Code: Select all
#
#-----[ OPEN ]---------------------------------------------
#
includes/functions_post.php
#
#-----[ FIND ]---------------------------------------------
# Line 44
$allowed_html_tags = split(',', $board_config['allow_html_tags']);
$end_html = 0;
$start_html = 1;
$tmp_message = '';
$message = ' ' . $message . ' ';
while ($start_html = strpos($message, '<', $start_html))
{
$tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1, ($start_html - $end_html - 1)));
if ($end_html = strpos($message, '>', $start_html))
{
$length = $end_html - $start_html + 1;
$hold_string = substr($message, $start_html, $length);
if (($unclosed_open = strrpos(' ' . $hold_string, '<')) != 1)
{
$tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($hold_string, 0, $unclosed_open - 1));
$hold_string = substr($hold_string, $unclosed_open - 1);
}
$tagallowed = false;
for ($i = 0; $i < sizeof($allowed_html_tags); $i++)
{
$match_tag = trim($allowed_html_tags[$i]);
if (preg_match('#^<\/?' . $match_tag . '[> ]#i', $hold_string))
{
$tagallowed = (preg_match('#^<\/?' . $match_tag . ' .*?(style[\t ]*?=|on[\w]+[\t ]*?=)#i', $hold_string)) ? false : true;
}
}
$tmp_message .= ($length && !$tagallowed) ? preg_replace($html_entities_match, $html_entities_replace, $hold_string) : $hold_string;
$start_html += $length;
}
else
{
$tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $start_html, strlen($message)));
$start_html = strlen($message);
$end_html = $start_html;
}
}
if (!$end_html || ($end_html != strlen($message) && $tmp_message != ''))
{
$tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1));
}
$message = ($tmp_message != '') ? trim($tmp_message) : trim($message);
#
#-----[ REPLACE WITH ]---------------------------------------------
#
// If HTML is on, we try to make it safe
// This approach is quite agressive and anything that does not look like a valid tag
// is going to get converted to HTML entities
$message = stripslashes($message);
$html_match = '#<[^\w<]*(\w+)((?:"[^"]*"|\'[^\']*\'|[^<>\'"])+)?>#';
$matches = array();
$message_split = preg_split($html_match, $message);
preg_match_all($html_match, $message, $matches);
$message = '';
foreach ($message_split as $part)
{
$tag = array(array_shift($matches[0]), array_shift($matches[1]), array_shift($matches[2]));
$message .= htmlspecialchars($part) . clean_html($tag);
}
$message = addslashes($message);
Code: Select all
#
#-----[ FIND ]---------------------------------------------
# Line 646
// Finish building query (for all combinations)
// and run it ...
//
$sql = "SELECT session_id
FROM " . SESSIONS_TABLE;
if ( $result = $db->sql_query($sql) )
{
$delete_search_ids = array();
while( $row = $db->sql_fetchrow($result) )
{
$delete_search_ids[] = "'" . $row['session_id'] . "'";
}
if ( count($delete_search_ids) )
{
$sql = "DELETE FROM " . SEARCH_TABLE . "
WHERE session_id NOT IN (" . implode(", ", $delete_search_ids) . ")";
if ( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete old search id sessions', '', __LINE__, __FILE__, $sql);
}
}
#
#-----[ REPLACE WITH ]---------------------------------------------
#
// Delete old data from the search result table
//
$sql = 'DELETE FROM ' . SEARCH_TABLE . '
WHERE search_time < ' . ($current_time - (int) $board_config['session_length']);
if ( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete old search id sessions', '', __LINE__, __FILE__, $sql);
Code: Select all
// Finish building query (for all combinations)
// and run it ...
