array('open' => $start_open, 'close' => $start_close), 'end' => array('open' => $end_open, 'close' => $end_open + strlen('[/' . $name . ']')) ); if( $start_equal !== false) $res['start']['equal'] = $start_equal + 1; return $res; } function bb_tag_preg_replace($pattern, $replace, $name, $s) { $string = $s; $occurance = 1; $pos = get_bb_tag_pos($string, $name, $occurance); while($pos !== false && $occurance < 1000) { $start = substr($string, 0, $pos['start']['open']); $subject = substr($string, $pos['start']['open'], $pos['end']['close'] - $pos['start']['open']); $end = substr($string, $pos['end']['close']); if($end === false) $end = ''; $subject = preg_replace($pattern, $replace, $subject); $string = $start . $subject . $end; $occurance++; $pos = get_bb_tag_pos($string, $name, $occurance); } return $string; } function tryoembed($match) { $url = ((count($match) == 2) ? $match[1] : $match[2]); $o = oembed_fetch_url($url); if ($o['type'] == 'error') return $match[0]; $html = oembed_format_object($o); return $html; } function nakedoembed($match) { $url = ((count($match) == 2) ? $match[1] : $match[2]); $o = oembed_fetch_url($url); if ($o['type'] == 'error') return $match[0]; return '[embed]' . $url . '[/embed]'; } function tryzrlaudio($match) { $link = $match[1]; $zrl = is_matrix_url($link); if($zrl) $link = zid($link); return ''; } function tryzrlvideo($match) { $link = $match[1]; $zrl = is_matrix_url($link); if($zrl) $link = zid($link); $static_link = get_config('system','video_default_poster','images/video_poster.jpg'); if($static_link) $poster = 'poster="' . escape_tags($static_link) . '" ' ; return ''; } // [noparse][i]italic[/i][/noparse] turns into // [noparse][ i ]italic[ /i ][/noparse], // to hide them from parser. function bb_spacefy($st) { $whole_match = $st[0]; $captured = $st[1]; $spacefied = preg_replace("/\[(.*?)\]/", "[ $1 ]", $captured); $new_str = str_replace($captured, $spacefied, $whole_match); return $new_str; } // The previously spacefied [noparse][ i ]italic[ /i ][/noparse], // now turns back and the [noparse] tags are trimmed // returning [i]italic[/i] function bb_unspacefy_and_trim($st) { //$whole_match = $st[0]; $captured = $st[1]; $unspacefied = preg_replace("/\[ (.*?)\ ]/", "[$1]", $captured); return $unspacefied; } function bb_extract_images($body) { $saved_image = array(); $orig_body = $body; $new_body = ''; $cnt = 0; $img_start = strpos($orig_body, '[img'); $img_st_close = ($img_start !== false ? strpos(substr($orig_body, $img_start), ']') : false); $img_end = ($img_start !== false ? strpos(substr($orig_body, $img_start), '[/img]') : false); while(($img_st_close !== false) && ($img_end !== false)) { $img_st_close++; // make it point to AFTER the closing bracket $img_end += $img_start; if(! strcmp(substr($orig_body, $img_start + $img_st_close, 5), 'data:')) { // This is an embedded image $saved_image[$cnt] = substr($orig_body, $img_start + $img_st_close, $img_end - ($img_start + $img_st_close)); $new_body = $new_body . substr($orig_body, 0, $img_start) . '[$#saved_image' . $cnt . '#$]'; $cnt++; } else $new_body = $new_body . substr($orig_body, 0, $img_end + strlen('[/img]')); $orig_body = substr($orig_body, $img_end + strlen('[/img]')); if($orig_body === false) // in case the body ends on a closing image tag $orig_body = ''; $img_start = strpos($orig_body, '[img'); $img_st_close = ($img_start !== false ? strpos(substr($orig_body, $img_start), ']') : false); $img_end = ($img_start !== false ? strpos(substr($orig_body, $img_start), '[/img]') : false); } $new_body = $new_body . $orig_body; return array('body' => $new_body, 'images' => $saved_image); } function bb_replace_images($body, $images) { $newbody = $body; $cnt = 0; if(! $images) return $newbody; foreach($images as $image) { // We're depending on the property of 'foreach' (specified on the PHP website) that // it loops over the array starting from the first element and going sequentially // to the last element $newbody = str_replace('[$#saved_image' . $cnt . '#$]', '' . t('Image/photo') . '', $newbody); $cnt++; } // logger('replace_images: ' . $newbody); return $newbody; } /** * @brief Parses crypt BBCode. * * @param array $match * @return string HTML code */ function bb_parse_crypt($match) { $matches = array(); $attributes = $match[1]; $algorithm = ""; preg_match("/alg='(.*?)'/ism", $attributes, $matches); if ($matches[1] != "") $algorithm = $matches[1]; preg_match("/alg=\"\;(.*?)\"\;/ism", $attributes, $matches); if ($matches[1] != "") $algorithm = $matches[1]; $hint = ""; preg_match("/hint='(.*?)'/ism", $attributes, $matches); if ($matches[1] != "") $hint = $matches[1]; preg_match("/hint=\"\;(.*?)\"\;/ism", $attributes, $matches); if ($matches[1] != "") $hint = $matches[1]; $x = random_string(); $Text = '
' . t('Encrypted content') . '

