Line 62 | Line 62 |
---|
}
$bbcode_match = $row['bbcode_match'];
|
}
$bbcode_match = $row['bbcode_match'];
|
$bbcode_tpl = htmlspecialchars($row['bbcode_tpl']);
| $bbcode_tpl = htmlspecialchars($row['bbcode_tpl'], ENT_COMPAT);
|
$display_on_posting = $row['display_on_posting']; $bbcode_helpline = $row['bbcode_helpline']; break;
| $display_on_posting = $row['display_on_posting']; $bbcode_helpline = $row['bbcode_helpline']; break;
|
Line 86 | Line 86 |
---|
$display_on_posting = $request->variable('display_on_posting', 0);
$bbcode_match = $request->variable('bbcode_match', '');
|
$display_on_posting = $request->variable('display_on_posting', 0);
$bbcode_match = $request->variable('bbcode_match', '');
|
$bbcode_tpl = htmlspecialchars_decode($request->variable('bbcode_tpl', '', true));
| $bbcode_tpl = html_entity_decode($request->variable('bbcode_tpl', '', true), ENT_COMPAT);
|
$bbcode_helpline = $request->variable('bbcode_helpline', '', true); break; }
| $bbcode_helpline = $request->variable('bbcode_helpline', '', true); break; }
|
Line 110 | Line 110 |
---|
);
$bbcode_tokens = array('TEXT', 'SIMPLETEXT', 'INTTEXT', 'IDENTIFIER', 'NUMBER', 'EMAIL', 'URL', 'LOCAL_URL', 'RELATIVE_URL', 'COLOR');
|
);
$bbcode_tokens = array('TEXT', 'SIMPLETEXT', 'INTTEXT', 'IDENTIFIER', 'NUMBER', 'EMAIL', 'URL', 'LOCAL_URL', 'RELATIVE_URL', 'COLOR');
|
| $bbcode_tokens = array_merge($bbcode_tokens, ['ALNUM', 'CHOICE', 'FLOAT', 'HASHMAP', 'INT', 'IP', 'IPPORT', 'IPV4', 'IPV6', 'MAP', 'RANGE', 'REGEXP', 'TIMESTAMP', 'UINT']);
|
/** * Modify custom bbcode template data before we display the add/edit form
| /** * Modify custom bbcode template data before we display the add/edit form
|
Line 157 | Line 158 |
---|
* @var string bbcode_tpl The bbcode HTML replacement string * @var string bbcode_helpline The bbcode help line string * @var array hidden_fields Array of hidden fields for use when
|
* @var string bbcode_tpl The bbcode HTML replacement string * @var string bbcode_helpline The bbcode help line string * @var array hidden_fields Array of hidden fields for use when
|
* submitting form when $warn_text is true
| * submitting form when $warn_unsafe is true
|
* @since 3.1.0-a3 */ $vars = array(
| * @since 3.1.0-a3 */ $vars = array(
|
Line 172 | Line 173 |
---|
); extract($phpbb_dispatcher->trigger_event('core.acp_bbcodes_modify_create', compact($vars)));
|
); extract($phpbb_dispatcher->trigger_event('core.acp_bbcodes_modify_create', compact($vars)));
|
$warn_text = preg_match('%<[^>]*\{text[\d]*\}[^>]*>%i', $bbcode_tpl);
| $acp_utils = $phpbb_container->get('text_formatter.acp_utils'); $bbcode_info = $acp_utils->analyse_bbcode($bbcode_match, $bbcode_tpl); $warn_unsafe = ($bbcode_info['status'] === $acp_utils::BBCODE_STATUS_UNSAFE);
|
|
|
if (!$warn_text && !check_form_key($form_key))
| if ($bbcode_info['status'] === $acp_utils::BBCODE_STATUS_INVALID_TEMPLATE) { trigger_error($user->lang['BBCODE_INVALID_TEMPLATE'] . adm_back_link($this->u_action), E_USER_WARNING); } if ($bbcode_info['status'] === $acp_utils::BBCODE_STATUS_INVALID_DEFINITION) { trigger_error($user->lang['BBCODE_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); }
