function securityPostFilter($s) { $s = str_replace("\r\n", "\n", $s); $s = EatThatPork($s); $s = preg_replace("@(on)(\\w+?\\s*?)=@si", '$1$2=', $s); $s = preg_replace('@<(/?(?:script|meta|xmp|plaintext|noscript|iframe|embed|object|base|textarea))@si', '<$1', $s); // convert youtube tags now that we ran the security filter $s = preg_replace('@\\[youtube\\]([a-zA-Z0-9-_]{11})\\[/youtube\\]@i', '<iframe width="560" height="315" src="//www.youtube.com/embed/$1" frameborder="0" allowfullscreen></iframe>', $s); $s = preg_replace("'-moz-binding'si", " -mo<em></em>z-binding", $s); //$s = preg_replace("'filter:'si","filter<em></em>:>", $s); //$s = preg_replace("'javascript:'si","javascript<em></em>:>", $s); // TODO do it more nicely $s = preg_replace_callback("@(href|src)\\s*=\\s*\"([^\"]+)\"@si", "FilterJS", $s); $s = preg_replace_callback("@(href|src)\\s*=\\s*'([^']+)'@si", "FilterJS", $s); $s = preg_replace_callback("@(href|src)\\s*=\\s*([^\\s>]+)@si", "FilterJS", $s); return $s; }
function CleanUpPost($postText, $poster = "", $noSmilies = false, $noBr = false) { global $smilies, $text; static $orig, $repl; LoadSmilies(); $s = $postText; $s = str_replace("\r\n", "\n", $s); $s = EatThatPork($s); $s = preg_replace_callback("'\\[source=(.*?)\\](.*?)\\[/source\\]'si", "GeshiCallbackL", $s); $s = preg_replace_callback("'\\[source\\](.*?)\\[/source\\]'si", "GeshiCallback", $s); $s = preg_replace_callback("'\\[user=([0-9]+)\\]'si", "MakeUserLink", $s); //$s = str_replace("Xkeeper","XKitten", $s); //I couldn't help myself -- Kawa //$s = preg_replace("'([c|C])lassic'si","\\1lbuttic", $s); //Same here -- Kawa $s = preg_replace_callback("'\\[code\\](.*?)\\[/code\\]'si", 'code_block', $s); $s = preg_replace("'\\[b\\](.*?)\\[/b\\]'si", "<strong>\\1</strong>", $s); $s = preg_replace("'\\[i\\](.*?)\\[/i\\]'si", "<em>\\1</em>", $s); $s = preg_replace("'\\[u\\](.*?)\\[/u\\]'si", "<u>\\1</u>", $s); $s = preg_replace("'\\[s\\](.*?)\\[/s\\]'si", "<del>\\1</del>", $s); $s = preg_replace("'<b>(.*?)\\</b>'si", "<strong>\\1</strong>", $s); $s = preg_replace("'<i>(.*?)\\</i>'si", "<em>\\1</em>", $s); $s = preg_replace("'<u>(.*?)\\</u>'si", "<span class=\"underline\">\\1</span>", $s); $s = preg_replace("'<s>(.*?)\\</s>'si", "<del>\\1</del>", $s); //Do we need this? //$s = preg_replace("'\[c=([0123456789ABCDEFabcdef]+)\](.*?)\[/c\]'si","<span style=\"color: #\\1\">\\2</span>", $s); if ($noBr == FALSE) { $s = str_replace("\n", "<br />", $s); } //Blacklisted tags $badTags = array('script', 'iframe', 'frame', 'blink', 'textarea', 'noscript', 'meta', 'xmp', 'plaintext', 'marquee', 'embed', 'object'); foreach ($badTags as $tag) { $s = preg_replace("'<{$tag}(.*?)>'si", "<{$tag}\\1>", $s); $s = preg_replace("'</{$tag}(.*?)>'si", "</{$tag}>", $s); } //Bad sites $s = preg_replace("'g****e'si", "goat<span>se</span>", $s); $s = preg_replace("'tubgirl.com'si", "www.youtube.com/watch?v=EK2tWVj6lXw", $s); $s = preg_replace("'ogrish.com'si", "www.youtube.com/watch?v=2iveTJXcp6k", $s); $s = preg_replace("'liveleak.com'si", "www.youtube.com/watch?v=xhLxnlNcxv8", $s); $s = preg_replace("'charonboat.com'si", "www.youtube.com/watch?v=c9BA5e2Of_U", $s); $s = preg_replace("'shrewsburycollege.co.uk'si", "www.youtube.com/watch?v=EK2tWVj6lXw", $s); $s = preg_replace("'lemonparty.com'si", "www.youtube.com/watch?v=EK2tWVj6lXw", $s); $s = preg_replace("'meatspin.com'si", "www.youtube.com/watch?v=2iveTJXcp6k", $s); //Various other stuff //[SUGGESTION] Block "display: none" instead of just "display:" -- Mega-Mario $s = preg_replace("'display:'si", "display<em></em>:", $s); $s = preg_replace("@(on)(\\w+?