Fork me on GitHub

Comment by Different55 (2018-09-22 13:29:22)

Edited by Different55 (2018-09-22 13:30:14)

 1:  1:
 In case anyone else's users are abusing this to trash topics and PMs and wherever else, I used this function to detect their tomfoolery. It ain't pretty but in the 5 minutes I've used it, nothing's blown up. In case anyone else's users are abusing this to trash topics and PMs and wherever else, I used this function to detect their tomfoolery. It ain't pretty but in the 5 minutes I've used it, nothing's blown up.
  
 [code]//  [code]//
 // Check the structure of code tags to make sure nobody's doing anything funny.  // Check the structure of code tags to make sure nobody's doing anything funny.
 //  //
 function pre_preparse_tags($text) {  function pre_preparse_tags($text) {
  global $pun_user;   global $pun_user;
  $split_text = preg_split('%(\[[\*a-zA-Z0-9-/]*?(?:=.*?)?\])%', $text, -1, PREG_SPLIT_DELIM_CAPTURE|PREG_SPLIT_NO_EMPTY);   $split_text = preg_split('%(\[[\*a-zA-Z0-9-/]*?(?:=.*?)?\])%', $text, -1, PREG_SPLIT_DELIM_CAPTURE|PREG_SPLIT_NO_EMPTY);
   
  $open_tags = array('quote');   $open_tags = array('quote');
   
  foreach ($split_text as $current)   foreach ($split_text as $current)
  {   {
  $top_tag = array_slice($open_tags, -1)[0];   $top_tag = array_slice($open_tags, -1)[0];
  if (substr($current, 0, 1) == '[' && substr($current, -1, 1) == ']')   if (substr($current, 0, 1) == '[' && substr($current, -1, 1) == ']')
  {   {
   
  // Get the name of the tag   // Get the name of the tag
  $current_arg = '';   $current_arg = '';
  $closing = false;   $closing = false;
  if (strpos($current, '/') === 1)   if (strpos($current, '/') === 1)
  {   {
  $current_tag = substr($current, 2, -1);   $current_tag = substr($current, 2, -1);
  $closing = true;   $closing = true;
  }   }
  else if (strpos($current, '=') === false)   else if (strpos($current, '=') === false)
  {   {
  $current_tag = substr($current, 1, -1);   $current_tag = substr($current, 1, -1);
  }   }
  else   else
  {   {
  $current_tag = substr($current, 1, strpos($current, '=')-1);   $current_tag = substr($current, 1, strpos($current, '=')-1);
  $current_arg = substr($current, strpos($current, '=')+1, -1);   $current_arg = substr($current, strpos($current, '=')+1, -1);
  }   }
   
  if ($top_tag == 'code')   if ($top_tag == 'code')
  {   {
  if ($current_tag == 'code' && $closing)   if ($current_tag == 'code' && $closing)
  array_pop($open_tags);   array_pop($open_tags);
  else   else
  continue;   continue;
  }   }
  else if ($top_tag == $current_tag && $closing)   else if ($top_tag == $current_tag && $closing)
  {   {
  array_pop($open_tags);   array_pop($open_tags);
  }   }
  else if ($current_tag == 'code' && $top_tag != 'quote')   else if ($current_tag == 'code' && $top_tag != 'quote')
  {   {
  return true;   return true;
  }   }
  else if (!$closing) {   else if (!$closing) {
  $open_tags[] = $current_tag;   $open_tags[] = $current_tag;
  }   }
  }   }
  }   }
  return false;   return false;
 }[/code] }[/code]
  
 It needs to be slipped into parser.php, and call it from inside preparse_bbcode right before this bit: It needs to be slipped into parser.php, and call it from inside preparse_bbcode right before this bit:
  
 [code]// If the message contains a code tag we have to split it up (text within [code ][/ code] shouldn't be touched)[/code] [code]// If the message contains a code tag we have to split it up (text within [code ][/ code] shouldn't be touched)[/code]
  
 The function returns true if they're trying to mess with the forums or false if they're okay on that front. Typically you'd just add a little note to the errors like  The function returns true if they're trying to mess with the forums or false if they're okay on that front. Typically you'd just add a little note to the errors like 
  
 [code]if (pre_preparse_tags($text))  [code]if (pre_preparse_tags($text))
- $errors[] = sprintf($lang_common['BBCode error invalid nesting'], '[code ]', 'literally anything else';[/code]+ $errors[] = sprintf($lang_common['BBCode error invalid nesting'], '[code ]', 'literally anything else');[/code]
  
 but my personal favorite is  but my personal favorite is 
  
 [code]if (pre_preparse_tags($text))  [code]if (pre_preparse_tags($text))
  message($lang_common['Ban message'].' '.$lang_common['Ban message 3'].'<br /><br /><strong>Gosh darn it, Marie, what are you tryna pull?</strong><br /><br />'.$lang_common['Ban message 4'].' <a href="mailto:'.pun_htmlspecialchars($pun_config['o_admin_email']).'">'.pun_htmlspecialchars($pun_config['o_admin_email']).'</a>.', true, 403, true);[/code]  message($lang_common['Ban message'].' '.$lang_common['Ban message 3'].'<br /><br /><strong>Gosh darn it, Marie, what are you tryna pull?</strong><br /><br />'.$lang_common['Ban message 4'].' <a href="mailto:'.pun_htmlspecialchars($pun_config['o_admin_email']).'">'.pun_htmlspecialchars($pun_config['o_admin_email']).'</a>.', true, 403, true);[/code]
  
 It's a fake ban page. Substitute with a real ban if they're really getting on your nerves. It's a fake ban page. Substitute with a real ban if they're really getting on your nerves.