1
0
mirror of https://github.com/vichan-devel/vichan.git synced 2024-11-28 01:10:51 +01:00
Conflicts:
	templates/thread.html
This commit is contained in:
czaks 2013-07-31 19:25:04 -04:00
commit b35ea55763
6 changed files with 61 additions and 13 deletions

View File

@ -386,10 +386,10 @@
*/ */
// "Wiki" markup syntax ($config['wiki_markup'] in pervious versions): // "Wiki" markup syntax ($config['wiki_markup'] in pervious versions):
$config['markup'][] = array("/'''(.+?)'''/", "<strong>\$1</strong>"); $config['markup'][] = array("/'''([^<]+?)'''/", "<strong>\$1</strong>");
$config['markup'][] = array("/''(.+?)''/", "<em>\$1</em>"); $config['markup'][] = array("/''([^<]+?)''/", "<em>\$1</em>");
$config['markup'][] = array("/\*\*(.+?)\*\*/", "<span class=\"spoiler\">\$1</span>"); $config['markup'][] = array("/\*\*([^<]+?)\*\*/", "<span class=\"spoiler\">\$1</span>");
$config['markup'][] = array("/^[ |\t]*==(.+?)==[ |\t]*$/m", "<span class=\"heading\">\$1</span>"); $config['markup'][] = array("/^[ |\t]*==([^<]+?)==[ |\t]*$/m", "<span class=\"heading\">\$1</span>");
// Highlight PHP code wrapped in <code> tags (PHP 5.3.0+) // Highlight PHP code wrapped in <code> tags (PHP 5.3.0+)
// $config['markup'][] = array( // $config['markup'][] = array(

View File

@ -1451,6 +1451,39 @@ function markup(&$body, $track_cites = false) {
$body = str_replace("\r", '', $body); $body = str_replace("\r", '', $body);
$body = utf8tohtml($body); $body = utf8tohtml($body);
if (preg_match_all('@&lt;tinyboard ([\w\s]+)&gt;(.+)&lt;/tinyboard&gt;@um', $body, $modifiers, PREG_SET_ORDER | PREG_OFFSET_CAPTURE)) {
$skip_chars = 0;
$body_tmp = $body;
foreach ($modifiers as $modifier) {
// preg_match_all is not multibyte-safe
foreach ($modifier as &$match) {
$match[1] = mb_strlen(substr($body_tmp, 0, $match[1]));
}
$modifier['type'] = $modifier[1][0];
$modifier['content'] = $modifier[2][0];
if ($modifier['type'] == 'ban message') {
// Public ban message
$replacement = sprintf($config['mod']['ban_message'], $modifier['content']);
} elseif ($modifier['type'] == 'raw html') {
$body = html_entity_decode($modifier['content']);
return array();
} elseif (preg_match('/^escape /', $modifier['type'])) {
// Escaped (not a real modifier)
$replacement = '&lt;tinyboard ' . substr($modifier['type'], strlen('escape ')) . '&gt;' . $modifier['content'] . '&lt;/tinyboard&gt;';
} else {
// Unknown
$replacement = '';
}
$body = mb_substr_replace($body, $replacement, $modifier[0][1] + $skip_chars, mb_strlen($modifier[0][0]));
$skip_chars += mb_strlen($replacement) - mb_strlen($modifier[0][0]);
}
}
if (mysql_version() < 50503) if (mysql_version() < 50503)
$body = mb_encode_numericentity($body, array(0x010000, 0xffffff, 0, 0xffffff), 'UTF-8'); $body = mb_encode_numericentity($body, array(0x010000, 0xffffff, 0, 0xffffff), 'UTF-8');
@ -1492,7 +1525,7 @@ function markup(&$body, $track_cites = false) {
$tracked_cites = array(); $tracked_cites = array();
// Cites // Cites
if (isset($board) && preg_match_all('/(^|\s)&gt;&gt;(\d+?)([\s,.)?]|$)/m', $body, $cites, PREG_SET_ORDER | PREG_OFFSET_CAPTURE)) { if (isset($board) && preg_match_all('/(^|\s)&gt;&gt;(\d+?)([\s,.)?]|$)/m', $body, $cites, PREG_SET_ORDER | PREG_OFFSET_CAPTURE)) {
if (count($cites[0]) > $config['max_cites']) { if (count($cites[0]) > $config['max_cites']) {
error($config['error']['toomanycites']); error($config['error']['toomanycites']);
} }
@ -1591,6 +1624,10 @@ function markup(&$body, $track_cites = false) {
return $tracked_cites; return $tracked_cites;
} }
function escape_markup_modifiers($string) {
return preg_replace('@<tinyboard ([\w\s]+)>(.+)</tinyboard>@m', '<tinyboard escape $1>$2</tinyboard>', $string);
}
function utf8tohtml($utf8) { function utf8tohtml($utf8) {
return htmlspecialchars($utf8, ENT_NOQUOTES, 'UTF-8'); return htmlspecialchars($utf8, ENT_NOQUOTES, 'UTF-8');
} }