'; return $Text; } function bb_parse_app($match) { $app = Zotlabs\Lib\Apps::app_decode($match[1]); if ($app) return Zotlabs\Lib\Apps::app_render($app); } function bb_parse_element($match) { $j = json_decode(base64url_decode($match[1]),true); if ($j && local_channel()) { $text = sprintf( t('Install %1$s element %2$s'), translate_design_element($j['type']), $j['pagetitle']); $o = EOL . '' . EOL; } else { $text = sprintf( t('This post contains an installable %s element, however you lack permissions to install it on this site.' ), translate_design_element($j['type'])) . $j['pagetitle']; $o = EOL . $text . EOL; } return $o; } function translate_design_element($type) { switch($type) { case 'webpage': $ret = t('webpage'); break; case 'layout': $ret = t('layout'); break; case 'block': $ret = t('block'); break; case 'menu': $ret = t('menu'); break; } return $ret; } function bb_ShareAttributes($match) { $matches = array(); $attributes = $match[1]; $author = ""; preg_match("/author='(.*?)'/ism", $attributes, $matches); if ($matches[1] != "") $author = urldecode($matches[1]); $link = ""; preg_match("/link='(.*?)'/ism", $attributes, $matches); if ($matches[1] != "") $link = $matches[1]; $avatar = ""; preg_match("/avatar='(.*?)'/ism", $attributes, $matches); if ($matches[1] != "") $avatar = $matches[1]; $profile = ""; preg_match("/profile='(.*?)'/ism", $attributes, $matches); if ($matches[1] != "") $profile = $matches[1]; $posted = ""; preg_match("/posted='(.*?)'/ism", $attributes, $matches); if ($matches[1] != "") $posted = $matches[1]; // message_id is never used, do we still need it? $message_id = ""; preg_match("/message_id='(.*?)'/ism", $attributes, $matches); if ($matches[1] != "") $message_id = $matches[1]; if(! $message_id) { preg_match("/guid='(.*?)'/ism", $attributes, $matches); if ($matches[1] != "") $message_id = $matches[1]; } $reldate = '' . datetime_convert('UTC', date_default_timezone_get(), $posted, 'r') . ''; $headline = '
'; if ($avatar != "") $headline .= '' . $author . ''; if(strpos($link,'/cards/')) $type = t('card'); elseif(strpos($link,'/articles/')) $type = t('article'); else $type = t('post'); // Bob Smith wrote the following post 2 hours ago $fmt = sprintf( t('%1$s wrote the following %2$s %3$s'), '' . $author . '', '' . $type . '', $reldate ); $headline .= '' . $fmt . '
'; $text = $headline . '
' . trim($match[2]) . '
'; return $text; } function bb_location($match) { // not yet implemented } /** * @brief Returns an iframe from $match[1]. * * @param array $match * @return string HTML iframe with content of $match[1] */ function bb_iframe($match) { $sandbox = ((strpos($match[1], App::get_hostname())) ? ' sandbox="allow-scripts" ' : ''); return ''; } function bb_ShareAttributesSimple($match) { $matches = array(); $attributes = $match[1]; $author = ""; preg_match("/author='(.*?)'/ism", $attributes, $matches); if ($matches[1] != "") $author = html_entity_decode($matches[1],ENT_QUOTES,'UTF-8'); preg_match('/author="(.*?)"/ism', $attributes, $matches); if ($matches[1] != "") $author = $matches[1]; $profile = ""; preg_match("/profile='(.*?)'/ism", $attributes, $matches); if ($matches[1] != "") $profile = $matches[1]; preg_match('/profile="(.*?)"/ism', $attributes, $matches); if ($matches[1] != "") $profile = $matches[1]; $text = html_entity_decode("♲ ", ENT_QUOTES, 'UTF-8') . ' ' . $author . ':
' . $match[2] . '
'; return($text); } function rpost_callback($match) { if ($match[2]) { return str_replace($match[0], get_rpost_path(App::get_observer()) . '&title=' . urlencode($match[2]) . '&body=' . urlencode($match[3]), $match[0]); } else { return str_replace($match[0], get_rpost_path(App::get_observer()) . '&body=' . urlencode($match[3]), $match[0]); } } function bb_map_coords($match) { // the extra space in the following line is intentional return str_replace($match[0],'
' . generate_map(str_replace('/',' ',$match[1])) . '
', $match[0]); } function bb_map_location($match) { // the extra space in the following line is intentional return str_replace($match[0],'
' . generate_named_map($match[1]) . '
', $match[0]); } function bb_opentag($match) { $openclose = (($match[2]) ? '' . $match[1] . '' : t('Click to open/close')); $text = (($match[2]) ? $match[2] : $match[1]); $rnd = mt_rand(); return ''; } function bb_spoilertag($match) { $openclose = (($match[2]) ? '' . $match[1] . ' ' . t('spoiler') . '' : t('Click to open/close')); $text = (($match[2]) ? $match[2] : $match[1]); $rnd = mt_rand(); return ''; } function bb_summary($match) { $rnd1 = mt_rand(); $rnd2 = mt_rand(); $rnd3 = mt_rand(); $rnd4 = mt_rand(); return $match[1] . '
' . $match[2] . '
' . t('View article') . '
'; } function bb_definitionList($match) { // $match[1] is the markup styles for the "terms" in the definition list. // $match[2] is the content between the [dl]...[/dl] tags $classes = ''; if (stripos($match[1], "b") !== false) $classes .= 'dl-terms-bold '; if (stripos($match[1], "i") !== false) $classes .= 'dl-terms-italic '; if (stripos($match[1], "u") !== false) $classes .= 'dl-terms-underline '; if (stripos($match[1], "l") !== false) $classes .= 'dl-terms-large '; if (stripos($match[1], "m") !== false) $classes .= 'dl-terms-monospace '; if (stripos($match[1], "h") !== false) $classes .= 'dl-horizontal '; // dl-horizontal is already provided by bootstrap if (strlen($classes) === 0) $classes = "dl-terms-plain"; // The bbcode transformation will be: // [*=term-text] description-text =>
term-text
description-text // then after all replacements have been made, the extra
at the start of the // first line can be removed. HTML5 allows the tag to be missing from the end of the last line. // Using '(?\n"; $eatLeadingSpaces = '(?: |[ \t])*'; // prevent spaces infront of [*= from adding another line to the previous element $listElements = preg_replace('/^(\n|