\\s*?)=@si", '$1$2=', $s); $s = preg_replace("'-moz-binding'si", " -mo<em></em>z-binding", $s); $s = preg_replace("'filter:'si", "filter<em></em>:>", $s); $s = preg_replace("'javascript:'si", "javascript<em></em>:>", $s); $s = str_replace("[spoiler]", "<div class=\"spoiler\"><button onclick=\"toggleSpoiler(this.parentNode);\">Show spoiler</button><div class=\"spoiled hidden\">", $s); $s = preg_replace("'\\[spoiler=(.*?)\\]'si", "<div class=\"spoiler\"><button onclick=\"toggleSpoiler(this.parentNode);\" class=\"named\">\\1</button><div class=\"spoiled hidden\">", $s); $s = str_replace("[/spoiler]", "</div></div>", $s); $s = preg_replace("'\\[url\\](.*?)\\[/url\\]'si", "<a href=\"\\1\">\\1</a>", $s); $s = preg_replace("'\\[url=[\\'\"]?(.*?)[\\'\"]?\\](.*?)\\[/url\\]'si", "<a href=\"\\1\">\\2</a>", $s); $s = preg_replace("'\\[url=(.*?)\\](.*?)\\[/url\\]'si", "<a href=\"\\1\">\\2</a>", $s); $s = preg_replace("'\\[img\\](.*?)\\[/img\\]'si", "<img src=\"\\1\" alt=\"\">", $s); $s = preg_replace("'\\[img=(.*?)\\](.*?)\\[/img\\]'si", "<img src=\"\\1\" alt=\"\\2\" title=\"\\2\">", $s); $s = str_replace("[quote]", "<blockquote><div><hr />", $s); $s = str_replace("[/quote]", "<hr /></div></blockquote>", $s); $s = preg_replace("'\\[quote=\"(.*?)\" id=\"(.*?)\"\\]'si", "<blockquote><div><small><i>Posted by <a href=\"thread.php?pid=\\2#\\2\">\\1</a></i></small><hr />", $s); $s = preg_replace("'\\[quote=(.*?)\\]'si", "<blockquote><div><small><i>Posted by \\1</i></small><hr />", $s); $s = preg_replace("'\\[reply=\"(.*?)\"\\]'si", "<blockquote><div><small><i>Sent by \\1</i></small><hr />", $s); $bucket = "bbCode"; include "./lib/pluginloader.php"; $s = preg_replace_callback("@(href|src)\\s*=\\s*\"([^\"]+)\"@si", "FilterJS", $s); $s = preg_replace_callback("@(href|src)\\s*=\\s*'([^']+)'@si", "FilterJS", $s); $s = preg_replace_callback("@(href|src)\\s*=\\s*([^\\s>]+)@si", "FilterJS", $s); $s = preg_replace("'>>([0-9]+)'si", ">><a href=\"thread.php?pid=\\1#\\1\">\\1</a>", $s); if ($poster) { $s = preg_replace("'/me '", "<b>* " . $poster . "</b> ", $s); } //Smilies if (!$noSmilies) { if (!isset($orig)) { $orig = $repl = array(); for ($i = 0; $i < count($smilies); $i++) { $orig[] = "/(?<=.\\W|\\W.|^\\W)" . preg_quote($smilies[$i]['code'], "/") . "(?=.\\W|\\W.|\\W\$)/"; $repl[] = "<img src=\"img/smilies/" . $smilies[$i]['image'] . "\" />"; } } $s = preg_replace($orig, $repl, " " . $s . " "); $s = substr($s, 1, -1); } $s = preg_replace_callback("@<a[^>]+href\\s*=\\s*\"(.*?)\"@si", 'ApplyNetiquetteToLinks', $s); $s = preg_replace_callback("@<a[^>]+href\\s*=\\s*'(.*?)'@si", 'ApplyNetiquetteToLinks', $s); $s = preg_replace_callback("@<a[^>]+href\\s*=\\s*([^\"'][^\\s>]*)@si", 'ApplyNetiquetteToLinks', $s); include "macros.php"; foreach ($macros as $macro => $img) { $s = str_replace(":" . $macro . ":", "<img src=\"img/macros/" . $img . "\" alt=\":" . $macro . ":\" />", $s); } return $s; }