From 1b302101209b44bfa82ca17ac9f6cf0d0cce553d Mon Sep 17 00:00:00 2001 From: ken restivo Date: Thu, 29 Oct 2015 20:50:52 -0700 Subject: Save bandwidth on mobile networks. --- include/bbcode.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include/bbcode.php') diff --git a/include/bbcode.php b/include/bbcode.php index 1092c08a3..517f22bee 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -28,7 +28,7 @@ function tryzrlaudio($match) { if($zrl) $link = zid($link); - return ''; + return ''; } function tryzrlvideo($match) { @@ -37,7 +37,7 @@ function tryzrlvideo($match) { if($zrl) $link = zid($link); - return ''; + return ''; } // [noparse][i]italic[/i][/noparse] turns into -- cgit v1.2.3 From 001e4276d31149e07cef31e468dcc1e227e0eda9 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Thu, 5 Nov 2015 16:08:18 -0800 Subject: first cut at some much better hook documentation derived from bamfic's automated list (doc/hooks.html) --- include/bbcode.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'include/bbcode.php') diff --git a/include/bbcode.php b/include/bbcode.php index 517f22bee..05802aa57 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -599,6 +599,7 @@ function bbcode($Text, $preserve_nl = false, $tryoembed = true, $cache = false) $Text = preg_replace("/\[mail\=([$MAILSearchString]*)\](.*?)\[\/mail\]/", '$2', $Text); } + // leave open the posibility of [map=something] // this is replaced in prepare_body() which has knowledge of the item location @@ -983,7 +984,12 @@ function bbcode($Text, $preserve_nl = false, $tryoembed = true, $cache = false) $Text = preg_replace('/\[\&\;([#a-z0-9]+)\;\]/', '&$1;', $Text); // fix any escaped ampersands that may have been converted into links - $Text = preg_replace("/\<(.*?)(src|href)=(.*?)\&\;(.*?)\>/ism", '<$1$2=$3&$4>', $Text); + + if(strpos($Text,'&') !== false) + $Text = preg_replace("/\<(.*?)(src|href)=(.*?)\&\;(.*?)\>/ism", '<$1$2=$3&$4>', $Text); + + // This is subtle - it's an XSS filter. It only accepts links with a protocol scheme and where + // the scheme begins with z (zhttp), h (http(s)), f (ftp), m (mailto), and named anchors. $Text = preg_replace("/\<(.*?)(src|href)=\"[^zhfm#](.*?)\>/ism", '<$1$2="">', $Text); -- cgit v1.2.3