/**
* Format an [img] tag. The URL only allows http, https, and ftp protocols for safety.
*
* @param BBCode $bbcode The {@link BBCode} object doing the parsing.
* @param int $action The current action being performed on the tag.
* @param string $name The name of the tag.
* @param string $default The default value passed to the tag in the form: `[tag=default]`.
* @param array $params All of the parameters passed to the tag.
* @param string $content The content of the tag. Only available when {@link $action} is **BBCODE_OUTPUT**.
* @return string Returns the image tag.
*/
public function doImage(BBCode $bbcode, $action, $name, $default, $params, $content)
{
// We can't validate this until we have its content.
if ($action == BBCode::BBCODE_CHECK) {
return true;
}
$content = trim($bbcode->unHTMLEncode(strip_tags($content)));
if (empty($content) && $default) {
$content = $default;
}
$urlParts = parse_url($content);
if (is_array($urlParts)) {
if (!empty($urlParts['path']) && empty($urlParts['scheme']) && !preg_match('`^\\.{0,2}/`', $urlParts['path']) && in_array(pathinfo($urlParts['path'], PATHINFO_EXTENSION), $this->imageExtensions)) {
$localImgURL = $bbcode->getLocalImgURL();
return "<img src=\"" . htmlspecialchars((empty($localImgURL) ? '' : $localImgURL . '/') . ltrim($urlParts['path'], '/')) . '" alt="' . htmlspecialchars(basename($content)) . '" class="bbcode_img" />';
} elseif ($bbcode->isValidURL($content, false)) {
// Remote URL, or at least we don't know where it is.
return '<img src="' . htmlspecialchars($content) . '" alt="' . htmlspecialchars(basename($content)) . '" class="bbcode_img" />';
}
}
return htmlspecialchars($params['_tag']) . htmlspecialchars($content) . htmlspecialchars($params['_endtag']);
}
