From b8abf806ca96dbcb132c4b727c9800ce23a7b962 Mon Sep 17 00:00:00 2001
From: Mario <mario@mariovavti.com>
Date: Tue, 6 Apr 2021 12:12:51 +0000
Subject: bbcode: escape img and zmg tags so that it will not be messed with
 before required (e.g. URL in image description) - issue #1554

---
 include/bbcode.php | 21 +++++++++++++++++++++
 include/text.php   |  4 ++++
 2 files changed, 25 insertions(+)

(limited to 'include')

diff --git a/include/bbcode.php b/include/bbcode.php
index 388a828c4..228af7faa 100644
--- a/include/bbcode.php
+++ b/include/bbcode.php
@@ -1113,6 +1113,13 @@ function bbcode($Text, $options = []) {
 		$Text = preg_replace_callback("/\[summary\](.*?)\[\/summary\]/ism", 'bb_spacefy',$Text);
 	}
 
+	if (strpos($Text,'[/img]') !== false) {
+		$Text = preg_replace_callback('/\[img(.*?)\[\/(img)\]/ism','\red_escape_codeblock',$Text);
+	}
+	if (strpos($Text,'[/zmg]') !== false) {
+		$Text = preg_replace_callback('/\[zmg(.*?)\[\/(zmg)\]/ism','\red_escape_codeblock',$Text);
+	}
+
 	$Text = bb_format_attachdata($Text);
 
 	// If we find any event code, turn it into an event.
@@ -1236,6 +1243,8 @@ function bbcode($Text, $options = []) {
 		if($tryoembed) {
 			$Text = preg_replace_callback("/([^\]\='".'"'."\;\/]|^|\#\^)(https?\:\/\/$urlchars+)/ismu", 'tryoembed', $Text);
 		}
+		// Is this still desired?
+		// We already turn naked URLs into links during creation time cleanup_bbcode()
 		$Text = preg_replace("/([^\]\='".'"'."\;\/]|^|\#\^)(https?\:\/\/$urlchars+)/ismu", '$1<a href="$2" ' . $target . ' rel="nofollow noopener">$2</a>', $Text);
 	}
 
@@ -1498,9 +1507,21 @@ function bbcode($Text, $options = []) {
 			"<span class=".'"bb-quote"'.">" . $t_wrote . "</span><blockquote>$2</blockquote>",
 			$Text);
 
+
 	// Images
+
+	if (strpos($Text,'[/img]') !== false) {
+		$Text = preg_replace_callback('/\[\$b64img(.*?)\[\/(img)\]/ism','\red_unescape_codeblock',$Text);
+	}
+
+	if (strpos($Text,'[/zmg]') !== false) {
+		$Text = preg_replace_callback('/\[\$b64zmg(.*?)\[\/(zmg)\]/ism','\red_unescape_codeblock',$Text);
+	}
+
+
 	// [img]pathtoimage[/img]
 	if (strpos($Text,'[/img]') !== false) {
+
 		$Text = preg_replace("/\[img\](.*?)\[\/img\]/ism", '<img style="max-width: 100%;" src="$1" alt="' . t('Image/photo') . '" loading="eager" />', $Text);
 	}
 	// [img=pathtoimage]image description[/img]
diff --git a/include/text.php b/include/text.php
index c6980c5f8..1eaa890e0 100644
--- a/include/text.php
+++ b/include/text.php
@@ -3586,6 +3586,8 @@ function cleanup_bbcode($body) {
 	$body = preg_replace_callback('/\[url(.*?)\[\/(url)\]/ism','\red_escape_codeblock',$body);
 	$body = preg_replace_callback('/\[zrl(.*?)\[\/(zrl)\]/ism','\red_escape_codeblock',$body);
 	$body = preg_replace_callback('/\[svg(.*?)\[\/(svg)\]/ism','\red_escape_codeblock',$body);
+	$body = preg_replace_callback('/\[img(.*?)\[\/(img)\]/ism','\red_escape_codeblock',$body);
+	$body = preg_replace_callback('/\[zmg(.*?)\[\/(zmg)\]/ism','\red_escape_codeblock',$body);
 
 	$body = preg_replace_callback("/([^\]\='".'"'."\;\/\{]|^|\#\^)(https?\:\/\/[a-zA-Z0-9\pL\:\/\-\?\&\;\.\=\@\_\~\#\%\$\!\\
 +\,\(\)]+)/ismu", '\nakedoembed', $body);
@@ -3598,6 +3600,8 @@ function cleanup_bbcode($body) {
 	$body = preg_replace_callback('/\[\$b64url(.*?)\[\/(url)\]/ism','\red_unescape_codeblock',$body);
 	$body = preg_replace_callback('/\[\$b64code(.*?)\[\/(code)\]/ism','\red_unescape_codeblock',$body);
 	$body = preg_replace_callback('/\[\$b64svg(.*?)\[\/(svg)\]/ism','\red_unescape_codeblock',$body);
+	$body = preg_replace_callback('/\[\$b64img(.*?)\[\/(img)\]/ism','\red_unescape_codeblock',$body);
+	$body = preg_replace_callback('/\[\$b64zmg(.*?)\[\/(zmg)\]/ism','\red_unescape_codeblock',$body);
 
 	// fix any img tags that should be zmg
 
-- 
cgit v1.2.3