static $pattern_mail = '([\.\-\+~@_0-9a-z]+?)';
// Only allow strings occuring in URLs: &;?:.-_@/, 0-9, a-z
- static $pattern_url = '([@!=~\?:&;0-9a-z#\.\-_\/]+?)';
+ static $pattern_url = '([@!=~\?:&;0-9a-z#\.\-_\/,]+?)';
// Disallow possibly evil HTML characters which may lead to Javascript XSS: '"();
static $pattern_query = '([^"\'\(\);]+?)';
-
- // Note:
+
+ // Note:
// * Anything between <xxx>...</xxx> tags will be caught by htmlspecialchars() and disallows custom HTML tags.
// * (?::\w+)? means "non capturing" match on any word character.
- // * (?<!\\\\) means any bbcode which is not prefixed by \[...]
-
+ // * (?<!\\\\) means any bbcode which is not prefixed by \[...]
+
if ($bbcodes === null) {
$bbcodes = array(
'/(?<!\\\\)\[color(?::\w+)?=' . $pattern_css . '\](.*?)\[\/color(?::\w+)?\]/si' => "<span style=\"color:\\1\">\\2</span>",
'/(?<!\\\\)\[size(?::\w+)?=' . $pattern_css . '\](.*?)\[\/size(?::\w+)?\]/si' => "<span style=\"font-size:\\1\">\\2</span>",
'/(?<!\\\\)\[font(?::\w+)?=' . $pattern_css . '\](.*?)\[\/font(?::\w+)?\]/si' => "<span style=\"font-family:\\1\">\\2</span>",
'/(?<!\\\\)\[align(?::\w+)?=' . $pattern_css . '\](.*?)\[\/align(?::\w+)?\]/si' => "<div style=\"text-align:\\1\">\\2</div>",
-
+
'/(?<!\\\\)\[b(?::\w+)?\](.*?)\[\/b(?::\w+)?\]/si' => "<span style=\"font-weight:bold\">\\1</span>",
'/(?<!\\\\)\[i(?::\w+)?\](.*?)\[\/i(?::\w+)?\]/si' => "<span style=\"font-style:italic\">\\1</span>",
'/(?<!\\\\)\[u(?::\w+)?\](.*?)\[\/u(?::\w+)?\]/si' => "<span style=\"text-decoration:underline\">\\1</span>",
// [email]
'/(?<!\\\\)\[email(?::\w+)?\]' . $pattern_mail . '\[\/email(?::\w+)?\]/si' => "<a href=\"mailto:\\1\" class=\"bb-email\">\\1</a>",
'/(?<!\\\\)\[email(?::\w+)?=' . $pattern_mail . '\](.*?)\[\/email(?::\w+)?\]/si' => "<a href=\"mailto:\\1\" class=\"bb-email\">\\2</a>",
-
+
// [url]
'/(?<!\\\\)\[(google|search)\]' . $pattern_query . '\[\/(google|search)\]/si' => "<a href=\"http://www.google.com/search?q=\\2\" target=\"_blank\" class=\"bb-url\">\\2</a>",
'/(?<!\\\\)\[url(?::\w+)?\]www\.' . $pattern_url . '\[\/url(?::\w+)?\]/si' => "<a href=\"http://www.\\1\" target=\"_blank\" class=\"bb-url\">\\1</a>",
'/(?<!\\\\)\[url(?::\w+)?\]' . $pattern_url . '\[\/url(?::\w+)?\]/si' => "<a href=\"\\1\" target=\"_blank\" class=\"bb-url\">\\1</a>",
'/(?<!\\\\)\[url(?::\w+)?=' . $pattern_url . '?\](.*?)\[\/url(?::\w+)?\]/si' => "<a href=\"\\1\" target=\"_blank\" class=\"bb-url\">\\2</a>",
-
+
// [img]
'/(?<!\\\\)\[img(?::\w+)?\]' . $pattern_url . '\[\/img(?::\w+)?\]/si' => "<img src=\"\\1\" alt=\"\\1\" class=\"bb-image\" />",
'/(?<!\\\\)\[img(?::\w+)?=([0-9]*?)x([0-9]*?)\]' . $pattern_url . '\[\/img(?::\w+)?\]/si' => "<img width=\"\\1\" height=\"\\2\" src=\"\\3\" alt=\"\\3\" class=\"bb-image\" />",
-
+
// [quote]
'/(?<!\\\\)\[quote(?::\w+)?\](.*?)\[\/quote(?::\w+)?\]/si' => "<div class=\"bb-code-title\">QUOTE:<div class=\"bb-code\">\\1</div></div>",
'/(?<!\\\\)\[quote(?::\w+)?=(?:"|"|\')?(.*?)["\']?(?:"|"|\')?\](.*?)\[\/quote\]/si' => "<div class=\"bb-code-title\">QUOTE \\1:<div class=\"bb-code\">\\2</div></div>",
-
+
// [list]
'/(?<!\\\\)(?:\s*<br\s*\/?>\s*)?\[\*(?::\w+)?\](.*?)(?=(?:\s*<br\s*\/?>\s*)?\[\*|(?:\s*<br\s*\/?>\s*)?\[\/?list)/si' => "\n<li class=\"bb-listitem\">\\1</li>",
'/(?<!\\\\)(?:\s*<br\s*\/?>\s*)?\[\/list(:(?!u|o)\w+)?\](?:<br\s*\/?>)?/si' => "\n</ul>",
'/(?<!\\\\)(?:\s*<br\s*\/?>\s*)?\[list(?::o)?(:\w+)?=I\]\s*(?:<br\s*\/?>)?/s' => "\n<ol class=\"bb-list-ordered,bb-list-ordered-ur\">",
'/(?<!\\\\)(?:\s*<br\s*\/?>\s*)?\[list(?::o)?(:\w+)?=a\]\s*(?:<br\s*\/?>)?/s' => "\n<ol class=\"bb-list-ordered,bb-list-ordered-la\">",
'/(?<!\\\\)(?:\s*<br\s*\/?>\s*)?\[list(?::o)?(:\w+)?=A\]\s*(?:<br\s*\/?>)?/s' => "\n<ol class=\"bb-list-ordered,bb-list-ordered-ua\">",
-
+
// escaped tags like \[b], \[color], \[url], ...
'/\\\\(\[\/?\w+(?::\w+)*\])/' => "\\1"
);
projects / s9y.git / commitdiff