📄 post_parser.php
字号:
/** * Undos the parsing of smilies * * @param string Parsed smilies string * @return string Unparsed smilies string */ function smilies_undo($t) { global $icebb,$db,$config,$std; if(is_array($this->smilies_list)) { foreach($this->smilies_list as $s) { $s['code'] = $this->xss_is_bad($s['code']); $smiley_code = preg_quote($s['code'],"`"); $find = preg_quote("<img src='{$icebb->settings['board_url']}smilies/{$s['smiley_set']}/{$s['image']}' border='0' alt='{$s['code']}' />",'`'); $t = preg_replace("`{$find}`i",$s['code'],$t); } } return $t; } /** * Parses bad words * * @param string String to parse * @return string Parsed string */ function bad_words($t) { global $icebb,$db,$std; if(is_array($this->word_filters)) { foreach($this->word_filters as $bw) { $word = preg_quote($bw['bw_word'],'`'); //echo $word; //$word = str_replace('.','\.',$word); //$word = str_replace('\*','(.?)',$word); //echo substr($word,strlen($word)-2,2); if(substr($word,0,2)!='\*') { $word = "(^|\b)".$word; } if(substr($word,strlen($word)-2,2)!='\*') { $word .= "(\b|\.|!|\?|,|$)"; } $word = str_replace('\*','',$word); //echo $word; $t = preg_replace("`{$word}`i",$bw['bw_replacement'],$t); } } return $t; } /** * Parses a string with the settings you specify * * @param array $t Array including settings and string to parse * @param array $pdata Info about a post * @return string Parsed string */ function parse($t,$pdata=array()) { global $icebb,$std,$db; if(!is_array($t)) { // hmm, why did I do these uppercase? lol $opt = array('TEXT'=>$t,'SMILIES'=>1,'BBCODE'=>1,'BAD_WORDS'=>1,'ME_TAG'=>1,'YOU_TAG'=>1,'PARSE_ATTACHMENTS'=>1,'PARSE_QUOTES'=>1); } else { $opt = $t; $t = $opt['TEXT']; } //$t = html_entity_decode($t,ENT_QUOTES); $t = $this->xss_is_bad($t); // fix up a few things $t = preg_replace("`\(c\)`",'©',$t); $t = preg_replace("`\(tm\)`",'™',$t); $t = preg_replace("`\(r\)`",'®',$t); $t = preg_replace("`\t`",' ',$t); if($icebb->user['view_smileys'] == 0) { $opt['SMILIES'] = 0; } if(!isset($opt['PARSE_QUOTES'])) { $opt['PARSE_QUOTES']= 1; } // quotes disabled? $this->parse_quotes = $opt['PARSE_QUOTES']; // do teh smilies if($opt['SMILIES'] == 1) { $t = $this->smilies($t); } // word wrap //$t = _wordwrap($t,100," "); $t = nl2br($t); $t = preg_replace("`&#`","&#",$t); // do teh bbcode if($opt['BBCODE'] == 1) { $t = $this->parse_links($t); $t = $this->bbcode($t); } // do teh bad words if($opt['BAD_WORDS'] == 1) { $t = $this->bad_words($t); } // me tag - something unique :o if($opt['ME_TAG'] == 1) { $t = preg_replace("`/me (.*)`","<span class='medoes'>* {$pdata['pauthor']} \\1</span>",$t); // You tag ^_^ $t = preg_replace("`/you (.