Forums / QdbS Support / Modification - BBcode parsing UPDATED v1.1 - QdbS

Forums

QdbS - Quote database System :: Forums :: QdbS Support

<< Previous thread | Next thread >>

Modification - BBcode parsing UPDATED v1.1

Author

Post

tyteen4a03

Tue May 18 2010, 08:23:21

Registered Member #27
Joined: Sat Nov 07 2009, 15:40:14
Posts: 16

My quote system's users has been requesting for this, so I came up with this.

Original script by rothenbergxxx at gmail dot com and ramonvandam AT gmail DOT com, QdbS implementation by tyteen4a03

v1.1:
-Changed the time BBcodes in a quote is parsed, which allows editing for later use

Install:
1. Create new file called functions.php and put these things inside:








function bb_parse($string) {

    while (preg_match_all('`\[(.+?)=?(.*?)\](.+?)\[/\1\]`', $string, $matches)) foreach ($matches[0] as $key => $match) {

        list($tag, $param, $innertext) = array($matches[1][$key], $matches[2][$key], $matches[3][$key]);

        switch ($tag) {

                case 'b': $replacement = "<strong>$innertext</strong>"; break;

                case 'i': $replacement = "<em>$innertext</em>"; break;

                case 'size': $replacement = "<span style=\"font-size: $param;\">$innertext</span>"; break;

                case 'color': $replacement = "<span style=\"color: $param;\">$innertext</span>"; break;

                case 'center': $replacement = "<div class=\"centered\">$innertext</div>"; break;

                case 'quote': $replacement = "<blockquote>$innertext</blockquote>" . $param? "<cite>$param</cite>" : ''; break;

                case 'url': $replacement = '<a href="' . ($param? $param : $innertext) . "\">$innertext</a>"; break;

                case 'img':

                    list($width, $height) = preg_split('`[Xx]`', $param);

                    $replacement = "<img src=\"$innertext\" " . (is_numeric($width)? "width=\"$width\" " : '') . (is_numeric($height)? "height=\"$height\" " : '') . '/>';

                break;

                case 'video':

                    $videourl = parse_url($innertext);

                    parse_str($videourl['query'], $videoquery);

                    if (strpos($videourl['host'], 'youtube.com') !== FALSE) $replacement = '<embed src="http://www.youtube.com/v/' . $videoquery['v'] . '" type="application/x-shockwave-flash" width="425" height="344"></embed>';

                    if (strpos($videourl['host'], 'google.com') !== FALSE) $replacement = '<embed src="http://video.google.com/googleplayer.swf?docid=' . $videoquery['docid'] . '" width="400" height="326" type="application/x-shockwave-flash"></embed>';

                break; 

            }

            $string = str_replace($match, $replacement, $string);

        }

        return $string;

    }

2. Open classes.php, find:




include("settings.php");

Add below:




include("functions.php");

3. Open index.php
Find:




$tpl->set('quote', $row['quote']);

Replace with:




$tpl->set('quote', bb_parse($row['quote']));

(There should be around 9 replacements)

Currently the supported BBcode are listed in functions.php.

[ Edited Wed Jul 28 2010, 19:05:07 ]

Jobe

Wed May 26 2010, 11:56:03

Joined: Mon Oct 08 2007, 16:54:30
Posts: 35

You should really still keep the htmlspecialchars() in there somewhere otherwise quote subissions will be able to include HTML and as a result will be XSS vulnerable.

For example instead of using:
$quote = bb_parse($_POST['quote']);

A better example would be:
$quote = bb_parse(htmlspecialchars($_POST['quote']));

[ Edited Wed May 26 2010, 11:57:48 ]

tyteen4a03

Fri Jun 04 2010, 14:32:59

Registered Member #27
Joined: Sat Nov 07 2009, 15:40:14
Posts: 16

Yes, thanks :D

Moderators: Jobe, Eck

Main Menu

Search QdbS - Quote database System

Date / Time

Forums

Welcome

Online

Latest Forum Posts