/** * Generate regexp for naughty words censoring * Depends on whether installed PHP version supports unicode properties * * @param string $word word template to be replaced * @param bool $use_unicode whether or not to take advantage of PCRE supporting unicode * * @return string $preg_expr regex to use with word censor */ function get_censor_preg_expression($word, $use_unicode = true) { // Unescape the asterisk to simplify further conversions $word = str_replace('\\*', '*', preg_quote($word, '#')); if ($use_unicode && phpbb_pcre_utf8_support()) { // Replace asterisk(s) inside the pattern, at the start and at the end of it with regexes $word = preg_replace(array('#(?<=[\\p{Nd}\\p{L}_])\\*+(?=[\\p{Nd}\\p{L}_])#iu', '#^\\*+#', '#\\*+$#'), array('([\\x20]*?|[\\p{Nd}\\p{L}_-]*?)', '[\\p{Nd}\\p{L}_-]*?', '[\\p{Nd}\\p{L}_-]*?'), $word); // Generate the final substitution $preg_expr = '#(?<![\\p{Nd}\\p{L}_-])(' . $word . ')(?![\\p{Nd}\\p{L}_-])#iu'; } else { // Replace the asterisk inside the pattern, at the start and at the end of it with regexes $word = preg_replace(array('#(?<=\\S)\\*+(?=\\S)#iu', '#^\\*+#', '#\\*+$#'), array('(\\x20*?\\S*?)', '\\S*?', '\\S*?'), $word); // Generate the final substitution $preg_expr = '#(?<!\\S)(' . $word . ')(?!\\S)#iu'; } return $preg_expr; }
function build_regexp(&$bbcode_match, &$bbcode_tpl) { $bbcode_match = trim($bbcode_match); $bbcode_tpl = trim($bbcode_tpl); $utf8 = strpos($bbcode_match, 'INTTEXT') !== false; $utf8_pcre_properties = phpbb_pcre_utf8_support(); $fp_match = preg_quote($bbcode_match, '!'); $fp_replace = preg_replace('#^\\[(.*?)\\]#', '[$1:$uid]', $bbcode_match); $fp_replace = preg_replace('#\\[/(.*?)\\]$#', '[/$1:$uid]', $fp_replace); $sp_match = preg_quote($bbcode_match, '!'); $sp_match = preg_replace('#^\\\\\\[(.*?)\\\\\\]#', '\\[$1:$uid\\]', $sp_match); $sp_match = preg_replace('#\\\\\\[/(.*?)\\\\\\]$#', '\\[/$1:$uid\\]', $sp_match); $sp_replace = $bbcode_tpl; // @todo Make sure to change this too if something changed in message parsing $tokens = array('URL' => array('!(?:(' . str_replace(array('!', '\\#'), array('\\!', '#'), get_preg_expression('url')) . ')|(' . str_replace(array('!', '\\#'), array('\\!', '#'), get_preg_expression('www_url')) . '))!ie' => "\$this->bbcode_specialchars(('\$1') ? '\$1' : 'http://\$2')"), 'LOCAL_URL' => array('!(' . str_replace(array('!', '\\#'), array('\\!', '#'), get_preg_expression('relative_url')) . ')!e' => "\$this->bbcode_specialchars('\$1')"), 'RELATIVE_URL' => array('!(' . str_replace(array('!', '\\#'), array('\\!', '#'), get_preg_expression('relative_url')) . ')!e' => "\$this->bbcode_specialchars('\$1')"), 'EMAIL' => array('!(' . get_preg_expression('email') . ')!ie' => "\$this->bbcode_specialchars('\$1')"), 'TEXT' => array('!(.*?)!es' => "str_replace(array(\"\\r\\n\", '\\\"', '\\'', '(', ')'), array(\"\\n\", '\"', ''', '(', ')'), trim('\$1'))"), 'SIMPLETEXT' => array('!([a-zA-Z0-9-+.,_ ]+)!' => "\$1"), 'INTTEXT' => array($utf8_pcre_properties ? '!([\\p{L}\\p{N}\\-+,_. ]+)!u' : '!([a-zA-Z0-9\\-+,_. ]+)!u' => "\$1"), 'IDENTIFIER' => array('!([a-zA-Z0-9-_]+)!' => "\$1"), 'COLOR' => array('!([a-z]+|#[0-9abcdef]+)!i' => '$1'), 'NUMBER' => array('!([0-9]+)!' => '$1')); $sp_tokens = array('URL' => '(?i)((?:' . str_replace(array('!', '\\#'), array('\\!', '#'), get_preg_expression('url')) . ')|(?:' . str_replace(array('!', '\\#'), array('\\!', '#'), get_preg_expression('www_url')) . '))(?-i)', 'LOCAL_URL' => '(?i)(' . str_replace(array('!', '\\#'), array('\\!', '#'), get_preg_expression('relative_url')) . ')(?-i)', 'RELATIVE_URL' => '(?i)(' . str_replace(array('!', '\\#'), array('\\!', '#'), get_preg_expression('relative_url')) . ')(?-i)', 'EMAIL' => '(' . get_preg_expression('email') . ')', 'TEXT' => '(.*?)', 'SIMPLETEXT' => '([a-zA-Z0-9-+.,_ ]+)', 'INTTEXT' => $utf8_pcre_properties ? '([\\p{L}\\p{N}\\-+,_. ]+)' : '([a-zA-Z0-9\\-+,_. ]+)', 'IDENTIFIER' => '([a-zA-Z0-9-_]+)', 'COLOR' => '([a-zA-Z]+|#[0-9abcdefABCDEF]+)', 'NUMBER' => '([0-9]+)'); $pad = 0; $modifiers = 'i'; $modifiers .= $utf8 && $utf8_pcre_properties ? 'u' : ''; if (preg_match_all('/\\{(' . implode('|', array_keys($tokens)) . ')[0-9]*\\}/i', $bbcode_match, $m)) { foreach ($m[0] as $n => $token) { $token_type = $m[1][$n]; reset($tokens[strtoupper($token_type)]); list($match, $replace) = each($tokens[strtoupper($token_type)]); // Pad backreference numbers from tokens if (preg_match_all('/(?