diff options
Diffstat (limited to 'include/bbcode.php')
| -rw-r--r-- | include/bbcode.php | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/include/bbcode.php b/include/bbcode.php index 351510f6d..7e901bd41 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -1,10 +1,13 @@ <?php + // BBcode 2 HTML was written by WAY2WEB.net - // Made to work with Mistpark/Friendika - Mike Macgirvin + // extended to work with Mistpark/Friendika - Mike Macgirvin function bbcode($Text) { + // Replace any html brackets with HTML Entities to prevent executing HTML or script // Don't use strip_tags here because it breaks [url] search by replacing & with amp + $Text = str_replace("<", "<", $Text); $Text = str_replace(">", ">", $Text); @@ -82,5 +85,7 @@ function bbcode($Text) { $Text = preg_replace("/\[youtube\]http:\/\/www.youtube.com\/watch\?v\=(.+?)\[\/youtube\]/",'[youtube]$1[/youtube]',$Text); $Text = preg_replace("/\[youtube\](.+?)\[\/youtube\]/", '<object width="425" height="350" type="application/x-shockwave-flash" data="http://www.youtube.com/v/$1" ><param name="movie" value="http://www.youtube.com/v/$1"></param><!--[if IE]><embed src="http://www.youtube.com/v/$1" type="application/x-shockwave-flash" width="425" height="350" /><![endif]--></object>', $Text); + call_hooks('bbcode',$Text); + return $Text; } |