*)`","<span class='medoes'>* {$icebb->user['username']} \\1</span>",$t); } // you tag - this will scare some people lol - *[you]* is a faggot if($opt['YOU_TAG'] == 1) { $t = preg_replace("`\*\[you\]\*`",$icebb->user['username'],$t); // Theese two are gonna be funny: $t = preg_replace("`\*\[you_ip\]\*`",$icebb->client_ip,$t); $t = preg_replace("`\*\[you_host\]\*`",$_SERVER['REMOTE_HOST'],$t); } // option tag if($opt['PARSE_ATTACHMENTS']== 1) { $t = preg_replace("`\[attachment=([0-9]+)\]`ie","\$this->parse_attachment(\$this->uploads[\\1])",$t); } return $t; } /** * Parses attachments * * @param string String to parse * @return string Parsed string */ function parse_attachment($u) { global $icebb,$std; $ext = explode('.',$u['uname']); $u['upath_real'] = str_replace($icebb->settings['board_url'],'',$u['upath']); $u['upath'] = "{$icebb->base_url}act=attach&upload={$u['uid']}"; if(class_exists('skin_func')) { $html = $icebb->skin->load_template('topic'); if(strtolower($ext[1])=='jpg' || strtolower($ext[1])=='jpeg' || strtolower($ext[1])=='gif' || strtolower($ext[1])=='png') { list($w,$h) = getimagesize($u['upath-real']); $t = $html->attachment_view_image($u,$w,$h); } else { $t = $html->attachment_view($u); } } return $t; } /** * Parses links * * @param string String to parse * @return string Parsed string */ function parse_links($t) { $t = preg_replace("`\[url\]{$this->url_regex}\[/url\]`","[url]$1://$2[/url]",$t); $t = preg_replace("`\[url\]www\.{$this->url_regex_main}\[/url\]`","[url]http://www.$1[/url]",$t); $t = preg_replace("`(?<=^|[\n ]|\.){$this->url_regex}`","[url]$1://$2[/url]",$t); $t = preg_replace("`(?<=^|[\n ]|\.)www\.{$this->url_regex_main}`","[url=http://www.$1]www.$1[/url]",$t); return $t; } /** * Gets rid of all known XSS vulnerabilities. Created with a lot of help from * http://blog.bitflux.ch/wiki/XSS_Prevention * * @param string String to parse * @return string Parsed string */ function xss_is_bad($t) { //echo "javascript:"; //$t = html_entity_decode($t,ENT_QUOTES,'UTF-8'); $t = htmlspecialchars_decode($t,ENT_QUOTES); $t = str_replace("<","<",$t); $t = str_replace(">",">",$t); //$t = str_replace(""",""",$t); $t = preg_replace("/�*([0-9]*);?/",'&#\\1;',$t); $t = str_replace('javascript:','javascript:',$t); //$t = html_entity_decode($t,ENT_QUOTES); //echo $t; $t = preg_replace("/javascript:/i" , "nojava"/*ava*/."script:" ,$t); $t = preg_replace("/vbscript:/i" , "novb"/*b*/."script:" ,$t); //$t = preg_replace('/javascript:/i','javascript:',$t); //$t = preg_replace('#(<[^>]+[\s\r\n\"\'])(on|xmlns)[^>]*\]#iU',"$1]",$t); //$t = htmlspecialchars($t,ENT_QUOTES); //$t = htmlentities($t,ENT_QUOTES); //$t = preg_replace("`&#([0-9]+);`s",'&#\\1;',$t); return $t; } /** * Removes "faked" characters * * @param string String to parse * @return string Parsed string */ function remove_fakechars($t) { $replace = array( 'а'=>'a', 'е'=>'e', 'о'=>'o', 'р'=>'p', 'с'=>'c', 'у'=>'y', 'х'=>'x', ); //print_r($arran); $t = str_replace(array_keys($replace),$replace,$t); return $t; } /** * Changes HTML (from the WYSIWYG editor) to BBCode * * @param string String to parse * @param string Parsed string */ function html_to_bbcode($t) { global $icebb,$db,$std; // take care of smilies first if(is_array($this->smilies_list)) { foreach($this->smilies_list as $s) { $s['code'] = $this->xss_is_bad($s['code']); $smiley_code = preg_quote($s['code'],"`"); $t = preg_replace("`(<|<)img src=("|")({$icebb->settings['board_url']})?smilies/{$s['smiley_set']}/{$s['image']}("|")(\s/)?