function securityPostFilter($s)
{
$s = str_replace("\r\n", "\n", $s);
$s = EatThatPork($s);
$s = preg_replace("@(on)(\\w+?\\s*?)=@si", '$1$2=', $s);
$s = preg_replace('@<(/?(?:script|meta|xmp|plaintext|noscript|iframe|embed|object|base|textarea))@si', '<$1', $s);
// convert youtube tags now that we ran the security filter
$s = preg_replace('@\\[youtube\\]([a-zA-Z0-9-_]{11})\\[/youtube\\]@i', '<iframe width="560" height="315" src="//www.youtube.com/embed/$1" frameborder="0" allowfullscreen></iframe>', $s);
$s = preg_replace("'-moz-binding'si", " -mo<em></em>z-binding", $s);
//$s = preg_replace("'filter:'si","filter<em></em>:>", $s);
//$s = preg_replace("'javascript:'si","javascript<em></em>:>", $s);
// TODO do it more nicely
$s = preg_replace_callback("@(href|src)\\s*=\\s*\"([^\"]+)\"@si", "FilterJS", $s);
$s = preg_replace_callback("@(href|src)\\s*=\\s*'([^']+)'@si", "FilterJS", $s);
$s = preg_replace_callback("@(href|src)\\s*=\\s*([^\\s>]+)@si", "FilterJS", $s);
return $s;
}
function CleanUpPost($postText, $poster = "", $noSmilies = false, $noBr = false)
{
global $smilies, $text;
static $orig, $repl;
LoadSmilies();
$s = $postText;
$s = str_replace("\r\n", "\n", $s);
$s = EatThatPork($s);
$s = preg_replace_callback("'\\[source=(.*?)\\](.*?)\\[/source\\]'si", "GeshiCallbackL", $s);
$s = preg_replace_callback("'\\[source\\](.*?)\\[/source\\]'si", "GeshiCallback", $s);
$s = preg_replace_callback("'\\[user=([0-9]+)\\]'si", "MakeUserLink", $s);
//$s = str_replace("Xkeeper","XKitten", $s); //I couldn't help myself -- Kawa
//$s = preg_replace("'([c|C])lassic'si","\\1lbuttic", $s); //Same here -- Kawa
$s = preg_replace_callback("'\\[code\\](.*?)\\[/code\\]'si", 'code_block', $s);
$s = preg_replace("'\\[b\\](.*?)\\[/b\\]'si", "<strong>\\1</strong>", $s);
$s = preg_replace("'\\[i\\](.*?)\\[/i\\]'si", "<em>\\1</em>", $s);
$s = preg_replace("'\\[u\\](.*?)\\[/u\\]'si", "<u>\\1</u>", $s);
$s = preg_replace("'\\[s\\](.*?)\\[/s\\]'si", "<del>\\1</del>", $s);
$s = preg_replace("'<b>(.*?)\\</b>'si", "<strong>\\1</strong>", $s);
$s = preg_replace("'<i>(.*?)\\</i>'si", "<em>\\1</em>", $s);
$s = preg_replace("'<u>(.*?)\\</u>'si", "<span class=\"underline\">\\1</span>", $s);
$s = preg_replace("'<s>(.*?)\\</s>'si", "<del>\\1</del>", $s);
//Do we need this?
//$s = preg_replace("'\[c=([0123456789ABCDEFabcdef]+)\](.*?)\[/c\]'si","<span style=\"color: #\\1\">\\2</span>", $s);
if ($noBr == FALSE) {
$s = str_replace("\n", "<br />", $s);
}
//Blacklisted tags
$badTags = array('script', 'iframe', 'frame', 'blink', 'textarea', 'noscript', 'meta', 'xmp', 'plaintext', 'marquee', 'embed', 'object');
foreach ($badTags as $tag) {
$s = preg_replace("'<{$tag}(.*?)>'si", "<{$tag}\\1>", $s);
$s = preg_replace("'</{$tag}(.*?)>'si", "</{$tag}>", $s);
}
//Bad sites
$s = preg_replace("'g****e'si", "goat<span>se</span>", $s);
$s = preg_replace("'tubgirl.com'si", "www.youtube.com/watch?v=EK2tWVj6lXw", $s);
$s = preg_replace("'ogrish.com'si", "www.youtube.com/watch?v=2iveTJXcp6k", $s);
$s = preg_replace("'liveleak.com'si", "www.youtube.com/watch?v=xhLxnlNcxv8", $s);
$s = preg_replace("'charonboat.com'si", "www.youtube.com/watch?v=c9BA5e2Of_U", $s);
$s = preg_replace("'shrewsburycollege.co.uk'si", "www.youtube.com/watch?v=EK2tWVj6lXw", $s);
