Changeset 891

Timestamp:

Jan 13, 2023, 12:40:34 AM (16 months ago)

Author:

chronos

Message:

• Fixed: HTML BBCode parser not supported for newer PHP 8.1. Replaced by simpler solution.

Location:

trunk

Files:

• Application/Version.php (modified) (1 diff)
• HTML (deleted)
• Modules/Export/Export.php (modified) (1 diff)
• Modules/Forum/Forum.php (modified) (10 diffs)
• Modules/Log/Log.php (modified) (2 diffs)
• Modules/News/News.php (modified) (2 diffs)
• Modules/Referrer/Referrer.php (modified) (1 diff)
• Modules/ShoutBox/ShoutBox.php (modified) (2 diffs)
• Modules/User/Profile.php (modified) (2 diffs)
• includes/Global.php (modified) (3 diffs)

trunk/Application/Version.php

@@ -7 +7 @@
 
 $Version = '1.0';
-$Revision = 887; // Subversion revision
+$Revision = 891; // Subversion revision
 $DatabaseRevision = 887; // Database structure revision
-$ReleaseDate = strtotime('2022-12-27');
+$ReleaseDate = strtotime('2023-01-13');

trunk/Modules/Export/Export.php

@@ -664 +664 @@
 
 '<p>Texty přebírány z projektu <a href="https://wowpreklad.zdechov.net/">wowpreklad.zdechov.net</a><br>'.
-'<a href="http://wowpreklad.zdechov.nets/export/?Action=View&ExportId='.$this->Id.'&Tab=0">Export '.$this->Id.'</a></p><br>'.
+'<a href="https://wowpreklad.zdechov.nets/export/?Action=View&ExportId='.$this->Id.'&Tab=0">Export '.$this->Id.'</a></p><br>'.
 
 

trunk/Modules/Forum/Forum.php

@@ -40 +40 @@
   function ShowBox()
   {
-    $Parser = new HTML_BBCodeParser2(array('filters' => array('Basic', 'Extended',
-      'Images', 'Links', 'Lists', 'Email')));
     $Count = 20;
     $Output = '<strong><a href="'.$this->System->Link('/forum/').'">'.T('Last forum posts').':</a></strong>';
@@ -58 +56 @@
         '<td><a href="'.$this->System->Link('/forum/?Thread='.$DbRow['Thread']).'">'.HumanDate($DbRow['Date']).'</a></td>'.
         '<td><a href="'.$this->System->Link('/user/?user='.$DbRow['UserId']).'">'.$DbRow['UserName'].'</a></td>'.
-        '<td>'.$Parser->qparse(htmlspecialchars($DbRow['Text'])).'</td>'.
+        '<td>'.ShowBBcodes(htmlspecialchars($DbRow['Text'])).'</td>'.
         '</tr>';
     }
@@ -74 +72 @@
     if (array_key_exists('a', $_POST)) $Action = $_POST['a'];
       else if (array_key_exists('a', $_GET)) $Action = $_GET['a'];
-       else $Action = '';
+      else $Action = '';
     if (array_key_exists('Edit', $_GET)) {
       if (array_key_exists('text', $_POST))
         $Output .= $this->Edit();
       $Output .= $this->ShowEditForm();
-
     } else
     if (array_key_exists('search', $_GET))
@@ -101 +98 @@
   {
     $Output = '';
-    $Text = $_POST['text'];
-    $DbResult = $this->System->Database->query('UPDATE `ForumText` SET `Text`="'.$_POST['text'].'" WHERE `User` = '.$this->System->User->Id.' AND `ID` = '.$_GET['Edit']);
+    $this->System->Database->query('UPDATE `ForumText` SET `Text`="'.$_POST['text'].'" WHERE `User` = '.$this->System->User->Id.' AND `ID` = '.$_GET['Edit']);
     $Output .= ShowMessage(T('Text edited.'));
     return $Output;
@@ -132 +128 @@
   function ShowSearchForum()
   {
-    $parser = new HTML_BBCodeParser2(array('filters' => array('Basic','Extended','Images','Links','Lists','Email')));
-    $Count = 20;
     $Output = '';
 
@@ -153 +147 @@
       $Output .= '<div><a href="'.$this->System->Link('/forum/?Thread='.$Line['Thread']).'">'.
       htmlspecialchars($Line['ThreadName']).'</a><br /><strong>'.$Line['UserName'].
-      '</strong> ('.HumanDate($Line['Date']).'): '.$parser->qparse(htmlspecialchars($Line['Text'])).'</div> ';
+      '</strong> ('.HumanDate($Line['Date']).'): '.ShowBBcodes(htmlspecialchars($Line['Text'])).'</div> ';
     $Output .= '</div>'.$PageList['Output'];
     return $Output;
@@ -181 +175 @@
     $Output = '';
 