(>|>)`i","{$s['code']}",$t); } } // then newlines $t = preg_replace("`(<|<)br(\s/)?(>|>)`is","\n",$t); $t = preg_replace("`(<|<)p(>|>)(.+?)(<|<)/p(>|>)`is","\\3\n\n",$t); // then some BBCode $t = preg_replace("`(<|<)b(>|>)(.+?)(<|<)/b(>|>)`is","[b]\\3[/b]",$t); $t = preg_replace("`(<|<)u(>|>)(.+?)(<|<)/u(>|>)`is","[u]\\3[/u]",$t); $t = preg_replace("`(<|<)i(>|>)(.+?)(<|<)/i(>|>)`is","[i]\\3[/i]",$t); $t = preg_replace("`(<|<)img src=("|")(.+?)("|")(\s/)?(>|>)`i","[img]\\3[/img]",$t); $t = preg_replace("`(<|<)a href=("|")(.+?)("|")(>|>)(.+?)(<|<)/a(>|>)`is","[url=\\3]\\6[/url]",$t); $t = preg_replace("`(<|<)p align=("|")left("|")(>|>)(.+?)(<|<)/p(>|>)`is","[left]\\5[/left]",$t); $t = preg_replace("`(<|<)p align=("|")center("|")(>|>)(.+?)(<|<)/p(>|>)`is","[center]\\5[/center]",$t); $t = preg_replace("`(<|<)p align=("|")right("|")(>|>)(.+?)(<|<)/p(>|>)`is","[right]\\5[/right]",$t); $t = preg_replace("`(<|<)div align=("|")left("|")(>|>)(.+?)(<|<)/div(>|>)`is","[left]\\5[/left]",$t); $t = preg_replace("`(<|<)div align=("|")center("|")(>|>)(.+?)(<|<)/div(>|>)`is","[center]\\5[/center]",$t); $t = preg_replace("`(<|<)div align=("|")right("|")(>|>)(.+?)(<|<)/div(>|>)`is","[right]\\5[/right]",$t); // font - I WANT TO FUCKING KILL THE WYSIWYG EDITOR >_< $t = $this->_recurse_html_regex('font',"`(<|<)font(.+?)(>|>)(.+?)(<|<)/font(>|>)`ise","\$this->_handle_font_html('$2','$4')",$t); // clean up extras $t = str_replace("&nbsp;",' ',$t); return $t; } function _recurse_html_regex($tag,$regex,$replace,$r,$recursion=0) { //if($recursion>15) return $r; $r = preg_replace($regex,$replace,$r); if(preg_match("`(<|<){$tag}`i",$r)) { //echo "<br />STILL MORE ({$recursion})<br />"; $r = $this->_recurse_html_regex($tag,$regex,$replace,$r,$recursion+1); } return $r; } function _handle_font_html($attributes,$r) { global $db; $attributes = trim($attributes); $attributes = html_entity_decode($attributes,ENT_QUOTES); $attributes = $this->_attribute_split($attributes); //$attr = trim($attributes); foreach($attributes as $attr) { $at = explode('=',$attr); $at[1] = preg_replace("`("|")`i",'',$at[1]); $at[1] = $db->escape_string($at[1]); switch($at[0]) { case 'color': $r= "[color={$at[1]}]{$r}[/color]"; break; case 'face': $r= "[font={$at[1]}]{$r}[/font]"; break; case 'size': $at[1]= intval($at[1])*7; $r= "[size={$at[1]}]{$r}[/size]"; break; } } return $r; } function _attribute_split($raw) { $in_quotes = 0; $counter = 0; for($i=0;$i<=strlen($raw);$i++) { $chr = $raw{$i}; if($chr == '"') { $in_quotes= $in_quotes ? 0 : 1; $chr = ''; } if(!$in_quotes && $chr==' ') { $chr = ''; $counter++; } $attrs[$counter].= $chr; } return $attrs; }}?>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -