bbcode: deal with codeblocks before we escape other tags

1 files changed, 22 insertions, 25 deletions

diff --git a/include/bbcode.php b/include/bbcode.php
index 42790aaca..6a1a5a01e 100644
--- a/include/bbcode.php
+++ b/include/bbcode.php
@@ -1120,26 +1120,7 @@ function bbcode($Text, $options = []) {
 		}
 	}
 
-	// Hide all [noparse] contained bbtags by spacefying them
-	if (strpos($Text,'[noparse]') !== false) {
-		$Text = preg_replace_callback("/\[noparse\](.*?)\[\/noparse\]/ism", 'bb_spacefy',$Text);
-	}
-	if (strpos($Text,'[nobb]') !== false) {
-		$Text = preg_replace_callback("/\[nobb\](.*?)\[\/nobb\]/ism", 'bb_spacefy',$Text);
-	}
-	if (strpos($Text,'[pre]') !== false) {
-		$Text = preg_replace_callback("/\[pre\](.*?)\[\/pre\]/ism", 'bb_spacefy',$Text);
-	}
-	if (strpos($Text,'[summary]') !== false) {
-		$Text = preg_replace_callback("/\[summary\](.*?)\[\/summary\]/ism", 'bb_spacefy',$Text);
-	}
 
-	if (strpos($Text,'[/img]') !== false) {
-		$Text = preg_replace_callback('/\[img(.*?)\[\/(img)\]/ism','\red_escape_codeblock',$Text);
-	}
-	if (strpos($Text,'[/zmg]') !== false) {
-		$Text = preg_replace_callback('/\[zmg(.*?)\[\/(zmg)\]/ism','\red_escape_codeblock',$Text);
-	}
 
 	$Text = bb_format_attachdata($Text);
 
@@ -1199,13 +1180,13 @@ function bbcode($Text, $options = []) {
 
 	$Text = str_replace(array('[baseurl]','[sitename]'),array(z_root(),get_config('system','sitename')),$Text);
 
-
 	// Replace any html brackets with HTML Entities to prevent executing HTML or script
 	// Don't use strip_tags here because it breaks [url] search by replacing & with amp
 
 	$Text = str_replace("<", "&lt;", $Text);
 	$Text = str_replace(">", "&gt;", $Text);
-
+	$Text = preg_replace_callback("/\[table\](.*?)\[\/table\]/ism",'bb_fixtable_lf',$Text);
+	$Text = str_replace(array("\t", "  "), array("&nbsp;&nbsp;&nbsp;&nbsp;", "&nbsp;&nbsp;"), $Text);
 
 	// Check for [code] text here, before the linefeeds are messed with.
 	// The highlighter will unescape and re-escape the content.
@@ -1214,10 +1195,6 @@ function bbcode($Text, $options = []) {
 		$Text = preg_replace_callback("/\[code=(.*?)\](.*?)\[\/code\]/ism", 'bb_highlight', $Text);
 	}
 
-	$Text = preg_replace_callback("/\[table\](.*?)\[\/table\]/ism",'bb_fixtable_lf',$Text);
-
-	$Text = str_replace(array("\t", "  "), array("&nbsp;&nbsp;&nbsp;&nbsp;", "&nbsp;&nbsp;"), $Text);
-
 	// Check for [code] text
 	if (strpos($Text,'[code]') !== false) {
 		$Text = preg_replace_callback("/\[code\](.*?)\[\/code\]/ism", 'bb_code', $Text);
@@ -1228,6 +1205,26 @@ function bbcode($Text, $options = []) {
 		$Text = preg_replace_callback("/\[code(.*?)\](.*?)\[\/code\]/ism", 'bb_code_options', $Text);
 	}
 
+	// Hide all [noparse] contained bbtags by spacefying them
+	if (strpos($Text,'[noparse]') !== false) {
+		$Text = preg_replace_callback("/\[noparse\](.*?)\[\/noparse\]/ism", 'bb_spacefy',$Text);
+	}
+	if (strpos($Text,'[nobb]') !== false) {
+		$Text = preg_replace_callback("/\[nobb\](.*?)\[\/nobb\]/ism", 'bb_spacefy',$Text);
+	}
+	if (strpos($Text,'[pre]') !== false) {
+		$Text = preg_replace_callback("/\[pre\](.*?)\[\/pre\]/ism", 'bb_spacefy',$Text);
+	}
+	if (strpos($Text,'[summary]') !== false) {
+		$Text = preg_replace_callback("/\[summary\](.*?)\[\/summary\]/ism", 'bb_spacefy',$Text);
+	}
+	if (strpos($Text,'[/img]') !== false) {
+		$Text = preg_replace_callback('/\[img(.*?)\[\/(img)\]/ism','\red_escape_codeblock',$Text);
+	}
+	if (strpos($Text,'[/zmg]') !== false) {
+		$Text = preg_replace_callback('/\[zmg(.*?)\[\/(zmg)\]/ism','\red_escape_codeblock',$Text);
+	}
+
 	// Set up the parameters for a URL search string
 	$URLSearchString = "^\[\]";
 	// Set up the parameters for a MAIL search string