-    $Parser = new HTML_BBCodeParser2(array('filters' => array('Basic', 'Extended', 'Images', 'Links', 'Lists', 'Email')));
-
     if (array_key_exists('search', $_GET)) $_SESSION['search'] = $_GET['search'];
     else if (!array_key_exists('search', $_SESSION)) $_SESSION['search'] = '';
@@ -212 +204 @@
         $edit = '<a href="?Edit='.$Line['ID'].'">'.T('edit').'</a>';
       } else $edit = '';
-      $Text = str_replace("\n", '<br />', $Parser->qparse(htmlspecialchars($Line['Text'])));
+      $Text = str_replace("\n", '<br />', ShowBBcodes(htmlspecialchars($Line['Text'])));
       $Output .= '<div><span style="float:right;">'.$edit.' ('.HumanDate($Line['Date']).
         ')</span><strong>'.$Line['UserName'].'</strong>: '.$Text.'  </div> ';
@@ -306 +298 @@
   function ShowRSS()
   {
-    $parser = new HTML_BBCodeParser2(array('filters' => array('Basic','Extended','Images','Links','Lists','Email')));
-
     $Items = array();
     $TitleLength = 50;
@@ -322 +312 @@
         'Title' => htmlspecialchars($DbRow['ThreadText']).' - '.$DbRow['UserName'].': ',
         'Link' => 'http://'.$this->System->Config['Web']['Host'].$this->System->Link('/forum/?Thread='.$DbRow['Thread']),
-        'Description' => $parser->qparse(htmlspecialchars($DbRow['Text'])),
+        'Description' => ShowBBcodes(htmlspecialchars($DbRow['Text'])),
         'Time' => $DbRow['UnixDate'],
       );

trunk/Modules/Log/Log.php

@@ -91 +91 @@
       (
         'Title' => $LogType['Name'].' ('.$Line['UserName'].', '.$Line['IP'].')',
-        'Link' => 'http://'.$this->System->Config['Web']['Host'].$this->System->Link('/log/'),
+        'Link' => 'https://'.$this->System->Config['Web']['Host'].$this->System->Link('/log/'),
         'Description' => $LogType['Name'].': '.$Line['Text'].' ('.$Line['UserName'].
           ', '.$Line['IP'].', '.HumanDate($Line['Date']).')',
@@ -101 +101 @@
     (
       'Title' => $this->System->Config['Web']['Title'].' - '.T('Logs'),
-      'Link' => 'http://'.$this->System->Config['Web']['Host'].$this->System->Link('/'),
+      'Link' => 'https://'.$this->System->Config['Web']['Host'].$this->System->Link('/'),
       'Description' => $this->System->Config['Web']['Description'],
       'WebmasterEmail' => $this->System->Config['Web']['AdminEmail'],

trunk/Modules/News/News.php

@@ -165 +165 @@
      (
        'Title' => $DbRow['Title'],
-       'Link' =>  'http://'.$this->System->Config['Web']['Host'].$this->System->Link('/news/?a=item&i='.$DbRow['Id']),
+       'Link' =>  'https://'.$this->System->Config['Web']['Host'].$this->System->Link('/news/?a=item&i='.$DbRow['Id']),
        'Description' => $DbRow['Text'].' ('.$DbRow['Name'].')',
        'Time' => $DbRow['UnixTime'],
@@ -173 +173 @@
     (
       'Title' => $this->System->Config['Web']['Title'].' - '.T('System changes'),
-      'Link' => 'http://'.$this->System->Config['Web']['Host'].$this->System->Link('/news/'),
+      'Link' => 'https://'.$this->System->Config['Web']['Host'].$this->System->Link('/news/'),
       'Description' => $this->System->Config['Web']['Description'],
       'WebmasterEmail' => $this->System->Config['Web']['AdminEmail'],

trunk/Modules/Referrer/Referrer.php

@@ -77 +77 @@
   function ShowList()
   {
-    $Banner = '<a href="http://'.$this->System->Config['Web']['Host'].$this->System->Link('/').'">'.
-      '<img src="http://'.$this->System->Config['Web']['Host'].$this->System->Link('/banners/wowpreklad_big.jpg').'" '.
+    $Banner = '<a href="https://'.$this->System->Config['Web']['Host'].$this->System->Link('/').'">'.
+      '<img src="https://'.$this->System->Config['Web']['Host'].$this->System->Link('/banners/wowpreklad_big.jpg').'" '.
       'alt="wowpreklad" title="Otevřený projekt překládání celé hry World of Warcraft" '.
       'class="banner" height="60" width="468" /></a>';
 
