body = htmlentities($_POST[message_body]);
    $body = str_replace("(", "(", $body);
    $body = str_replace(")", ")", $body);
    $body = str_replace("'", "'", $body);
    $body = str_replace("$", "$", $body);
    $body = str_replace("_", "_", $body);
    $body = str_replace("Y", "Υ", $body);
[/code]

All those str_replaces were causing the preg_replace to fail, dont know why, they just were. Posting code works fine as it is, it gives no errors or anything, except now I want to highlight the code. This is causing a problem since the origonal code has been bastardized to get it to pass through the preg_replace without causing an error. IE:

this posted
[code]A 'quote' is <b>bold</b>[/code]

turns into this:

[code]A 'quote' is &lt;b&gt;bold&lt;/b&gt;[/code]

It displays fine, but code highlighting is killed in the process.

Is there any way to make preg_replace accept those html special chars without giving an error? This is the kind of error returned if I try to have it process code normally:

[code]
Parse error: parse error, unexpected '<' in functions.php(486) : regexp code on line 3

Fatal error: preg_replace() [function.preg-replace]: Failed evaluating code: '<table width="95%" align="center" border="0"><tr><td class="BoardColumn"><a class="SmallText_Code_Block"><b>Code Block</b></a></td></tr><tr><td class="MainMenuRow"><a class="SmallText"> echo&nbsp;"test!'; </a></td></tr></table>' in functions.php on line 486[/code]

Share this post


Link to post
Share on other sites
[a href=\"http://www.php.net/preg_quote\" target=\"_blank\"]preg_quote[/a] may be what you're looking for.

Share this post


Link to post
Share on other sites
Would that prevent error's when preg_replace tries to process strings that contain characters such as < > / ( ) ; and stuff like that?

Share this post


Link to post
Share on other sites
[quote]
Would that prevent error's when preg_replace tries to process strings that contain characters such as < > / ( ) ; and stuff like that?
[/quote]
It should.

Post the changes you've made, when you're finished.

Share this post


Link to post
Share on other sites
[!--quoteo(post=358733:date=Mar 26 2006, 08:53 PM:name=shoz)--][div class=\'quotetop\']QUOTE(shoz @ Mar 26 2006, 08:53 PM) [snapback]358733[/snapback][/div][div class=\'quotemain\'][!--quotec--]
It should.

Post the changes you've made, when you're finished.
[/quote]

Well, preg_quote gives me "\Test\<\/b\>" when I insert "<b>Test</b>" into the database..

WITHOUT preg_quote the word Test shows up bold (NOT what I want, I do NOT want the code to be executed, huge security risk)

Ive come to the conslusion it's impossible to get the best of both worlds. I can either get code blocks with no highlighting or not. Since the only way I can process code through preg_replace is by running all this on it before I send it off to the database:

[code]
    $body = htmlentities($_POST[message_body]);
    $body = str_replace("(", "(", $body);
    $body = str_replace(")", ")", $body);
    $body = str_replace("'", "'", $body);
    $body = str_replace("$", "$", $body);
    $body = str_replace("_", "_", $body);
    $body = str_replace("Y", "Υ", $body);
    $body = str_replace(")", ")", $body);
[/code]

:( All those characters you see above were causing preg_replace to crash when it tried processing. Dont ask me, it just sucks I guess :|

Edit - nice, cant even post my real code :| all the replacment values for thsoe str_replaces are their respective html codes like &.#933; for Y (Without the period).

Share this post


Link to post
Share on other sites
When looking through your question the first time I skimmed over it. Try removing the "e" from @esi in
[code]
        //Pattern for Preg_Replace
        $match = array('@\[bbcode\](.*?)\[\/bbcode\]@esi');
        
        //Pattern for Preg_Match_All
        $match_String = '@\[bbcode\](.*?)\[\/bbcode\]@esi';
[/code]
Remember to remove/comment the code you've been using to change <> etc into &#etc

Share this post


Link to post
Share on other sites
[!--quoteo(post=358761:date=Mar 26 2006, 10:53 PM:name=shoz)--][div class=\'quotetop\']QUOTE(shoz @ Mar 26 2006, 10:53 PM) [snapback]358761[/snapback][/div][div class=\'quotemain\'][!--quotec--]
When looking through your question the first time I skimmed over it. Try removing the "e" from @esi in
[code]
        //Pattern for Preg_Replace
        $match = array('@\[bbcode\](.*?)\[\/bbcode\]@esi');
        
        //Pattern for Preg_Match_All
        $match_String = '@\[bbcode\](.*?)\[\/bbcode\]@esi';
[/code]
Remember to remove/comment the code you've been using to change <> etc into &#etc
[/quote]

Removed the E and the only thing that changes is I am now getting a ' above and below my code block. Text is still showing up bold (IE - It's running - big nono)

[code]
    if (strstr($text, "[bbcode]")){
        $str = str_replace("]\n", "]", $text);
        //Pattern for Preg_Replace
        $match = array('@\[bbcode\](.*?)\[\/bbcode\]@si');
        
        //Pattern for Preg_Match_All
        $match_String = '@\[bbcode\](.*?)\[\/bbcode\]@si';
        
        //preg_match($match_String, $text, $matches, PREG_OFFSET_CAPTURE);
        preg_match_all($match_String, $str, $matches, PREG_SET_ORDER);
        
        //Iterate through the array $matches
        foreach($matches as $key){
               $Value = $key[1];
            
            //So code indenting works.
            $Value = str_replace(" ", "&nbsp;", $Value);
            $Value = str_replace("    ", "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;", $Value);
            
            $Value = preg_quote($Value, '/');
            
            //Replace array.
            $replace = array("'<table width=\"95%\" align=\"center\" border=\"0\"><tr><td class=\"BoardColumn\"><a class=\"SmallText_Code_Block\"><b>Code Block</b></a></td></tr><tr><td class=\"MainMenuRow\"><a class=\"SmallText\">$Value</a></td></tr></table>'");
                
            //Show the block in all it's glory
            $text = preg_replace($match, $replace, $text, 1);
        }
    }    
    return $text;
[/code]

[img src=\"http://www.warrency.com/codeblock.JPG\" border=\"0\" alt=\"IPB Image\" /]

^^ What it looks like with preg_quote on..

Share this post


Link to post
Share on other sites
Remove the preg_quote line. I offered it as a solution originally when I assumed to some degree what the error was because of how similar the problem is to one that preg_quote would solve.

Also change
[code]
class=\"SmallText\">$Value</a></td></tr></table>'"

//to

class=\"SmallText\">".htmlentities($Value)."</a></td></tr></table>'"
[/code]

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.