if (!$warn_unsafe && !check_form_key($form_key))
|
{ trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); }
|
{ trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); }
|
if (!$warn_text || confirm_box(true))
| if (!$warn_unsafe || confirm_box(true))
|
{ $data = $this->build_regexp($bbcode_match, $bbcode_tpl);
| { $data = $this->build_regexp($bbcode_match, $bbcode_tpl);
|
Line 196 | Line 208 |
---|
$db->sql_freeresult($result);
// Grab the end, interrogate the last closing tag
|
$db->sql_freeresult($result);
// Grab the end, interrogate the last closing tag
|
if ($info['test'] === '1' || in_array(strtolower($data['bbcode_tag']), $hard_coded) || (preg_match('#\[/([^[]*)]$#', $bbcode_match, $regs) && in_array(strtolower($regs[1]), $hard_coded)))
| if (isset($info['test']) && $info['test'] === '1' || in_array(strtolower($data['bbcode_tag']), $hard_coded) || (preg_match('#\[/([^[]*)]$#', $bbcode_match, $regs) && in_array(strtolower($regs[1]), $hard_coded)) )
|
{ trigger_error($user->lang['BBCODE_INVALID_TAG_NAME'] . adm_back_link($this->u_action), E_USER_WARNING); }
| { trigger_error($user->lang['BBCODE_INVALID_TAG_NAME'] . adm_back_link($this->u_action), E_USER_WARNING); }
|
Line 209 | Line 224 |
---|
else { $test = $data['bbcode_tag'];
|
else { $test = $data['bbcode_tag'];
|
}
if (!preg_match('%\\[' . $test . '[^]]*].*?\\[/' . $test . ']%s', $bbcode_match)) { trigger_error($user->lang['BBCODE_OPEN_ENDED_TAG'] . adm_back_link($this->u_action), E_USER_WARNING);
| |
}
if (strlen($data['bbcode_tag']) > 16)
| }
if (strlen($data['bbcode_tag']) > 16)
|
Line 226 | Line 236 |
---|
trigger_error($user->lang['BBCODE_TAG_DEF_TOO_LONG'] . adm_back_link($this->u_action), E_USER_WARNING); }
|
trigger_error($user->lang['BBCODE_TAG_DEF_TOO_LONG'] . adm_back_link($this->u_action), E_USER_WARNING); }
|
if (strlen($bbcode_helpline) > 255)
| if (strlen($bbcode_helpline) > 3000)
|
{ trigger_error($user->lang['BBCODE_HELPLINE_TOO_LONG'] . adm_back_link($this->u_action), E_USER_WARNING); }
|
{ trigger_error($user->lang['BBCODE_HELPLINE_TOO_LONG'] . adm_back_link($this->u_action), E_USER_WARNING); }
|
| /** * Replace Emojis and other 4bit UTF-8 chars not allowed by MySQL to UCR/NCR. * Using their Numeric Character Reference's Hexadecimal notation. */ $bbcode_helpline = utf8_encode_ucr($bbcode_helpline);
|
$sql_ary = array_merge($sql_ary, array( 'bbcode_tag' => $data['bbcode_tag'],
| $sql_ary = array_merge($sql_ary, array( 'bbcode_tag' => $data['bbcode_tag'],
|
Line 319 | Line 335 |
---|
'action' => $action, 'bbcode' => $bbcode_id, 'bbcode_match' => $bbcode_match,
|
'action' => $action, 'bbcode' => $bbcode_id, 'bbcode_match' => $bbcode_match,
|
'bbcode_tpl' => htmlspecialchars($bbcode_tpl),
| 'bbcode_tpl' => htmlspecialchars($bbcode_tpl, ENT_COMPAT),
|
'bbcode_helpline' => $bbcode_helpline, 'display_on_posting' => $display_on_posting, )))
| 'bbcode_helpline' => $bbcode_helpline, 'display_on_posting' => $display_on_posting, )))
|