)/', '', $match[2]); // ltrim the first newline $listElements = preg_replace( '/' . $eatLeadingSpaces . '\[\*=([[:print:]]*?)(?$1
', $listElements ); // Unescape any \] inside the
tags $listElements = preg_replace_callback('/
(.*?)<\/dt>/ism', 'bb_definitionList_unescapeBraces', $listElements); // Remove the extra at the start of the string, if there is one. $firstOpenTag = strpos($listElements, '
'); $firstCloseTag = strpos($listElements, $closeDescriptionTag); if ($firstCloseTag !== false && ($firstOpenTag === false || ($firstCloseTag < $firstOpenTag))) { $listElements = preg_replace( '/<\/dd>/ism', '', $listElements, 1); } return '
' . $listElements . '
';; } function bb_definitionList_unescapeBraces($match) { return '
' . str_replace('\]', ']', $match[1]) . '
'; } function bb_checklist($match) { $str = $match[1]; $str = str_replace("[]", "
  • ", $str); $str = str_replace("[x]", "
  • ", $str); return ''; } /** * @brief Sanitize style properties from BBCode to HTML. * * @param array $input * @return string A HTML span tag with the styles. */ function bb_sanitize_style($input) { // whitelist array: property => limits (0 = no limitation) $w = array( // color properties "color" => 0, "background-color" => 0, // box properties "padding" => array("px"=>100, "%"=>0, "em"=>2, "ex"=>2, "mm"=>0, "cm"=>0, "in"=>0, "pt"=>0, "pc"=>0), "margin" => array("px"=>100, "%"=>0, "em"=>2, "ex"=>2, "mm"=>0, "cm"=>0, "in"=>0, "pt"=>0, "pc"=>0), "border" => array("px"=>100, "%"=>0, "em"=>2, "ex"=>2, "mm"=>0, "cm"=>0, "in"=>0, "pt"=>0, "pc"=>0), "float" => 0, "clear" => 0, // text properties "text-decoration" => 0, ); $css = array(); $css_string = $input[1]; $a = explode(';', $css_string); foreach($a as $parts){ list($k, $v) = explode(':', $parts); $css[ trim($k) ] = trim($v); } // sanitize properties $b = array_merge(array_diff_key($css, $w), array_diff_key($w, $css)); $css = array_diff_key($css, $b); $css_string_san = ''; foreach ($css as $key => $value) { if ($w[$key] != null) { foreach ($w[$key] as $limit_key => $limit_value) { //sanitize values if (strpos($value, $limit_key)) { $value = preg_replace_callback( "/(\S.*?)$limit_key/ism", function($match) use($limit_value, $limit_key) { if ($match[1] > $limit_value) { return $limit_value . $limit_key; } else { return $match[1] . $limit_key; } }, $value ); } } } $css_string_san .= $key . ":" . $value ."; "; } return '' . $input[2] . ''; } function oblanguage_callback($matches) { if(strlen($matches[1]) == 2) { $compare = strtolower(substr(\App::$language,0,2)); } else { $compare = strtolower(\App::$language); } if($compare === strtolower($matches[1])) return $matches[2]; return ''; } function oblanguage_necallback($matches) { if(strlen($matches[1]) == 2) { $compare = strtolower(substr(\App::$language,0,2)); } else { $compare = strtolower(\App::$language); } if($compare !== strtolower($matches[1])) return $matches[2]; return ''; } function bb_observer($Text) { $observer = App::get_observer(); if ((strpos($Text,'[/observer]') !== false) || (strpos($Text,'[/rpost]') !== false)) { if ($observer) { $Text = preg_replace("/\[observer\=1\](.*?)\[\/observer\]/ism", '$1', $Text); $Text = preg_replace("/\[observer\=0\].*?\[\/observer\]/ism", '', $Text); $Text = preg_replace_callback("/\[rpost(=(.*?))?\](.*?)\[\/rpost\]/ism", 'rpost_callback', $Text); } else { $Text = preg_replace("/\[observer\=1\].*?\[\/observer\]/ism", '', $Text); $Text = preg_replace("/\[observer\=0\](.*?)\[\/observer\]/ism", '$1', $Text); $Text = preg_replace("/\[rpost(=.*?)?\](.*?)\[\/rpost\]/ism", '', $Text); } } $channel = App::get_channel(); if (strpos($Text,'[/channel]') !== false) { if ($channel) { $Text = preg_replace("/\[channel\=1\](.*?)\[\/channel\]/ism", '$1', $Text); $Text = preg_replace("/\[channel\=0\].*?\[\/channel\]/ism", '', $Text); } else { $Text = preg_replace("/\[channel\=1\].*?\[\/channel\]/ism", '', $Text); $Text = preg_replace("/\[channel\=0\](.*?)\[\/channel\]/ism", '$1', $Text); } } return $Text; } function bb_code_protect($s) { return 'b64.^9e%.' . base64_encode($s) . '.b64.$9e%'; } function bb_code_unprotect($s) { return preg_replace_callback('|b64\.\^9e\%\.(.*?)\.b64\.\$9e\%|ism','bb_code_unprotect_sub',$s); } function bb_code_unprotect_sub($match) { return base64_decode($match[1]); } function bb_code($match) { if(strpos($match[0], "
    ")) return '
    ' . bb_code_protect(trim($match[1])) . '
    '; else return '' . bb_code_protect(trim($match[1])) . ''; } function bb_code_options($match) { if(strpos($match[0], "
    ")) { $class = ""; $pre = true; } else { $class = "inline-code"; $pre = false; } if(strpos($match[1], 'nowrap')) { $style = "overflow-x: auto; white-space: pre;"; } else { $style = ""; } if($pre) { return '
    ' . bb_code_protect(trim($match[2])) . '
    '; } else { return '' . bb_code_protect(trim($match[2])) . ''; } } function bb_highlight($match) { return bb_code_protect(text_highlight($match[2],strtolower($match[1]))); } function bb_fixtable_lf($match) { // remove extraneous whitespace between table element tags since newlines will all // be converted to '