$s = preg_replace("'lemonparty.com'si", "www.youtube.com/watch?v=EK2tWVj6lXw", $s);
$s = preg_replace("'meatspin.com'si", "www.youtube.com/watch?v=2iveTJXcp6k", $s);
//Various other stuff
//[SUGGESTION] Block "display: none" instead of just "display:" -- Mega-Mario
$s = preg_replace("'display:'si", "display<em></em>:", $s);
$s = preg_replace("@(on)(\\w+?\\s*?)=@si", '$1$2=', $s);
$s = preg_replace("'-moz-binding'si", " -mo<em></em>z-binding", $s);
$s = preg_replace("'filter:'si", "filter<em></em>:>", $s);
$s = preg_replace("'javascript:'si", "javascript<em></em>:>", $s);
$s = str_replace("[spoiler]", "<div class=\"spoiler\"><button onclick=\"toggleSpoiler(this.parentNode);\">Show spoiler</button><div class=\"spoiled hidden\">", $s);
$s = preg_replace("'\\[spoiler=(.*?)\\]'si", "<div class=\"spoiler\"><button onclick=\"toggleSpoiler(this.parentNode);\" class=\"named\">\\1</button><div class=\"spoiled hidden\">", $s);
$s = str_replace("[/spoiler]", "</div></div>", $s);
$s = preg_replace("'\\[url\\](.*?)\\[/url\\]'si", "<a href=\"\\1\">\\1</a>", $s);
$s = preg_replace("'\\[url=[\\'\"]?(.*?)[\\'\"]?\\](.*?)\\[/url\\]'si", "<a href=\"\\1\">\\2</a>", $s);
$s = preg_replace("'\\[url=(.*?)\\](.*?)\\[/url\\]'si", "<a href=\"\\1\">\\2</a>", $s);
$s = preg_replace("'\\[img\\](.*?)\\[/img\\]'si", "<img src=\"\\1\" alt=\"\">", $s);
$s = preg_replace("'\\[img=(.*?)\\](.*?)\\[/img\\]'si", "<img src=\"\\1\" alt=\"\\2\" title=\"\\2\">", $s);
$s = str_replace("[quote]", "<blockquote><div><hr />", $s);
$s = str_replace("[/quote]", "<hr /></div></blockquote>", $s);
$s = preg_replace("'\\[quote=\"(.*?)\" id=\"(.*?)\"\\]'si", "<blockquote><div><small><i>Posted by <a href=\"thread.php?pid=\\2#\\2\">\\1</a></i></small><hr />", $s);
$s = preg_replace("'\\[quote=(.*?)\\]'si", "<blockquote><div><small><i>Posted by \\1</i></small><hr />", $s);
$s = preg_replace("'\\[reply=\"(.*?)\"\\]'si", "<blockquote><div><small><i>Sent by \\1</i></small><hr />", $s);
$bucket = "bbCode";
include "./lib/pluginloader.php";
$s = preg_replace_callback("@(href|src)\\s*=\\s*\"([^\"]+)\"@si", "FilterJS", $s);
$s = preg_replace_callback("@(href|src)\\s*=\\s*'([^']+)'@si", "FilterJS", $s);
$s = preg_replace_callback("@(href|src)\\s*=\\s*([^\\s>]+)@si", "FilterJS", $s);
$s = preg_replace("'>>([0-9]+)'si", ">><a href=\"thread.php?pid=\\1#\\1\">\\1</a>", $s);
if ($poster) {
$s = preg_replace("'/me '", "<b>* " . $poster . "</b> ", $s);
}
//Smilies
if (!$noSmilies) {
if (!isset($orig)) {
$orig = $repl = array();
for ($i = 0; $i < count($smilies); $i++) {
$orig[] = "/(?<=.\\W|\\W.|^\\W)" . preg_quote($smilies[$i]['code'], "/") . "(?=.\\W|\\W.|\\W\$)/";
$repl[] = "<img src=\"img/smilies/" . $smilies[$i]['image'] . "\" />";
}
}
$s = preg_replace($orig, $repl, " " . $s . " ");
$s = substr($s, 1, -1);
}
$s = preg_replace_callback("@<a[^>]+href\\s*=\\s*\"(.*?)\"@si", 'ApplyNetiquetteToLinks', $s);
$s = preg_replace_callback("@<a[^>]+href\\s*=\\s*'(.*?)'@si", 'ApplyNetiquetteToLinks', $s);
$s = preg_replace_callback("@<a[^>]+href\\s*=\\s*([^\"'][^\\s>]*)@si", 'ApplyNetiquetteToLinks', $s);
include "macros.php";
foreach ($macros as $macro => $img) {
$s = str_replace(":" . $macro . ":", "<img src=\"img/macros/" . $img . "\" alt=\":" . $macro . ":\" />", $s);
}
return $s;
}
