diff --git a/inc/functions.php b/inc/functions.php
index e638f016..7cde156b 100644
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -1421,6 +1421,39 @@ function markup(&$body, $track_cites = false) {
$body = str_replace("\r", '', $body);
$body = utf8tohtml($body);
+ if (preg_match_all('@<tinyboard ([\w\s]+)>(.+)</tinyboard>@um', $body, $modifiers, PREG_SET_ORDER | PREG_OFFSET_CAPTURE)) {
+ $skip_chars = 0;
+ $body_tmp = $body;
+
+ foreach ($modifiers as $modifier) {
+ // preg_match_all is not multibyte-safe
+ foreach ($modifier as &$match) {
+ $match[1] = mb_strlen(substr($body_tmp, 0, $match[1]));
+ }
+
+ $modifier['type'] = $modifier[1][0];
+ $modifier['content'] = $modifier[2][0];
+
+ if ($modifier['type'] == 'ban message') {
+ // Public ban message
+ $replacement = sprintf($config['mod']['ban_message'], $modifier['content']);
+ } elseif ($modifier['type'] == 'raw html') {
+ $body = html_entity_decode($modifier['content']);
+ return array();
+ } elseif (preg_match('/^escape /', $modifier['type'])) {
+ // Escaped (not a real modifier)
+ $replacement = '<tinyboard ' . substr($modifier['type'], strlen('escape ')) . '>' . $modifier['content'] . '</tinyboard>';
+ } else {
+ // Unknown
+ $replacement = '';
+ }
+
+ $body = mb_substr_replace($body, $replacement, $modifier[0][1] + $skip_chars, mb_strlen($modifier[0][0]));
+ $skip_chars += mb_strlen($replacement) - mb_strlen($modifier[0][0]);
+
+ }
+ }
+
if (mysql_version() < 50503)
$body = mb_encode_numericentity($body, array(0x010000, 0xffffff, 0, 0xffffff), 'UTF-8');
@@ -1456,36 +1489,6 @@ function markup(&$body, $track_cites = false) {
}
}
- if (preg_match_all('@<tinyboard ([\w\s]+)>(.+)</tinyboard>@', $body, $modifiers, PREG_SET_ORDER | PREG_OFFSET_CAPTURE)) {
- $skip_chars = 0;
- $body_tmp = $body;
-
- foreach ($modifiers as $modifier) {
- // preg_match_all is not multibyte-safe
- foreach ($modifier as &$match) {
- $match[1] = mb_strlen(substr($body_tmp, 0, $match[1]));
- }
-
- $modifier['type'] = $modifier[1][0];
- $modifier['content'] = $modifier[2][0];
-
- if ($modifier['type'] == 'ban message') {
- // Public ban message
- $replacement = sprintf($config['mod']['ban_message'], $modifier['content']);
- } elseif (preg_match('/^escape /', $modifier['type'])) {
- // Escaped (not a real modifier)
- $replacement = '<tinyboard ' . substr($modifier['type'], strlen('escape ')) . '>' . $modifier['content'] . '</tinyboard>';
- } else {
- // Unknown
- $replacement = '';
- }
-
- $body = mb_substr_replace($body, $replacement, $modifier[0][1] + $skip_chars, mb_strlen($modifier[0][0]));
- $skip_chars += mb_strlen($replacement) - mb_strlen($modifier[0][0]);
-
- }
- }
-
// replace tabs with 8 spaces
$body = str_replace("\t", ' ', $body);
@@ -1592,7 +1595,7 @@ function markup(&$body, $track_cites = false) {
}
function escape_markup_modifiers($string) {
- return preg_replace('@(.+)@', '$2', $string);
+ return preg_replace('@(.+)@m', '$2', $string);
}
function utf8tohtml($utf8) {
diff --git a/post.php b/post.php
index adb44b58..db077866 100644
--- a/post.php
+++ b/post.php
@@ -379,6 +379,10 @@ if (isset($_POST['delete'])) {
wordfilters($post['body']);
$post['body'] = escape_markup_modifiers($post['body']);
+ if ($mod && isset($post['raw']) && $post['raw']) {
+ $post['body'] = '' . $post['body'] . '';
+ }
+
if (mysql_version() >= 50503) {
$post['body_nomarkup'] = $post['body']; // Assume we're using the utf8mb4 charset
} else {
@@ -396,8 +400,7 @@ if (isset($_POST['delete'])) {
}
}
- if (!($mod && isset($post['raw']) && $post['raw']))
- $post['tracked_cites'] = markup($post['body'], true);
+ $post['tracked_cites'] = markup($post['body'], true);
// Check for a flood
if (!hasPermission($config['mod']['flood'], $board['uri']) && checkFlood($post)) {