    ' and turn your neatly crafted tables into a whole lot of // empty space. $x = preg_replace("/\]\s+\[/",'][',$match[1]); return '[table]' . $x . '[/table]'; } function bbtopoll($s) { $pl = []; $match = ''; if(! preg_match("/\[poll=(.*?)\](.*?)\[\/poll\]/ism",$s,$match)) { return null; } $pl['poll_id'] = $match[1]; $pl['poll_question'] = $match[2]; $match = ''; if(preg_match_all("/\[poll\-answer=(.*?)\](.*?)\[\/poll\-answer\]/is",$s,$match,PREG_SET_ORDER)) { $pl['answer'] = []; foreach($match as $m) { $ans = [ 'answer_id' => $m[1], 'answer_text' => $m[2] ]; $pl['answer'][] = $ans; } } return $pl; } function parseIdentityAwareHTML($Text) { // Hide all [noparse] contained bbtags by spacefying them if (strpos($Text,'[noparse]') !== false) { $Text = preg_replace_callback("/\[noparse\](.*?)\[\/noparse\]/ism", 'bb_spacefy',$Text); } if (strpos($Text,'[nobb]') !== false) { $Text = preg_replace_callback("/\[nobb\](.*?)\[\/nobb\]/ism", 'bb_spacefy',$Text); } if (strpos($Text,'[pre]') !== false) { $Text = preg_replace_callback("/\[pre\](.*?)\[\/pre\]/ism", 'bb_spacefy',$Text); } // process [observer] tags before we do anything else because we might // be stripping away stuff that then doesn't need to be worked on anymore $observer = App::get_observer(); if ((strpos($Text,'[/observer]') !== false) || (strpos($Text,'[/rpost]') !== false)) { $Text = preg_replace_callback("/\[observer\.language\=(.*?)\](.*?)\[\/observer\]/ism",'oblanguage_callback', $Text); $Text = preg_replace_callback("/\[observer\.language\!\=(.*?)\](.*?)\[\/observer\]/ism",'oblanguage_necallback', $Text); if ($observer) { $Text = preg_replace("/\[observer\=1\](.*?)\[\/observer\]/ism", '$1', $Text); $Text = preg_replace("/\[observer\=0\].*?\[\/observer\]/ism", '', $Text); $Text = preg_replace_callback("/\[rpost(=(.*?))?\](.*?)\[\/rpost\]/ism", 'rpost_callback', $Text); } else { $Text = preg_replace("/\[observer\=1\].*?\[\/observer\]/ism", '', $Text); $Text = preg_replace("/\[observer\=0\](.*?)\[\/observer\]/ism", '$1', $Text); $Text = preg_replace("/\[rpost(=.*?)?\](.*?)\[\/rpost\]/ism", '', $Text); } } // replace [observer.baseurl] if ($observer) { $s1 = ''; $s2 = ''; $obsBaseURL = $observer['xchan_connurl']; $obsBaseURL = preg_replace("/\/poco\/.*$/", '', $obsBaseURL); $Text = str_replace('[observer.baseurl]', $obsBaseURL, $Text); $Text = str_replace('[observer.url]',$observer['xchan_url'], $Text); $Text = str_replace('[observer.name]',$s1 . $observer['xchan_name'] . $s2, $Text); $Text = str_replace('[observer.address]',$s1 . $observer['xchan_addr'] . $s2, $Text); $Text = str_replace('[observer.webname]', substr($observer['xchan_addr'],0,strpos($observer['xchan_addr'],'@')), $Text); $Text = str_replace('[observer.photo]',$s1 . '[zmg]'.$observer['xchan_photo_l'].'[/zmg]' . $s2, $Text); } else { $Text = str_replace('[observer.baseurl]', '', $Text); $Text = str_replace('[observer.url]','', $Text); $Text = str_replace('[observer.name]','', $Text); $Text = str_replace('[observer.address]','', $Text); $Text = str_replace('[observer.webname]','',$Text); $Text = str_replace('[observer.photo]','', $Text); } $Text = str_replace(array('[baseurl]','[sitename]'),array(z_root(),get_config('system','sitename')),$Text); // Unhide all [noparse] contained bbtags unspacefying them // and triming the [noparse] tag. if (strpos($Text,'[noparse]') !== false) { $Text = preg_replace_callback("/\[noparse\](.*?)\[\/noparse\]/ism", 'bb_unspacefy_and_trim', $Text); } if (strpos($Text,'[nobb]') !== false) { $Text = preg_replace_callback("/\[nobb\](.*?)\[\/nobb\]/ism", 'bb_unspacefy_and_trim', $Text); } if (strpos($Text,'[pre]') !== false) { $Text = preg_replace_callback("/\[pre\](.*?)\[\/pre\]/ism", 'bb_unspacefy_and_trim', $Text); } return $Text; } function bbcode($Text, $options = []) { $preserve_nl = ((array_key_exists('preserve_nl',$options)) ? $options['preserve_nl'] : false); $tryoembed = ((array_key_exists('tryoembed',$options)) ? $options['tryoembed'] : true); $cache = ((array_key_exists('cache',$options)) ? $options['cache'] : false); call_hooks('bbcode_filter', $Text); // Hide all [noparse] contained bbtags by spacefying them if (strpos($Text,'[noparse]') !== false) { $Text = preg_replace_callback("/\[noparse\](.*?)\[\/noparse\]/ism", 'bb_spacefy',$Text); } if (strpos($Text,'[nobb]') !== false) { $Text = preg_replace_callback("/\[nobb\](.*?)\[\/nobb\]/ism", 'bb_spacefy',$Text); } if (strpos($Text,'[pre]') !== false) { $Text = preg_replace_callback("/\[pre\](.*?)\[\/pre\]/ism", 'bb_spacefy',$Text); } // If we find any event code, turn it into an event. // After we're finished processing the bbcode we'll // replace all of the event code with a reformatted version. $ev = bbtoevent($Text); // and the same with polls $pl = bbtopoll($Text); // process [observer] tags before we do anything else because we might // be stripping away stuff that then doesn't need to be worked on anymore if($cache) $observer = false; else $observer = App::get_observer(); if ((strpos($Text,'[/observer]') !== false) || (strpos($Text,'[/rpost]') !== false)) { $Text = preg_replace_callback("/\[observer\.language\=(.*?)\](.*?)\[\/observer\]/ism",'oblanguage_callback', $Text); $Text = preg_replace_callback("/\[observer\.language\!\=(.*?)\](.*?)