-    $BannerSmall = '<a href="http://'.$this->System->Config['Web']['Host'].$this->System->Link('/').'">'.
-      '<img src="http://'.$this->System->Config['Web']['Host'].$this->System->Link('/banners/wowpreklad_small.jpg').'" '.
+    $BannerSmall = '<a href="https://'.$this->System->Config['Web']['Host'].$this->System->Link('/').'">'.
+      '<img src="https://'.$this->System->Config['Web']['Host'].$this->System->Link('/banners/wowpreklad_small.jpg').'" '.
       'alt="wowpreklad" title="Otevřený projekt překládání celé hry World of Warcraft" '.
       'class="banner" height="31" width="88" /></a>';

trunk/Modules/ShoutBox/ShoutBox.php

@@ -150 +150 @@
       (
           'Title' => $DbRow['UserName'].': '.$Title,
-          'Link' =>  'http://'.$this->System->Config['Web']['Host'].$this->System->Link('/shoutbox/'),
+          'Link' =>  'https://'.$this->System->Config['Web']['Host'].$this->System->Link('/shoutbox/'),
           'Description' => $DbRow['Text'],
           'Time' => $DbRow['UnixDate'],
@@ -158 +158 @@
     (
       'Title' => $this->System->Config['Web']['Title'].' - '.T('Shoutbox'),
-      'Link' => 'http://'.$this->System->Config['Web']['Host'].$this->System->Link('/shoutbox/'),
+      'Link' => 'https://'.$this->System->Config['Web']['Host'].$this->System->Link('/shoutbox/'),
       'Description' => $this->System->Config['Web']['Description'],
       'WebmasterEmail' => $this->System->Config['Web']['AdminEmail'],

trunk/Modules/User/Profile.php

@@ -120 +120 @@
   function ShowLastForum()
   {
-    $parser = new HTML_BBCodeParser2(array('filters' => array('Basic','Extended','Images','Links','Lists','Email')));
     $Count = 20;
     $Output = '<strong>'.T('Latest forum posts').':</strong>';
@@ -132 +131 @@
     while ($Line = $DbResult->fetch_assoc())
       $Output .= '<div><a href="'.$this->System->Link('/forum/?Thread='.$Line['Thread']).'">'.htmlspecialchars($Line['ThreadName']).'</a><br />'.
-        '<strong>'.$Line['UserName'].'</strong> ('.HumanDate($Line['Date']).'): '.$parser->qparse(htmlspecialchars($Line['Text'])).'</div> ';
+        '<strong>'.$Line['UserName'].'</strong> ('.HumanDate($Line['Date']).'): '.ShowBBcodes(htmlspecialchars($Line['Text'])).'</div> ';
     $Output .= '</div>';
     return $Output;

trunk/includes/Global.php

@@ -10 +10 @@
 include_once(dirname(__FILE__).'/../Application/UpdateTrace.php');
 include_once(dirname(__FILE__).'/PageEdit.php');
-require_once(dirname(__FILE__).'/../HTML/BBCodeParser2.php');
 
 // Back compatibility, will be removed
@@ -134 +133 @@
   $DbRow = $DbResult->fetch_assoc();
   $lang = $DbRow['Code'];
-  $url = 'http://translate.google.cz/?sl=en&tl='.$lang.'&text='.$text;
+  $url = 'https://translate.google.cz/?sl=en&tl='.$lang.'&text='.$text;
 
   error_reporting(E_ALL ^ E_WARNING);
@@ -786 +785 @@
     else return $_SERVER['PHP_SELF'];
 }
+
+function ShowBBcodes($text)
+{
+    // NOTE : I had to update this sample code with below line to prevent obvious attacks as pointed out by many users.
+    // Always ensure that user inputs are scanned and filtered properly.
+    $text  = htmlspecialchars($text, ENT_QUOTES, 'UTF-8');
+
+    // BBcode array
+    $find = array(
+      '~\[b\](.*?)\[/b\]~s',
+      '~\[i\](.*?)\[/i\]~s',
+      '~\[u\](.*?)\[/u\]~s',
+      '~\[quote\](.*?)\[/quote\]~s',
+      '~\[size=(.*?)\](.*?)\[/size\]~s',
+      '~\[color=(.*?)\](.*?)\[/color\]~s',
+      '~\[url\]((?:ftp|https?)://.*?)\[/url\]~s',
+      '~\[img\](https?://.*?\.(?:jpg|jpeg|gif|png|bmp))\[/img\]~s'
+    );
+
+    // HTML tags to replace BBcode
+    $replace = array(
+      '<b>$1</b>',
+      '<i>$1</i>',
+      '<span style="text-decoration:underline;">$1</span>',
+      '<pre>$1</'.'pre>',
+      '<span style="font-size:$1px;">$2</span>',
+      '<span style="color:$1;">$2</span>',
+      '<a href="$1">$1</a>',
+      '<img src="$1" alt="" />'
+    );
+
+    // Replacing the BBcodes with corresponding HTML tags
+    return preg_replace($find, $replace, $text);
+}