aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorMario <mario@mariovavti.com>2021-04-06 12:12:51 +0000
committerMario <mario@mariovavti.com>2021-04-06 12:12:51 +0000
commitb8abf806ca96dbcb132c4b727c9800ce23a7b962 (patch)
tree781812b1a0e80eb72cd0d8bc105225422a0bca0e /include
parent91f3c722d640bd3bd8c43dba1ab39be16dca8e20 (diff)
downloadvolse-hubzilla-b8abf806ca96dbcb132c4b727c9800ce23a7b962.tar.gz
volse-hubzilla-b8abf806ca96dbcb132c4b727c9800ce23a7b962.tar.bz2
volse-hubzilla-b8abf806ca96dbcb132c4b727c9800ce23a7b962.zip
bbcode: escape img and zmg tags so that it will not be messed with before required (e.g. URL in image description) - issue #1554
Diffstat (limited to 'include')
-rw-r--r--include/bbcode.php21
-rw-r--r--include/text.php4
2 files changed, 25 insertions, 0 deletions
diff --git a/include/bbcode.php b/include/bbcode.php
index 388a828c4..228af7faa 100644
--- a/include/bbcode.php
+++ b/include/bbcode.php
@@ -1113,6 +1113,13 @@ function bbcode($Text, $options = []) {
$Text = preg_replace_callback("/\[summary\](.*?)\[\/summary\]/ism", 'bb_spacefy',$Text);
}
+ if (strpos($Text,'[/img]') !== false) {
+ $Text = preg_replace_callback('/\[img(.*?)\[\/(img)\]/ism','\red_escape_codeblock',$Text);
+ }
+ if (strpos($Text,'[/zmg]') !== false) {
+ $Text = preg_replace_callback('/\[zmg(.*?)\[\/(zmg)\]/ism','\red_escape_codeblock',$Text);
+ }
+
$Text = bb_format_attachdata($Text);
// If we find any event code, turn it into an event.
@@ -1236,6 +1243,8 @@ function bbcode($Text, $options = []) {
if($tryoembed) {
$Text = preg_replace_callback("/([^\]\='".'"'."\;\/]|^|\#\^)(https?\:\/\/$urlchars+)/ismu", 'tryoembed', $Text);
}
+ // Is this still desired?
+ // We already turn naked URLs into links during creation time cleanup_bbcode()
$Text = preg_replace("/([^\]\='".'"'."\;\/]|^|\#\^)(https?\:\/\/$urlchars+)/ismu", '$1<a href="$2" ' . $target . ' rel="nofollow noopener">$2</a>', $Text);
}
@@ -1498,9 +1507,21 @@ function bbcode($Text, $options = []) {
"<span class=".'"bb-quote"'.">" . $t_wrote . "</span><blockquote>$2</blockquote>",
$Text);
+
// Images
+
+ if (strpos($Text,'[/img]') !== false) {
+ $Text = preg_replace_callback('/\[\$b64img(.*?)\[\/(img)\]/ism','\red_unescape_codeblock',$Text);
+ }
+
+ if (strpos($Text,'[/zmg]') !== false) {
+ $Text = preg_replace_callback('/\[\$b64zmg(.*?)\[\/(zmg)\]/ism','\red_unescape_codeblock',$Text);
+ }
+
+
// [img]pathtoimage[/img]
if (strpos($Text,'[/img]') !== false) {
+
$Text = preg_replace("/\[img\](.*?)\[\/img\]/ism", '<img style="max-width: 100%;" src="$1" alt="' . t('Image/photo') . '" loading="eager" />', $Text);
}
// [img=pathtoimage]image description[/img]
diff --git a/include/text.php b/include/text.php
index c6980c5f8..1eaa890e0 100644
--- a/include/text.php
+++ b/include/text.php
@@ -3586,6 +3586,8 @@ function cleanup_bbcode($body) {
$body = preg_replace_callback('/\[url(.*?)\[\/(url)\]/ism','\red_escape_codeblock',$body);
$body = preg_replace_callback('/\[zrl(.*?)\[\/(zrl)\]/ism','\red_escape_codeblock',$body);
$body = preg_replace_callback('/\[svg(.*?)\[\/(svg)\]/ism','\red_escape_codeblock',$body);
+ $body = preg_replace_callback('/\[img(.*?)\[\/(img)\]/ism','\red_escape_codeblock',$body);
+ $body = preg_replace_callback('/\[zmg(.*?)\[\/(zmg)\]/ism','\red_escape_codeblock',$body);
$body = preg_replace_callback("/([^\]\='".'"'."\;\/\{]|^|\#\^)(https?\:\/\/[a-zA-Z0-9\pL\:\/\-\?\&\;\.\=\@\_\~\#\%\$\!\\
+\,\(\)]+)/ismu", '\nakedoembed', $body);
@@ -3598,6 +3600,8 @@ function cleanup_bbcode($body) {
$body = preg_replace_callback('/\[\$b64url(.*?)\[\/(url)\]/ism','\red_unescape_codeblock',$body);
$body = preg_replace_callback('/\[\$b64code(.*?)\[\/(code)\]/ism','\red_unescape_codeblock',$body);
$body = preg_replace_callback('/\[\$b64svg(.*?)\[\/(svg)\]/ism','\red_unescape_codeblock',$body);
+ $body = preg_replace_callback('/\[\$b64img(.*?)\[\/(img)\]/ism','\red_unescape_codeblock',$body);
+ $body = preg_replace_callback('/\[\$b64zmg(.*?)\[\/(zmg)\]/ism','\red_unescape_codeblock',$body);
// fix any img tags that should be zmg