\[\/observer\]/ism",'oblanguage_necallback', $Text); if ($observer) { $Text = preg_replace("/\[observer\=1\](.*?)\[\/observer\]/ism", '$1', $Text); $Text = preg_replace("/\[observer\=0\].*?\[\/observer\]/ism", '', $Text); $Text = preg_replace_callback("/\[rpost(=(.*?))?\](.*?)\[\/rpost\]/ism", 'rpost_callback', $Text); } else { $Text = preg_replace("/\[observer\=1\].*?\[\/observer\]/ism", '', $Text); $Text = preg_replace("/\[observer\=0\](.*?)\[\/observer\]/ism", '$1', $Text); $Text = preg_replace("/\[rpost(=.*?)?\](.*?)\[\/rpost\]/ism", '', $Text); } } if($cache) $channel = false; else $channel = App::get_channel(); if (strpos($Text,'[/channel]') !== false) { if ($channel) { $Text = preg_replace("/\[channel\=1\](.*?)\[\/channel\]/ism", '$1', $Text); $Text = preg_replace("/\[channel\=0\].*?\[\/channel\]/ism", '', $Text); } else { $Text = preg_replace("/\[channel\=1\].*?\[\/channel\]/ism", '', $Text); $Text = preg_replace("/\[channel\=0\](.*?)\[\/channel\]/ism", '$1', $Text); } } $x = bb_extract_images($Text); $Text = $x['body']; $saved_images = $x['images']; $Text = str_replace(array('[baseurl]','[sitename]'),array(z_root(),get_config('system','sitename')),$Text); // Replace any html brackets with HTML Entities to prevent executing HTML or script // Don't use strip_tags here because it breaks [url] search by replacing & with amp $Text = str_replace("<", "<", $Text); $Text = str_replace(">", ">", $Text); // Check for [code] text here, before the linefeeds are messed with. // The highlighter will unescape and re-escape the content. if (strpos($Text,'[code=') !== false) { $Text = preg_replace_callback("/\[code=(.*?)\](.*?)\[\/code\]/ism", 'bb_highlight', $Text); } $Text = preg_replace_callback("/\[table\](.*?)\[\/table\]/ism",'bb_fixtable_lf',$Text); // Convert new line chars to html
    tags // nlbr seems to be hopelessly messed up // $Text = nl2br($Text); // We'll emulate it. $Text = str_replace("\r\n", "\n", $Text); $Text = str_replace(array("\r", "\n"), array('
    ', '
    '), $Text); if ($preserve_nl) $Text = str_replace(array("\n", "\r"), array('', ''), $Text); $Text = str_replace(array("\t", " "), array("    ", "  "), $Text); // Check for [code] text if (strpos($Text,'[code]') !== false) { $Text = preg_replace_callback("/\[code\](.*?)\[\/code\]/ism", 'bb_code', $Text); } // Check for [code options] text if (strpos($Text,'[code ') !== false) { $Text = preg_replace_callback("/\[code(.*?)\](.*?)\[\/code\]/ism", 'bb_code_options', $Text); } // Set up the parameters for a URL search string $URLSearchString = "^\[\]"; // Set up the parameters for a MAIL search string $MAILSearchString = $URLSearchString; // replace [observer.baseurl] if ($observer) { $s1 = ''; $s2 = ''; $obsBaseURL = $observer['xchan_connurl']; $obsBaseURL = preg_replace("/\/poco\/.*$/", '', $obsBaseURL); $Text = str_replace('[observer.baseurl]', $obsBaseURL, $Text); $Text = str_replace('[observer.url]',$observer['xchan_url'], $Text); $Text = str_replace('[observer.name]',$s1 . $observer['xchan_name'] . $s2, $Text); $Text = str_replace('[observer.address]',$s1 . $observer['xchan_addr'] . $s2, $Text); $Text = str_replace('[observer.webname]', substr($observer['xchan_addr'],0,strpos($observer['xchan_addr'],'@')), $Text); $Text = str_replace('[observer.photo]',$s1 . '[zmg]'.$observer['xchan_photo_l'].'[/zmg]' . $s2, $Text); } else { $Text = str_replace('[observer.baseurl]', '', $Text); $Text = str_replace('[observer.url]','', $Text); $Text = str_replace('[observer.name]','', $Text); $Text = str_replace('[observer.address]','', $Text); $Text = str_replace('[observer.webname]','',$Text); $Text = str_replace('[observer.photo]','', $Text); } // Perform URL Search $urlchars = '[a-zA-Z0-9\pL\:\/\-\?\&\;\.\=\_\~\#\%\$\!\+\,\@\(\)]'; if (strpos($Text,'http') !== false) { if($tryoembed) { $Text = preg_replace_callback("/([^\]\='".'"'."\/]|^|\#\^)(https?\:\/\/$urlchars+)/ismu", 'tryoembed', $Text); } $Text = preg_replace("/([^\]\='".'"'."\/]|^|\#\^)(https?\:\/\/$urlchars+)/ismu", '$1$2', $Text); } if (strpos($Text,'[/share]') !== false) { $Text = preg_replace_callback("/\[share(.*?)\](.*?)\[\/share\]/ism", 'bb_ShareAttributes', $Text); } if($tryoembed) { if (strpos($Text,'[/url]') !== false) { $Text = preg_replace_callback("/[^\^]\[url\]([$URLSearchString]*)\[\/url\]/ism", 'tryoembed', $Text); } } if (strpos($Text,'[/url]') !== false) { $Text = preg_replace("/\#\^\[url\]([$URLSearchString]*)\[\/url\]/ism", '#^$1', $Text); $Text = preg_replace("/\#\^\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism", '#^$2', $Text); $Text = preg_replace("/\[url\]([$URLSearchString]*)\[\/url\]/ism", '$1', $Text); $Text = preg_replace("/\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism", '$2', $Text); } if (strpos($Text,'[/zrl]') !== false) { $Text = preg_replace("/\#\^\[zrl\]([$URLSearchString]*)\[\/zrl\]/ism", '#^$1', $Text); $Text = preg_replace("/\#\^\[zrl\=([$URLSearchString]*)\](.*?)\[\/zrl\]/ism", '#^$2', $Text); $Text = preg_replace("/\[zrl\]([$URLSearchString]*)\[\/zrl\]/ism", '$1', $Text); $Text = preg_replace("/\[zrl\=([$URLSearchString]*)\](.*?)\[\/zrl\]/ism", '$2', $Text); } if (get_account_techlevel() < 2) $Text = str_replace('#^', '', $Text); // Perform MAIL Search if (strpos($Text,'[/mail]') !== false) { $Text = preg_replace("/\[mail\]([$MAILSearchString]*)\[\/mail\]/", '$1', $Text); $Text = preg_replace("/\[mail\=([$MAILSearchString]*)\](.*?)\[\/mail\]/", '$2', $Text); } // leave open the posibility of [map=something] // this is replaced in prepare_body() which has knowledge of the item location if (strpos($Text,'[/map]') !== false) { $Text = preg_replace_callback("/\[map\](.*?)\[\/map\]/ism", 'bb_map_location', $Text); } if (strpos($Text,'[map=') !== false) { $Text = preg_replace_callback("/\[map=(.*?)\]/ism", 'bb_map_coords', $Text); } if (strpos($Text,'[map]') !== false) { $Text = preg_replace("/\[map\]/", '
