Markup modifiers: raw HTML

2013-07-31 19:18:55 -04:00 · 2013-07-31 19:18:55 -04:00 · 6bbe407e18
commit 6bbe407e18
parent 6d52c8b428
2 changed files with 39 additions and 33 deletions
--- a/inc/functions.php
+++ b/inc/functions.php
@ -1421,6 +1421,39 @@ function markup(&$body, $track_cites = false) {
 	$body = str_replace("\r", '', $body);
 	$body = utf8tohtml($body);
 	if (preg_match_all('@&lt;tinyboard ([\w\s]+)&gt;(.+)&lt;/tinyboard&gt;@um', $body, $modifiers, PREG_SET_ORDER | PREG_OFFSET_CAPTURE)) {
 		$skip_chars = 0;
 		$body_tmp = $body;
 		foreach ($modifiers as $modifier) {
 			// preg_match_all is not multibyte-safe
 			foreach ($modifier as &$match) {
 				$match[1] = mb_strlen(substr($body_tmp, 0, $match[1]));
 			}
 			$modifier['type'] = $modifier[1][0];
 			$modifier['content'] = $modifier[2][0];
 			if ($modifier['type'] == 'ban message') {
 				// Public ban message
 				$replacement = sprintf($config['mod']['ban_message'], $modifier['content']);
 			} elseif ($modifier['type'] == 'raw html') {
 				$body = html_entity_decode($modifier['content']);
 				return array();
 			} elseif (preg_match('/^escape /', $modifier['type'])) {
 				// Escaped (not a real modifier)
 				$replacement = '&lt;tinyboard ' . substr($modifier['type'], strlen('escape ')) . '&gt;' . $modifier['content'] . '&lt;/tinyboard&gt;';
 			} else {
 				// Unknown
 				$replacement = '';
 			}
 			$body = mb_substr_replace($body, $replacement, $modifier[0][1] + $skip_chars, mb_strlen($modifier[0][0]));
 			$skip_chars += mb_strlen($replacement) - mb_strlen($modifier[0][0]);
 		}
 	}
 	if (mysql_version() < 50503)
 		$body = mb_encode_numericentity($body, array(0x010000, 0xffffff, 0, 0xffffff), 'UTF-8');
@ -1456,36 +1489,6 @@ function markup(&$body, $track_cites = false) {
 		}
 	}
 	if (preg_match_all('@&lt;tinyboard ([\w\s]+)&gt;(.+)&lt;/tinyboard&gt;@', $body, $modifiers, PREG_SET_ORDER | PREG_OFFSET_CAPTURE)) {
 		$skip_chars = 0;
 		$body_tmp = $body;
 		foreach ($modifiers as $modifier) {
 			// preg_match_all is not multibyte-safe
 			foreach ($modifier as &$match) {
 				$match[1] = mb_strlen(substr($body_tmp, 0, $match[1]));
 			}
 			$modifier['type'] = $modifier[1][0];
 			$modifier['content'] = $modifier[2][0];
 			if ($modifier['type'] == 'ban message') {
 				// Public ban message
 				$replacement = sprintf($config['mod']['ban_message'], $modifier['content']);
 			} elseif (preg_match('/^escape /', $modifier['type'])) {
 				// Escaped (not a real modifier)
 				$replacement = '&lt;tinyboard ' . substr($modifier['type'], strlen('escape ')) . '&gt;' . $modifier['content'] . '&lt;/tinyboard&gt;';
 			} else {
 				// Unknown
 				$replacement = '';
 			}
 			$body = mb_substr_replace($body, $replacement, $modifier[0][1] + $skip_chars, mb_strlen($modifier[0][0]));
 			$skip_chars += mb_strlen($replacement) - mb_strlen($modifier[0][0]);
 		}
 	}
 	// replace tabs with 8 spaces
 	$body = str_replace("\t", '        ', $body);
@ -1592,7 +1595,7 @@ function markup(&$body, $track_cites = false) {
 }
 function escape_markup_modifiers($string) {
-	return preg_replace('@<tinyboard ([\w\s]+)>(.+)</tinyboard>@', '<tinyboard escape $1>$2</tinyboard>', $string);
+	return preg_replace('@<tinyboard ([\w\s]+)>(.+)</tinyboard>@m', '<tinyboard escape $1>$2</tinyboard>', $string);
 }
 function utf8tohtml($utf8) {
--- a/post.php
+++ b/post.php
@ -379,6 +379,10 @@ if (isset($_POST['delete'])) {
 	wordfilters($post['body']);
 	$post['body'] = escape_markup_modifiers($post['body']);
 	if ($mod && isset($post['raw']) && $post['raw']) {
 		$post['body'] = '<tinyboard raw html>' . $post['body'] . '</tinyboard>';
 	}
 	if (mysql_version() >= 50503) {
 		$post['body_nomarkup'] = $post['body']; // Assume we're using the utf8mb4 charset
 	} else {
@ -396,7 +400,6 @@ if (isset($_POST['delete'])) {
 		}
 	}
 	if (!($mod && isset($post['raw']) && $post['raw']))
 	$post['tracked_cites'] = markup($post['body'], true);
 	// Check for a flood