View File

@ -507,6 +507,7 @@ function mod_noticeboard($page_no = 1) {
if (!hasPermission($config['mod']['noticeboard_post'])) if (!hasPermission($config['mod']['noticeboard_post']))
error($config['error']['noaccess']); error($config['error']['noaccess']);
$_POST['body'] = escape_markup_modifiers($_POST['body']);
markup($_POST['body']); markup($_POST['body']);
$query = prepare('INSERT INTO `noticeboard` VALUES (NULL, :mod, :time, :subject, :body)'); $query = prepare('INSERT INTO `noticeboard` VALUES (NULL, :mod, :time, :subject, :body)');
@ -568,6 +569,7 @@ function mod_news($page_no = 1) {
if (!hasPermission($config['mod']['news'])) if (!hasPermission($config['mod']['news']))
error($config['error']['noaccess']); error($config['error']['noaccess']);
$_POST['body'] = escape_markup_modifiers($_POST['body']);
markup($_POST['body']); markup($_POST['body']);
$query = prepare('INSERT INTO `news` VALUES (NULL, :name, :time, :subject, :body)'); $query = prepare('INSERT INTO `news` VALUES (NULL, :name, :time, :subject, :body)');
@ -737,6 +739,7 @@ function mod_page_ip($ip) {
if (!hasPermission($config['mod']['create_notes'])) if (!hasPermission($config['mod']['create_notes']))
error($config['error']['noaccess']); error($config['error']['noaccess']);
$_POST['note'] = escape_markup_modifiers($_POST['note']);
markup($_POST['note']); markup($_POST['note']);
$query = prepare('INSERT INTO `ip_notes` VALUES (NULL, :ip, :mod, :time, :body)'); $query = prepare('INSERT INTO `ip_notes` VALUES (NULL, :ip, :mod, :time, :body)');
$query->bindValue(':ip', $ip); $query->bindValue(':ip', $ip);
@ -1214,12 +1217,14 @@ function mod_ban_post($board, $delete, $post, $token = false) {
if (isset($_POST['public_message'], $_POST['message'])) { if (isset($_POST['public_message'], $_POST['message'])) {
// public ban message // public ban message
$length_english = parse_time($_POST['length']) ? 'for ' . until(parse_time($_POST['length'])) : 'permanently'; $length_english = parse_time($_POST['length']) ? 'for ' . until(parse_time($_POST['length'])) : 'permanently';
$_POST['message'] = preg_replace('/[\r\n]/', '', $_POST['message']);
$_POST['message'] = str_replace('%length%', $length_english, $_POST['message']); $_POST['message'] = str_replace('%length%', $length_english, $_POST['message']);
$_POST['message'] = str_replace('%LENGTH%', strtoupper($length_english), $_POST['message']); $_POST['message'] = str_replace('%LENGTH%', strtoupper($length_english), $_POST['message']);
$query = prepare(sprintf('UPDATE `posts_%s` SET `body` = CONCAT(`body`, :body) WHERE `id` = :id', $board)); $query = prepare(sprintf('UPDATE `posts_%s` SET `body_nomarkup` = CONCAT(`body_nomarkup`, :body_nomarkup) WHERE `id` = :id', $board));
$query->bindValue(':id', $post); $query->bindValue(':id', $post);
$query->bindValue(':body', sprintf($config['mod']['ban_message'], utf8tohtml($_POST['message']))); $query->bindValue(':body_nomarkup', sprintf('<tinyboard ban message>%s</tinyboard>', $_POST['message']));
$query->execute() or error(db_error($query)); $query->execute() or error(db_error($query));
rebuildPost($post);
modLog("Attached a public ban message to post #{$post}: " . utf8tohtml($_POST['message'])); modLog("Attached a public ban message to post #{$post}: " . utf8tohtml($_POST['message']));
buildThread($thread ? $thread : $post); buildThread($thread ? $thread : $post);
@ -1713,6 +1718,7 @@ function mod_new_pm($username) {
} }
if (isset($_POST['message'])) { if (isset($_POST['message'])) {
$_POST['message'] = escape_markup_modifiers($_POST['message']);
markup($_POST['message']); markup($_POST['message']);
$query = prepare("INSERT INTO `pms` VALUES (NULL, :me, :id, :message, :time, 1)"); $query = prepare("INSERT INTO `pms` VALUES (NULL, :me, :id, :message, :time, 1)");