    ', $Text); } // Check for bold text if (strpos($Text,'[b]') !== false) { $Text = preg_replace("(\[b\](.*?)\[\/b\])ism", '$1', $Text); } // Check for Italics text if (strpos($Text,'[i]') !== false) { $Text = preg_replace("(\[i\](.*?)\[\/i\])ism", '$1', $Text); } // Check for Underline text if (strpos($Text,'[u]') !== false) { $Text = preg_replace("(\[u\](.*?)\[\/u\])ism", '$1', $Text); } // Check for strike-through text if (strpos($Text,'[s]') !== false) { $Text = preg_replace("(\[s\](.*?)\[\/s\])ism", '$1', $Text); } // Check for over-line text if (strpos($Text,'[o]') !== false) { $Text = preg_replace("(\[o\](.*?)\[\/o\])ism", '$1', $Text); } if (strpos($Text,'[sup]') !== false) { $Text = preg_replace("(\[sup\](.*?)\[\/sup\])ism", '$1', $Text); } if (strpos($Text,'[sub]') !== false) { $Text = preg_replace("(\[sub\](.*?)\[\/sub\])ism", '$1', $Text); } // Check for colored text if (strpos($Text,'[/color]') !== false) { $Text = preg_replace("(\[color=(.*?)\](.*?)\[\/color\])ism", "$2", $Text); } // Check for colored text if (strpos($Text,'[/hl]') !== false) { $Text = preg_replace("(\[hl\](.*?)\[\/hl\])ism", "$1", $Text); $Text = preg_replace("(\[hl=(.*?)\](.*?)\[\/hl\])ism", "$2", $Text); } // Check for sized text // [size=50] --> font-size: 50px (with the unit). if (strpos($Text,'[/size]') !== false) { $Text = preg_replace("(\[size=(\d*?)\](.*?)\[\/size\])ism", "$2", $Text); $Text = preg_replace("(\[size=(.*?)\](.*?)\[\/size\])ism", "$2", $Text); } // Check for h1 if (strpos($Text,'[h1]') !== false) { $Text = preg_replace("(\[h1\](.*?)\[\/h1\])ism",'

    $1

    ',$Text); $Text = str_replace('
    ', '', $Text); } // Check for h2 if (strpos($Text,'[h2]') !== false) { $Text = preg_replace("(\[h2\](.*?)\[\/h2\])ism",'

    $1

    ',$Text); $Text = str_replace('
    ', '', $Text); } // Check for h3 if (strpos($Text,'[h3]') !== false) { $Text = preg_replace("(\[h3\](.*?)\[\/h3\])ism",'

    $1

    ',$Text); $Text = str_replace('
    ', '', $Text); } // Check for h4 if (strpos($Text,'[h4]') !== false) { $Text = preg_replace("(\[h4\](.*?)\[\/h4\])ism",'

    $1

    ',$Text); $Text = str_replace('
    ', '', $Text); } // Check for h5 if (strpos($Text,'[h5]') !== false) { $Text = preg_replace("(\[h5\](.*?)\[\/h5\])ism",'
    $1
    ',$Text); $Text = str_replace('
    ', '', $Text); } // Check for h6 if (strpos($Text,'[h6]') !== false) { $Text = preg_replace("(\[h6\](.*?)\[\/h6\])ism",'
    $1
    ',$Text); $Text = str_replace('
    ', '', $Text); } // Check for table of content without params while(strpos($Text,'[toc]') !== false) { $toc_id = 'toc-' . random_string(10); $Text = preg_replace("/\[toc\]/ism", '', $Text, 1); } // Check for table of content with params while(strpos($Text,'[toc') !== false) { $toc_id = 'toc-' . random_string(10); $Text = preg_replace("/\[toc([^\]]+?)\]/ism", '', $Text, 1); } // Check for centered text if (strpos($Text,'[/center]') !== false) { $Text = preg_replace("(\[center\](.*?)\[\/center\])ism", "
    $1
    ", $Text); } // Check for footer if (strpos($Text,'[/footer]') !== false) { $Text = preg_replace("(\[footer\](.*?)\[\/footer\])ism", "
    $1
    ", $Text); } // Check for list text $Text = preg_replace("/
    \[\*\]/ism",'[*]',$Text); $Text = str_replace("[*]", "
  • ", $Text); // handle nested lists $endlessloop = 0; while ((((strpos($Text, "[/list]") !== false) && (strpos($Text, "[list") !== false)) || ((strpos($Text, "[/ol]") !== false) && (strpos($Text, "[ol]") !== false)) || ((strpos($Text, "[/ul]") !== false) && (strpos($Text, "[ul]") !== false)) || ((strpos($Text, "[/dl]") !== false) && (strpos($Text, "[dl") !== false)) || ((strpos($Text, "[/li]") !== false) && (strpos($Text, "[li]") !== false))) && (++$endlessloop < 20)) { $Text = preg_replace("/\[list\](.*?)\[\/list\]/ism", '', $Text); $Text = preg_replace("/\[list=\](.*?)\[\/list\]/ism", '', $Text); $Text = preg_replace("/\[list=1\](.*?)\[\/list\]/ism", '', $Text); $Text = preg_replace("/\[list=((?-i)i)\](.*?)\[\/list\]/ism",'', $Text); $Text = preg_replace("/\[list=((?-i)I)\](.*?)\[\/list\]/ism", '', $Text); $Text = preg_replace("/\[list=((?-i)a)\](.*?)\[\/list\]/ism", '', $Text); $Text = preg_replace("/\[list=((?-i)A)\](.*?)\[\/list\]/ism", '', $Text); $Text = preg_replace("/\[ul\](.*?)\[\/ul\]/ism", '', $Text); $Text = preg_replace("/\[ol\](.*?)\[\/ol\]/ism", '', $Text); $Text = preg_replace("/\[\/li\]
    \[li\]/ism",'[/li][li]',$Text); $Text = preg_replace("/\[li\](.*?)\[\/li\]/ism", '
  • $1
