diff options
author | Mario <mario@mariovavti.com> | 2021-04-06 12:12:51 +0000 |
---|---|---|
committer | Mario <mario@mariovavti.com> | 2021-04-06 12:12:51 +0000 |
commit | b8abf806ca96dbcb132c4b727c9800ce23a7b962 (patch) | |
tree | 781812b1a0e80eb72cd0d8bc105225422a0bca0e | |
parent | 91f3c722d640bd3bd8c43dba1ab39be16dca8e20 (diff) | |
download | volse-hubzilla-b8abf806ca96dbcb132c4b727c9800ce23a7b962.tar.gz volse-hubzilla-b8abf806ca96dbcb132c4b727c9800ce23a7b962.tar.bz2 volse-hubzilla-b8abf806ca96dbcb132c4b727c9800ce23a7b962.zip |
bbcode: escape img and zmg tags so that it will not be messed with before required (e.g. URL in image description) - issue #1554
-rw-r--r-- | include/bbcode.php | 21 | ||||
-rw-r--r-- | include/text.php | 4 |
2 files changed, 25 insertions, 0 deletions
diff --git a/include/bbcode.php b/include/bbcode.php index 388a828c4..228af7faa 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -1113,6 +1113,13 @@ function bbcode($Text, $options = []) { $Text = preg_replace_callback("/\[summary\](.*?)\[\/summary\]/ism", 'bb_spacefy',$Text); } + if (strpos($Text,'[/img]') !== false) { + $Text = preg_replace_callback('/\[img(.*?)\[\/(img)\]/ism','\red_escape_codeblock',$Text); + } + if (strpos($Text,'[/zmg]') !== false) { + $Text = preg_replace_callback('/\[zmg(.*?)\[\/(zmg)\]/ism','\red_escape_codeblock',$Text); + } + $Text = bb_format_attachdata($Text); // If we find any event code, turn it into an event. @@ -1236,6 +1243,8 @@ function bbcode($Text, $options = []) { if($tryoembed) { $Text = preg_replace_callback("/([^\]\='".'"'."\;\/]|^|\#\^)(https?\:\/\/$urlchars+)/ismu", 'tryoembed', $Text); } + // Is this still desired? + // We already turn naked URLs into links during creation time cleanup_bbcode() $Text = preg_replace("/([^\]\='".'"'."\;\/]|^|\#\^)(https?\:\/\/$urlchars+)/ismu", '$1<a href="$2" ' . $target . ' rel="nofollow noopener">$2</a>', $Text); } @@ -1498,9 +1507,21 @@ function bbcode($Text, $options = []) { "<span class=".'"bb-quote"'.">" . $t_wrote . "</span><blockquote>$2</blockquote>", $Text); + // Images + + if (strpos($Text,'[/img]') !== false) { + $Text = preg_replace_callback('/\[\$b64img(.*?)\[\/(img)\]/ism','\red_unescape_codeblock',$Text); + } + + if (strpos($Text,'[/zmg]') !== false) { + $Text = preg_replace_callback('/\[\$b64zmg(.*?)\[\/(zmg)\]/ism','\red_unescape_codeblock',$Text); + } + + // [img]pathtoimage[/img] if (strpos($Text,'[/img]') !== false) { + $Text = preg_replace("/\[img\](.*?)\[\/img\]/ism", '<img style="max-width: 100%;" src="$1" alt="' . t('Image/photo') . '" loading="eager" />', $Text); } // [img=pathtoimage]image description[/img] diff --git a/include/text.php b/include/text.php index c6980c5f8..1eaa890e0 100644 --- a/include/text.php +++ b/include/text.php @@ -3586,6 +3586,8 @@ function cleanup_bbcode($body) { $body = preg_replace_callback('/\[url(.*?)\[\/(url)\]/ism','\red_escape_codeblock',$body); $body = preg_replace_callback('/\[zrl(.*?)\[\/(zrl)\]/ism','\red_escape_codeblock',$body); $body = preg_replace_callback('/\[svg(.*?)\[\/(svg)\]/ism','\red_escape_codeblock',$body); + $body = preg_replace_callback('/\[img(.*?)\[\/(img)\]/ism','\red_escape_codeblock',$body); + $body = preg_replace_callback('/\[zmg(.*?)\[\/(zmg)\]/ism','\red_escape_codeblock',$body); $body = preg_replace_callback("/([^\]\='".'"'."\;\/\{]|^|\#\^)(https?\:\/\/[a-zA-Z0-9\pL\:\/\-\?\&\;\.\=\@\_\~\#\%\$\!\\ +\,\(\)]+)/ismu", '\nakedoembed', $body); @@ -3598,6 +3600,8 @@ function cleanup_bbcode($body) { $body = preg_replace_callback('/\[\$b64url(.*?)\[\/(url)\]/ism','\red_unescape_codeblock',$body); $body = preg_replace_callback('/\[\$b64code(.*?)\[\/(code)\]/ism','\red_unescape_codeblock',$body); $body = preg_replace_callback('/\[\$b64svg(.*?)\[\/(svg)\]/ism','\red_unescape_codeblock',$body); + $body = preg_replace_callback('/\[\$b64img(.*?)\[\/(img)\]/ism','\red_unescape_codeblock',$body); + $body = preg_replace_callback('/\[\$b64zmg(.*?)\[\/(zmg)\]/ism','\red_unescape_codeblock',$body); // fix any img tags that should be zmg |