View File

@ -108,7 +108,7 @@ if (isset($_POST['delete'])) {
if (count($report) > $config['report_limit']) if (count($report) > $config['report_limit'])
error($config['error']['toomanyreports']); error($config['error']['toomanyreports']);
$reason = &$_POST['reason']; $reason = escape_markup_modifiers($_POST['reason']);
markup($reason); markup($reason);
foreach ($report as &$id) { foreach ($report as &$id) {
@ -379,6 +379,11 @@ if (isset($_POST['delete'])) {
error(sprintf($config['error']['toolong'], 'password')); error(sprintf($config['error']['toolong'], 'password'));
wordfilters($post['body']); wordfilters($post['body']);
$post['body'] = escape_markup_modifiers($post['body']);
if ($mod && isset($post['raw']) && $post['raw']) {
$post['body'] = '<tinyboard raw html>' . $post['body'] . '</tinyboard>';
}
if (mysql_version() >= 50503) { if (mysql_version() >= 50503) {
$post['body_nomarkup'] = $post['body']; // Assume we're using the utf8mb4 charset $post['body_nomarkup'] = $post['body']; // Assume we're using the utf8mb4 charset
@ -397,8 +402,7 @@ if (isset($_POST['delete'])) {
} }
} }
if (!($mod && isset($post['raw']) && $post['raw'])) $post['tracked_cites'] = markup($post['body'], true);
$post['tracked_cites'] = markup($post['body'], true);
// Check for a flood // Check for a flood
if (!hasPermission($config['mod']['flood'], $board['uri']) && checkFlood($post)) { if (!hasPermission($config['mod']['flood'], $board['uri']) && checkFlood($post)) {

View File

@ -22,4 +22,4 @@
<p class="unimportant" style="margin-top:20px;text-align:center;">Powered by <a href="http://tinyboard.org/">Tinyboard</a> {{ config.version }} | <a href="http://tinyboard.org/">Tinyboard</a> Copyright &copy; 2010-2013 Tinyboard Development Group</p> <p class="unimportant" style="margin-top:20px;text-align:center;">Powered by <a href="http://tinyboard.org/">Tinyboard</a> {{ config.version }} | <a href="http://tinyboard.org/">Tinyboard</a> Copyright &copy; 2010-2013 Tinyboard Development Group</p>
</footer> </footer>
</body> </body>
</html> </html>

View File

@ -23,12 +23,13 @@
{% if mod %}<p><a href="?/">{% trans %}Return to dashboard{% endtrans %}</a></p>{% endif %} {% if mod %}<p><a href="?/">{% trans %}Return to dashboard{% endtrans %}</a></p>{% endif %}
</div> </div>
</header> </header>
<div class="banner">{% trans %}Posting mode: Reply{% endtrans %} <a class="unimportant" href="{{ return }}">[{% trans %}Return{% endtrans %}]</a></div> <div class="banner">{% trans %}Posting mode: Reply{% endtrans %} <a class="unimportant" href="{{ return }}">[{% trans %}Return{% endtrans %}]</a></div>
{% include 'attention_bar.html' %} {% include 'attention_bar.html' %}
{% include 'post_form.html' %} {% include 'post_form.html' %}
{% if config.blotter %}<hr /><div class="blotter">{{ config.blotter }}</div>{% endif %} {% if config.blotter %}<hr /><div class="blotter">{{ config.blotter }}</div>{% endif %}
<hr /> <hr />
<form name="postcontrols" action="{{ config.post_url }}" method="post"> <form name="postcontrols" action="{{ config.post_url }}" method="post">