diff options
Diffstat (limited to 'include')
| -rw-r--r-- | include/bbcode.php | 7 | ||||
| -rw-r--r-- | include/html2bbcode.php | 2 |
2 files changed, 8 insertions, 1 deletions
diff --git a/include/bbcode.php b/include/bbcode.php index 351510f6d..7e901bd41 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -1,10 +1,13 @@ <?php + // BBcode 2 HTML was written by WAY2WEB.net - // Made to work with Mistpark/Friendika - Mike Macgirvin + // extended to work with Mistpark/Friendika - Mike Macgirvin function bbcode($Text) { + // Replace any html brackets with HTML Entities to prevent executing HTML or script // Don't use strip_tags here because it breaks [url] search by replacing & with amp + $Text = str_replace("<", "<", $Text); $Text = str_replace(">", ">", $Text); @@ -82,5 +85,7 @@ function bbcode($Text) { $Text = preg_replace("/\[youtube\]http:\/\/www.youtube.com\/watch\?v\=(.+?)\[\/youtube\]/",'[youtube]$1[/youtube]',$Text); $Text = preg_replace("/\[youtube\](.+?)\[\/youtube\]/", '<object width="425" height="350" type="application/x-shockwave-flash" data="http://www.youtube.com/v/$1" ><param name="movie" value="http://www.youtube.com/v/$1"></param><!--[if IE]><embed src="http://www.youtube.com/v/$1" type="application/x-shockwave-flash" width="425" height="350" /><![endif]--></object>', $Text); + call_hooks('bbcode',$Text); + return $Text; } diff --git a/include/html2bbcode.php b/include/html2bbcode.php index a2e53a81b..1f3d63a0d 100644 --- a/include/html2bbcode.php +++ b/include/html2bbcode.php @@ -44,6 +44,8 @@ $bbtags = array( // Replace $htmltags in $text with $bbtags $text = preg_replace ($htmltags, $bbtags, $s); +call_hooks('html2bbcode', $text); + // Strip all other HTML tags $text = strip_tags($text); return $text; |