From: garvinhicking <garvinhicking>
Date: Sun, 5 Mar 2006 19:41:45 +0000 (+0000)
Subject: also allow "," in URLs.
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=e4b9df1301acb1a04fedc2fa1bbadbd4e89c0096;p=s9y.git

also allow "," in URLs.
---

diff --git a/plugins/serendipity_event_bbcode/serendipity_event_bbcode.php b/plugins/serendipity_event_bbcode/serendipity_event_bbcode.php
index 805c649..3159108 100644
--- a/plugins/serendipity_event_bbcode/serendipity_event_bbcode.php
+++ b/plugins/serendipity_event_bbcode/serendipity_event_bbcode.php
@@ -149,23 +149,23 @@ class serendipity_event_bbcode extends serendipity_event
         static $pattern_mail  = '([\.\-\+~@_0-9a-z]+?)';
 
         // Only allow strings occuring in URLs: &;?:.-_@/, 0-9, a-z
-        static $pattern_url   = '([@!=~\?:&;0-9a-z#\.\-_\/]+?)';
+        static $pattern_url   = '([@!=~\?:&;0-9a-z#\.\-_\/,]+?)';
 
         // Disallow possibly evil HTML characters which may lead to Javascript XSS: '"();
         static $pattern_query = '([^"\'\(\);]+?)';
-        
-        // Note: 
+
+        // Note:
         //  * Anything between <xxx>...</xxx> tags will be caught by htmlspecialchars() and disallows custom HTML tags.
         //  * (?::\w+)? means "non capturing" match on any word character.
-        //  * (?<!\\\\) means any bbcode which is not prefixed by \[...]        
-        
+        //  * (?<!\\\\) means any bbcode which is not prefixed by \[...]
+
         if ($bbcodes === null) {
             $bbcodes = array(
               '/(?<!\\\\)\[color(?::\w+)?=' . $pattern_css . '\](.*?)\[\/color(?::\w+)?\]/si'                 => "<span style=\"color:\\1\">\\2</span>",
               '/(?<!\\\\)\[size(?::\w+)?='  . $pattern_css . '\](.*?)\[\/size(?::\w+)?\]/si'                  => "<span style=\"font-size:\\1\">\\2</span>",
               '/(?<!\\\\)\[font(?::\w+)?='  . $pattern_css . '\](.*?)\[\/font(?::\w+)?\]/si'                  => "<span style=\"font-family:\\1\">\\2</span>",
               '/(?<!\\\\)\[align(?::\w+)?=' . $pattern_css . '\](.*?)\[\/align(?::\w+)?\]/si'                 => "<div style=\"text-align:\\1\">\\2</div>",
-    
+
               '/(?<!\\\\)\[b(?::\w+)?\](.*?)\[\/b(?::\w+)?\]/si'                                              => "<span style=\"font-weight:bold\">\\1</span>",
               '/(?<!\\\\)\[i(?::\w+)?\](.*?)\[\/i(?::\w+)?\]/si'                                              => "<span style=\"font-style:italic\">\\1</span>",
               '/(?<!\\\\)\[u(?::\w+)?\](.*?)\[\/u(?::\w+)?\]/si'                                              => "<span style=\"text-decoration:underline\">\\1</span>",
@@ -174,21 +174,21 @@ class serendipity_event_bbcode extends serendipity_event
               // [email]
               '/(?<!\\\\)\[email(?::\w+)?\]' . $pattern_mail . '\[\/email(?::\w+)?\]/si'                      => "<a href=\"mailto:\\1\" class=\"bb-email\">\\1</a>",
               '/(?<!\\\\)\[email(?::\w+)?='  . $pattern_mail . '\](.*?)\[\/email(?::\w+)?\]/si'               => "<a href=\"mailto:\\1\" class=\"bb-email\">\\2</a>",
-    
+
               // [url]
               '/(?<!\\\\)\[(google|search)\]'   . $pattern_query . '\[\/(google|search)\]/si'                 => "<a href=\"http://www.google.com/search?q=\\2\" target=\"_blank\" class=\"bb-url\">\\2</a>",
               '/(?<!\\\\)\[url(?::\w+)?\]www\.' . $pattern_url   . '\[\/url(?::\w+)?\]/si'                    => "<a href=\"http://www.\\1\" target=\"_blank\" class=\"bb-url\">\\1</a>",
               '/(?<!\\\\)\[url(?::\w+)?\]'      . $pattern_url   . '\[\/url(?::\w+)?\]/si'                    => "<a href=\"\\1\" target=\"_blank\" class=\"bb-url\">\\1</a>",
               '/(?<!\\\\)\[url(?::\w+)?='       . $pattern_url   . '?\](.*?)\[\/url(?::\w+)?\]/si'            => "<a href=\"\\1\" target=\"_blank\" class=\"bb-url\">\\2</a>",
-    
+
               // [img]
               '/(?<!\\\\)\[img(?::\w+)?\]' . $pattern_url . '\[\/img(?::\w+)?\]/si'                           => "<img src=\"\\1\" alt=\"\\1\" class=\"bb-image\" />",
               '/(?<!\\\\)\[img(?::\w+)?=([0-9]*?)x([0-9]*?)\]' . $pattern_url . '\[\/img(?::\w+)?\]/si'       => "<img width=\"\\1\" height=\"\\2\" src=\"\\3\" alt=\"\\3\" class=\"bb-image\" />",
-    
+
               // [quote]
               '/(?<!\\\\)\[quote(?::\w+)?\](.*?)\[\/quote(?::\w+)?\]/si'                                      => "<div class=\"bb-code-title\">QUOTE:<div class=\"bb-code\">\\1</div></div>",
               '/(?<!\\\\)\[quote(?::\w+)?=(?:&quot;|"|\')?(.*?)["\']?(?:&quot;|"|\')?\](.*?)\[\/quote\]/si'   => "<div class=\"bb-code-title\">QUOTE \\1:<div class=\"bb-code\">\\2</div></div>",
-    
+
               // [list]
               '/(?<!\\\\)(?:\s*<br\s*\/?>\s*)?\[\*(?::\w+)?\](.*?)(?=(?:\s*<br\s*\/?>\s*)?\[\*|(?:\s*<br\s*\/?>\s*)?\[\/?list)/si' => "\n<li class=\"bb-listitem\">\\1</li>",
               '/(?<!\\\\)(?:\s*<br\s*\/?>\s*)?\[\/list(:(?!u|o)\w+)?\](?:<br\s*\/?>)?/si'    => "\n</ul>",
@@ -202,7 +202,7 @@ class serendipity_event_bbcode extends serendipity_event
               '/(?<!\\\\)(?:\s*<br\s*\/?>\s*)?\[list(?::o)?(:\w+)?=I\]\s*(?:<br\s*\/?>)?/s'  => "\n<ol class=\"bb-list-ordered,bb-list-ordered-ur\">",
               '/(?<!\\\\)(?:\s*<br\s*\/?>\s*)?\[list(?::o)?(:\w+)?=a\]\s*(?:<br\s*\/?>)?/s'  => "\n<ol class=\"bb-list-ordered,bb-list-ordered-la\">",
               '/(?<!\\\\)(?:\s*<br\s*\/?>\s*)?\[list(?::o)?(:\w+)?=A\]\s*(?:<br\s*\/?>)?/s'  => "\n<ol class=\"bb-list-ordered,bb-list-ordered-ua\">",
-    
+
               // escaped tags like \[b], \[color], \[url], ...
               '/\\\\(\[\/?\w+(?::\w+)*\])/'                                      => "\\1"
             );