  • ', $Text); // [dl] tags have an optional [dl terms="bi"] form where bold/italic/underline/mono/large // etc. style may be specified for the "terms" in the definition list. The quotation marks // are also optional. The regex looks intimidating, but breaks down as: // "[dl" "]" "[/dl]" // where optional-termStyles are: "terms=" $Text = preg_replace_callback('/\[dl[[:space:]]*(?:terms=(?:"|")?([a-zA-Z]+)(?:"|")?)?\](.*?)\[\/dl\]/ism', 'bb_definitionList', $Text); } if (strpos($Text,'[checklist]') !== false) { $Text = preg_replace_callback("/\[checklist\](.*?)\[\/checklist\]/ism", 'bb_checklist', $Text); } if (strpos($Text,'[th]') !== false) { $Text = preg_replace("/\[th\](.*?)\[\/th\]/sm", '$1', $Text); } if (strpos($Text,'[td]') !== false) { $Text = preg_replace("/\[td\](.*?)\[\/td\]/sm", '$1', $Text); } if (strpos($Text,'[tr]') !== false) { $Text = preg_replace("/\[tr\](.*?)\[\/tr\]/sm", '$1', $Text); } if (strpos($Text,'[/table]') !== false) { $Text = preg_replace("/\[table\](.*?)\[\/table\]/sm", '$1
    ', $Text); $Text = preg_replace("/\[table border=1\](.*?)\[\/table\]/sm", '$1
    ', $Text); $Text = preg_replace("/\[table border=0\](.*?)\[\/table\]/sm", '$1
    ', $Text); } $Text = str_replace('
    ', "\n", $Text); $Text = str_replace('[hr]', '
    ', $Text); // This is actually executed in prepare_body() $Text = str_replace('[nosmile]', '', $Text); // Check for font change text if (strpos($Text,'[/font]') !== false) { $Text = preg_replace("/\[font=(.*?)\](.*?)\[\/font\]/sm", "$2", $Text); } if(strpos($Text,'[/summary]') !== false) { $Text = preg_replace_callback("/^(.*?)\[summary\](.*?)\[\/summary\](.*?)$/ism", 'bb_summary', $Text); } // Check for [spoiler] text $endlessloop = 0; while ((strpos($Text, "[/spoiler]")!== false) and (strpos($Text, "[spoiler]") !== false) and (++$endlessloop < 20)) { $Text = preg_replace_callback("/\[spoiler\](.*?)\[\/spoiler\]/ism", 'bb_spoilertag', $Text); } // Check for [spoiler=Author] text $endlessloop = 0; while ((strpos($Text, "[/spoiler]")!== false) and (strpos($Text, "[spoiler=") !== false) and (++$endlessloop < 20)) { $Text = preg_replace_callback("/\[spoiler=(.*?)\](.*?)\[\/spoiler\]/ism", 'bb_spoilertag', $Text); } // Check for [open] text $endlessloop = 0; while ((strpos($Text, "[/open]")!== false) and (strpos($Text, "[open]") !== false) and (++$endlessloop < 20)) { $Text = preg_replace_callback("/\[open\](.*?)\[\/open\]/ism", 'bb_opentag', $Text); } // Check for [open=Title] text $endlessloop = 0; while ((strpos($Text, "[/open]")!== false) and (strpos($Text, "[open=") !== false) and (++$endlessloop < 20)) { $Text = preg_replace_callback("/\[open=(.*?)\](.*?)\[\/open\]/ism", 'bb_opentag', $Text); } // Declare the format for [quote] layout $QuoteLayout = '
    $1
    '; // Check for [quote] text // handle nested quotes $endlessloop = 0; while ((strpos($Text, "[/quote]") !== false) and (strpos($Text, "[quote]") !== false) and (++$endlessloop < 20)) $Text = preg_replace("/\[quote\](.*?)\[\/quote\]/ism", "$QuoteLayout", $Text); // Check for [quote=Author] text $t_wrote = t('$1 wrote:'); // handle nested quotes $endlessloop = 0; while ((strpos($Text, "[/quote]")!== false) and (strpos($Text, "[quote=") !== false) and (++$endlessloop < 20)) $Text = preg_replace("/\[quote=[\"\']*(.*?)[\"\']*\](.*?)\[\/quote\]/ism", "" . $t_wrote . "
    $2
    ", $Text); // Images // [img]pathtoimage[/img] if (strpos($Text,'[/img]') !== false) { $Text = preg_replace("/\[img\](.*?)\[\/img\]/ism", '' . t('Image/photo') . '', $Text); } if (strpos($Text,'[/zmg]') !== false) { $Text = preg_replace("/\[zmg\](.*?)\[\/zmg\]/ism", '' . t('Image/photo') . '', $Text); } // [img float={left, right}]pathtoimage[/img] if (strpos($Text,'[/img]') !== false) { $Text = preg_replace("/\[img float=left\](.*?)\[\/img\]/ism", '' . t('Image/photo') . '', $Text); } if (strpos($Text,'[/img]') !== false) { $Text = preg_replace("/\[img float=right\](.*?)\[\/img\]/ism", '' . t('Image/photo') . '', $Text); } if (strpos($Text,'[/zmg]') !== false) { $Text = preg_replace("/\[zmg float=left\](.*?)\[\/zmg\]/ism", '' . t('Image/photo') . '', $Text); } if (strpos($Text,'[/zmg]') !== false) { $Text = preg_replace("/\[zmg float=right\](.*?)\[\/zmg\]/ism", '' . t('Image/photo') . '', $Text); } // [img=widthxheight]pathtoimage[/img] if (strpos($Text,'[/img]') !== false) { $Text = preg_replace("/\[img\=([0-9]*)x([0-9]*)\](.*?)\[\/img\]/ism", '' . t('Image/photo') . '', $Text); } if (strpos($Text,'[/zmg]') !== false) { $Text = preg_replace("/\[zmg\=([0-9]*)x([0-9]*)\](.*?)\[\/zmg\]/ism", '' . t('Image/photo') . '', $Text); } // [img=widthxheight float={left, right}]pathtoimage[/img] if (strpos($Text,'[/img]') !== false) { $Text = preg_replace("/\[img\=([0-9]*)x([0-9]*) float=left\](.*?)\[\/img\]/ism", '' . t('Image/photo') . '', $Text); } if (strpos($Text,'[/img]') !== false) { $Text = preg_replace("/\[img\=([0-9]*)x([0-9]*) float=right\](.*?)\[\/img\]/ism", '' . t('Image/photo') . '', $Text); } if (strpos($Text,'[/zmg]') !== false) { $Text = preg_replace("/\[zmg\=([0-9]*)x([0-9]*) float=left\](.*?)\[\/zmg\]/ism", '' . t('Image/photo') . '', $Text); } if (strpos($Text,'[/zmg]') !== false) { $Text = preg_replace("/\[zmg\=([0-9]*)x([0-9]*) float=right\](.*?)\[\/zmg\]/ism", '' . t('Image/photo') . '', $Text); } // style (sanitized) if (strpos($Text,'[/style]') !== false) { $Text = preg_replace_callback("(\[style=(.*?)\](.*?)\[\/style\])ism", "bb_sanitize_style", $Text); } // crypt if (strpos($Text,'[/crypt]') !== false) { $x = random_string(); $Text = preg_replace("/\[crypt\](.*?)\[\/crypt\]/ism",'