//
// Start replacement - Last visit MOD
$expiry_time = $current_time - $board_config['session_length'];
$sql = "SELECT session_id
FROM " . SESSIONS_TABLE ." WHERE session_time>$expiry_time";
// Start replacement - Last visit MOD
if ( $result = $db->sql_query($sql) )
{
$delete_search_ids = array();
while( $row = $db->sql_fetchrow($result) )
{
$delete_search_ids[] = "'" . $row['session_id'] . "'";
}
if ( count($delete_search_ids) )
{
$sql = "DELETE FROM " . SEARCH_TABLE . "
WHERE session_id NOT IN (" . implode(", ", $delete_search_ids) . ")";
if ( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete old search id sessions', '', __LINE__, __FILE__, $sql);
}
}
abramelin wrote: what must i do?
Code: Select all
// Delete old data from the search result table
//
// Start replacement - Last visit MOD
$expiry_time = $current_time - $board_config['session_length'];
$sql = "SELECT session_id
FROM " . SESSIONS_TABLE ." WHERE session_time>$expiry_time";
// Start replacement - Last visit MOD
$sql = 'DELETE FROM ' . SEARCH_TABLE . '
WHERE search_time < ' . ($current_time - (int) $board_config['session_length']);
if ( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete old search id sessions', '', __LINE__, __FILE__, $sql);
Seraphic wrote: ...It looks like a lot of people are having this problem. But on my forum at least, I didn't have this problem.
asinshesq wrote: The following change in includes/functions_post.php kills the ability to recognize named quotes (quotes in the format [qoute="asinshesq"]...) on my board:
When I leave that change out all is fine. This is probably a problem on my end (I have my board very heavily modded and have fooled around with html before). I'll try to track this down over the weekend and report back (and I'll test it on a plain vaniall phpbb2.0.19 upgrade to 2.0.20 to see whether all is fine there) but in the meantime I figured I'd mention it here in case anyone else runs into this problem. (And actually, I would appreciate it if anyone who has this problem replies to this post so I can confirm it's not solely my setup.)Code: Select all
# #-----[ OPEN ]--------------------------------------------- # includes/functions_post.php # #-----[ FIND ]--------------------------------------------- # Line 44 $allowed_html_tags = split(',', $board_config['allow_html_tags']); $end_html = 0; $start_html = 1; $tmp_message = ''; $message = ' ' . $message . ' '; while ($start_html = strpos($message, '<', $start_html)) { $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1, ($start_html - $end_html - 1))); if ($end_html = strpos($message, '>', $start_html)) { $length = $end_html - $start_html + 1; $hold_string = substr($message, $start_html, $length); if (($unclosed_open = strrpos(' ' . $hold_string, '<')) != 1) { $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($hold_string, 0, $unclosed_open - 1)); $hold_string = substr($hold_string, $unclosed_open - 1); } $tagallowed = false; for ($i = 0; $i < sizeof($allowed_html_tags); $i++) { $match_tag = trim($allowed_html_tags[$i]); if (preg_match('#^<\/?' . $match_tag . '[> ]#i', $hold_string)) { $tagallowed = (preg_match('#^<\/?' . $match_tag . ' .*?(style[\t ]*?=|on[\w]+[\t ]*?=)#i', $hold_string)) ? false : true; } } $tmp_message .= ($length && !$tagallowed) ? preg_replace($html_entities_match, $html_entities_replace, $hold_string) : $hold_string; $start_html += $length; } else { $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $start_html, strlen($message))); $start_html = strlen($message); $end_html = $start_html; } } if (!$end_html || ($end_html != strlen($message) && $tmp_message != '')) { $tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1)); } $message = ($tmp_message != '') ? trim($tmp_message) : trim($message); # #-----[ REPLACE WITH ]--------------------------------------------- # // If HTML is on, we try to make it safe // This approach is quite agressive and anything that does not look like a valid tag // is going to get converted to HTML entities $message = stripslashes($message); $html_match = '#<[^\w<]*(\w+)((?:"[^"]*"|\'[^\']*\'|[^<>\'"])+)?>#'; $matches = array(); $message_split = preg_split($html_match, $message); preg_match_all($html_match, $message, $matches); $message = ''; foreach ($message_split as $part) { $tag = array(array_shift($matches[0]), array_shift($matches[1]), array_shift($matches[2])); $message .= htmlspecialchars($part) . clean_html($tag); } $message = addslashes($message);