<!\\\\)\\$([0-9]+)/', $replace, $repad)) { $repad = $pad + sizeof(array_unique($repad[0])); $replace = preg_replace('/(?<!\\\\)\\$([0-9]+)/e', "'\${' . (\$1 + \$pad) . '}'", $replace); $pad = $repad; } // Obtain pattern modifiers to use and alter the regex accordingly $regex = preg_replace('/!(.*)!([a-z]*)/', '$1', $match); $regex_modifiers = preg_replace('/!(.*)!([a-z]*)/', '$2', $match); for ($i = 0, $size = strlen($regex_modifiers); $i < $size; ++$i) { if (strpos($modifiers, $regex_modifiers[$i]) === false) { $modifiers .= $regex_modifiers[$i]; if ($regex_modifiers[$i] == 'e') { $fp_replace = "'" . str_replace("'", "\\'", $fp_replace) . "'"; } } if ($regex_modifiers[$i] == 'e') { $replace = "'.{$replace}.'"; } } $fp_match = str_replace(preg_quote($token, '!'), $regex, $fp_match); $fp_replace = str_replace($token, $replace, $fp_replace); $sp_match = str_replace(preg_quote($token, '!'), $sp_tokens[$token_type], $sp_match); // Prepend the board url to local relative links $replace_prepend = $token_type === 'LOCAL_URL' ? generate_board_url() . '/' : ''; $sp_replace = str_replace($token, $replace_prepend . '${' . ($n + 1) . '}', $sp_replace); } $fp_match = '!' . $fp_match . '!' . $modifiers; $sp_match = '!' . $sp_match . '!s' . ($utf8 ? 'u' : ''); if (strpos($fp_match, 'e') !== false) { $fp_replace = str_replace("'.'", '', $fp_replace); $fp_replace = str_replace(".''.", '.', $fp_replace); } } else { // No replacement is present, no need for a second-pass pattern replacement // A simple str_replace will suffice $fp_match = '!' . $fp_match . '!' . $modifiers; $sp_match = $fp_replace; $sp_replace = ''; } // Lowercase tags $bbcode_tag = preg_replace('/.*?\\[([a-z0-9_-]+=?).*/i', '$1', $bbcode_match); $bbcode_search = preg_replace('/.*?\\[([a-z0-9_-]+)=?.*/i', '$1', $bbcode_match); if (!preg_match('/^[a-zA-Z0-9_-]+=?$/', $bbcode_tag)) { global $user; trigger_error($user->lang['BBCODE_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); } $fp_match = preg_replace('#\\[/?' . $bbcode_search . '#ie', "strtolower('\$0')", $fp_match); $fp_replace = preg_replace('#\\[/?' . $bbcode_search . '#ie', "strtolower('\$0')", $fp_replace); $sp_match = preg_replace('#\\[/?' . $bbcode_search . '#ie', "strtolower('\$0')", $sp_match); $sp_replace = preg_replace('#\\[/?' . $bbcode_search . '#ie', "strtolower('\$0')", $sp_replace); return array('bbcode_tag' => $bbcode_tag, 'first_pass_match' => $fp_match, 'first_pass_replace' => $fp_replace, 'second_pass_match' => $sp_match, 'second_pass_replace' => $sp_replace); }
/** * Check to see if the password meets the complexity settings * * @return boolean|string Either false if validation succeeded or a string which will be used as the error message (with the variable name appended) */ function validate_password($password) { global $config; if ($password === '' || $config['pass_complex'] === 'PASS_TYPE_ANY') { // Password empty or no password complexity required. return false; } $pcre = $mbstring = false; // generic UTF-8 character types supported? if (phpbb_pcre_utf8_support()) { $upp = '\\p{Lu}'; $low = '\\p{Ll}'; $num = '\\p{N}'; $sym = '[^\\p{Lu}\\p{Ll}\\p{N}]'; $pcre = true; } else { if (function_exists('mb_ereg_match')) { mb_regex_encoding('UTF-8'); $upp = '[[:upper:]]'; $low = '[[:lower:]]'; $num = '[[:digit:]]'; $sym = '[^[:upper:][:lower:][:digit:]]'; $mbstring = true; } else { $upp = '[A-Z]'; $low = '[a-z]'; $num = '[0-9]'; $sym = '[^A-Za-z0-9]'; $pcre = true; } } $chars = array(); switch ($config['pass_complex']) { // No break statements below ... // We require strong passwords in case pass_complex is not set or is invalid default: // Require mixed case letters, numbers and symbols // Require mixed case letters, numbers and symbols case 'PASS_TYPE_SYMBOL': $chars[] = $sym; // Require mixed case letters and numbers // Require mixed case letters and numbers case 'PASS_TYPE_ALPHA': $chars[] = $num; // Require mixed case letters // Require mixed case letters case 'PASS_TYPE_CASE': $chars[] = $low; $chars[] = $upp; } if ($pcre) { foreach ($chars as $char) { if (!preg_match('#' . $char . '#u', $password)) { return 'INVALID_CHARS'; } } } else { if ($mbstring) { foreach ($chars as $char) { if (mb_ereg($char, $password) === false) { return 'INVALID_CHARS'; } } } } return false; }