    ' . t('Encrypted content') . '
    ', $Text); $Text = preg_replace_callback("/\[crypt (.*?)\](.*?)\[\/crypt\]/ism", 'bb_parse_crypt', $Text); } if(strpos($Text,'[/app]') !== false) { $Text = preg_replace_callback("/\[app\](.*?)\[\/app\]/ism",'bb_parse_app', $Text); } if(strpos($Text,'[/element]') !== false) { $Text = preg_replace_callback("/\[element\](.*?)\[\/element\]/ism",'bb_parse_element', $Text); } // html5 video and audio if (strpos($Text,'[/video]') !== false) { $Text = preg_replace_callback("/\[video\](.*?\.(ogg|ogv|oga|ogm|webm|mp4|mpeg|mpg))\[\/video\]/ism", 'tryzrlvideo', $Text); } if (strpos($Text,'[/audio]') !== false) { $Text = preg_replace_callback("/\[audio\](.*?\.(ogg|ogv|oga|ogm|webm|mp4|mp3|opus|m4a))\[\/audio\]/ism", 'tryzrlaudio', $Text); } if (strpos($Text,'[/zvideo]') !== false) { $Text = preg_replace_callback("/\[zvideo\](.*?\.(ogg|ogv|oga|ogm|webm|mp4|mpeg|mpg))\[\/zvideo\]/ism", 'tryzrlvideo', $Text); } if (strpos($Text,'[/zaudio]') !== false) { $Text = preg_replace_callback("/\[zaudio\](.*?\.(ogg|ogv|oga|ogm|webm|mp4|mp3|opus|m4a))\[\/zaudio\]/ism", 'tryzrlaudio', $Text); } // Try to Oembed if ($tryoembed) { if (strpos($Text,'[/video]') !== false) { $Text = preg_replace_callback("/\[video\](.*?)\[\/video\]/ism", 'tryoembed', $Text); } if (strpos($Text,'[/audio]') !== false) { $Text = preg_replace_callback("/\[audio\](.*?)\[\/audio\]/ism", 'tryoembed', $Text); } if (strpos($Text,'[/zvideo]') !== false) { $Text = preg_replace_callback("/\[zvideo\](.*?)\[\/zvideo\]/ism", 'tryoembed', $Text); } if (strpos($Text,'[/zaudio]') !== false) { $Text = preg_replace_callback("/\[zaudio\](.*?)\[\/zaudio\]/ism", 'tryoembed', $Text); } } // if video couldn't be embedded, link to it instead. if (strpos($Text,'[/video]') !== false) { $Text = preg_replace("/\[video\](.*?)\[\/video\]/", '$1', $Text); } if (strpos($Text,'[/audio]') !== false) { $Text = preg_replace("/\[audio\](.*?)\[\/audio\]/", '$1', $Text); } if (strpos($Text,'[/zvideo]') !== false) { $Text = preg_replace("/\[zvideo\](.*?)\[\/zvideo\]/", '$1', $Text); } if (strpos($Text,'[/zaudio]') !== false) { $Text = preg_replace("/\[zaudio\](.*?)\[\/zaudio\]/", '$1', $Text); } // if ($tryoembed){ // if (strpos($Text,'[/iframe]') !== false) { // $Text = preg_replace_callback("/\[iframe\](.*?)\[\/iframe\]/ism", 'bb_iframe', $Text); // } // } else { // if (strpos($Text,'[/iframe]') !== false) { // $Text = preg_replace("/\[iframe\](.*?)\[\/iframe\]/ism", '$1', $Text); // } // } // oembed tag $Text = oembed_bbcode2html($Text); // Avoid triple linefeeds through oembed $Text = str_replace("


    ", "

    ", $Text); // If we found an event earlier, strip out all the event code and replace with a reformatted version. // Replace the event-start section with the entire formatted event. The other bbcode is stripped. // Summary (e.g. title) is required, earlier revisions only required description (in addition to // start which is always required). Allow desc with a missing summary for compatibility. if ((x($ev,'desc') || x($ev,'summary')) && x($ev,'dtstart')) { $sub = format_event_html($ev); $sub = str_replace('$',"\0",$sub); $Text = preg_replace("/\[event\-start\](.*?)\[\/event\-start\]/ism",$sub,$Text); $Text = preg_replace("/\[event\](.*?)\[\/event\]/ism",'',$Text); $Text = preg_replace("/\[event\-summary\](.*?)\[\/event\-summary\]/ism",'',$Text); $Text = preg_replace("/\[event\-description\](.*?)\[\/event\-description\]/ism",'',$Text); $Text = preg_replace("/\[event\-finish\](.*?)\[\/event\-finish\]/ism",'',$Text); $Text = preg_replace("/\[event\-id\](.*?)\[\/event\-id\]/ism",'',$Text); $Text = preg_replace("/\[event\-location\](.*?)\[\/event\-location\]/ism",'',$Text); $Text = preg_replace("/\[event\-adjust\](.*?)\[\/event\-adjust\]/ism",'',$Text); $Text = str_replace("\0",'$',$Text); } // Unhide all [noparse] contained bbtags unspacefying them // and triming the [noparse] tag. if (strpos($Text,'[noparse]') !== false) { $Text = preg_replace_callback("/\[noparse\](.*?)\[\/noparse\]/ism", 'bb_unspacefy_and_trim', $Text); } if (strpos($Text,'[nobb]') !== false) { $Text = preg_replace_callback("/\[nobb\](.*?)\[\/nobb\]/ism", 'bb_unspacefy_and_trim', $Text); } if (strpos($Text,'[pre]') !== false) { $Text = preg_replace_callback("/\[pre\](.*?)\[\/pre\]/ism", 'bb_unspacefy_and_trim', $Text); } // replace escaped links in code= blocks $Text = str_replace('%eY9-!','http', $Text); $Text = bb_code_unprotect($Text); $Text = preg_replace('/\[\&\;([#a-z0-9]+)\;\]/', '&$1;', $Text); // fix any escaped ampersands that may have been converted into links if(strpos($Text,'&') !== false) $Text = preg_replace("/\<(.*?)(src|href)=(.*?)\&\;(.*?)\>/ism", '<$1$2=$3&$4>', $Text); // This is subtle - it's an XSS filter. It only accepts links with a protocol scheme and where // the scheme begins with z (zhttp), h (http(s)), f (ftp(s)), m (mailto), t (tel) and named anchors. $Text = preg_replace("/\<(.*?)(src|href)=\"[^zhfmt#](.*?)\>/ism", '<$1$2="">', $Text); $Text = bb_replace_images($Text, $saved_images); call_hooks('bbcode', $Text); return $Text; }