| In case anyone else's users are abusing this to trash topics and PMs and wherever else, I used this function to detect their tomfoolery. It ain't pretty but in the 5 minutes I've used it, nothing's blown up. | In case anyone else's users are abusing this to trash topics and PMs and wherever else, I used this function to detect their tomfoolery. It ain't pretty but in the 5 minutes I've used it, nothing's blown up. |
| |
| [code]//
| [code]//
|
| // Check the structure of code tags to make sure nobody's doing anything funny.
| // Check the structure of code tags to make sure nobody's doing anything funny.
|
| //
| //
|
| function pre_preparse_tags($text) {
| function pre_preparse_tags($text) {
|
| global $pun_user;
| global $pun_user;
|
| $split_text = preg_split('%(\[[\*a-zA-Z0-9-/]*?(?:=.*?)?\])%', $text, -1, PREG_SPLIT_DELIM_CAPTURE|PREG_SPLIT_NO_EMPTY);
| $split_text = preg_split('%(\[[\*a-zA-Z0-9-/]*?(?:=.*?)?\])%', $text, -1, PREG_SPLIT_DELIM_CAPTURE|PREG_SPLIT_NO_EMPTY);
|
|
|
|
| $open_tags = array('quote');
| $open_tags = array('quote');
|
|
|
|
| foreach ($split_text as $current)
| foreach ($split_text as $current)
|
| {
| {
|
| $top_tag = array_slice($open_tags, -1)[0];
| $top_tag = array_slice($open_tags, -1)[0];
|
| if (substr($current, 0, 1) == '[' && substr($current, -1, 1) == ']')
| if (substr($current, 0, 1) == '[' && substr($current, -1, 1) == ']')
|
| {
| {
|
|
|
|
| // Get the name of the tag
| // Get the name of the tag
|
| $current_arg = '';
| $current_arg = '';
|
| $closing = false;
| $closing = false;
|
| if (strpos($current, '/') === 1)
| if (strpos($current, '/') === 1)
|
| {
| {
|
| $current_tag = substr($current, 2, -1);
| $current_tag = substr($current, 2, -1);
|
| $closing = true;
| $closing = true;
|
| }
| }
|
| else if (strpos($current, '=') === false)
| else if (strpos($current, '=') === false)
|
| {
| {
|
| $current_tag = substr($current, 1, -1);
| $current_tag = substr($current, 1, -1);
|
| }
| }
|
| else
| else
|
| {
| {
|
| $current_tag = substr($current, 1, strpos($current, '=')-1);
| $current_tag = substr($current, 1, strpos($current, '=')-1);
|
| $current_arg = substr($current, strpos($current, '=')+1, -1);
| $current_arg = substr($current, strpos($current, '=')+1, -1);
|
| }
| }
|
|
|
|
| if ($top_tag == 'code')
| if ($top_tag == 'code')
|
| {
| {
|
| if ($current_tag == 'code' && $closing)
| if ($current_tag == 'code' && $closing)
|
| array_pop($open_tags);
| array_pop($open_tags);
|
| else
| else
|
| continue;
| continue;
|
| }
| }
|
| else if ($top_tag == $current_tag && $closing)
| else if ($top_tag == $current_tag && $closing)
|
| {
| {
|
| array_pop($open_tags);
| array_pop($open_tags);
|
| }
| }
|
| else if ($current_tag == 'code' && $top_tag != 'quote')
| else if ($current_tag == 'code' && $top_tag != 'quote')
|
| {
| {
|
| return true;
| return true;
|
| }
| }
|
| else if (!$closing) {
| else if (!$closing) {
|
| $open_tags[] = $current_tag;
| $open_tags[] = $current_tag;
|
| }
| }
|
| }
| }
|
| }
| }
|
| return false;
| return false;
|
| }[/code] | }[/code] |
| |
| It needs to be slipped into parser.php, and call it from inside preparse_bbcode right before this bit: | It needs to be slipped into parser.php, and call it from inside preparse_bbcode right before this bit: |
| |
| [code]// If the message contains a code tag we have to split it up (text within [code ][/ code] shouldn't be touched)[/code] | [code]// If the message contains a code tag we have to split it up (text within [code ][/ code] shouldn't be touched)[/code] |
| |
| The function returns true if they're trying to mess with the forums or false if they're okay on that front. Typically you'd just add a little note to the errors like | The function returns true if they're trying to mess with the forums or false if they're okay on that front. Typically you'd just add a little note to the errors like |
| |
| [code]if (pre_preparse_tags($text))
| [code]if (pre_preparse_tags($text))
|
| $errors[] = sprintf($lang_common['BBCode error invalid nesting'], '[code ]', 'literally anything else');[/code] | $errors[] = sprintf($lang_common['BBCode error invalid nesting'], 'code', 'literally anything else');[/code] |
| |
| but my personal favorite is | but my personal favorite is |
| |
| [code]if (pre_preparse_tags($text))
| [code]if (pre_preparse_tags($text))
|
| message($lang_common['Ban message'].' '.$lang_common['Ban message 3'].'<br /><br /><strong>Gosh darn it, Marie, what are you tryna pull?</strong><br /><br />'.$lang_common['Ban message 4'].' <a href="mailto:'.pun_htmlspecialchars($pun_config['o_admin_email']).'">'.pun_htmlspecialchars($pun_config['o_admin_email']).'</a>.', true, 403, true);[/code] | message($lang_common['Ban message'].' '.$lang_common['Ban message 3'].'<br /><br /><strong>Gosh darn it, Marie, what are you tryna pull?</strong><br /><br />'.$lang_common['Ban message 4'].' <a href="mailto:'.pun_htmlspecialchars($pun_config['o_admin_email']).'">'.pun_htmlspecialchars($pun_config['o_admin_email']).'</a>.', true, 403, true);[/code] |
| |
| It's a fake ban page. Substitute with a real ban if they're really getting on your nerves. | It's a fake ban page. Substitute with a real ban if they're really getting on your nerves. |
