chizijs Posted February 15, 2010 Report Share Posted February 15, 2010 Tātad uz šo bridi man vajag bb kodus. teksts = <b>teksts</b> .. Esmu meiģinājis šādi: $bb = array( '[b]'=>'<b>', '[/b]'=>'</b>' ); echo "".$bb['[b]teksts[/b]'].""; bet neko man neizvada. Kāds var pateikt, kā veido tos bb kodus? Link to comment Share on other sites More sharing options...
bobsters Posted February 15, 2010 Report Share Posted February 15, 2010 (edited) <form action="" method="post"> <textarea cols=40 rows=5 type=text name=teksts></textarea> <input type=submit value=modificet name=modificet></form> <?php ob_start(); if ($modificet){ $teksts=$_POST['teksts']; $get=array( "/\[b\](.*?)\[\/b\]/", "/\[u\](.*?)\[\/u\]/", "/\[i\](.*?)\[\/i\]/", "/\[url=(.*?)\](.*?)\[\/url\]/", "/\[url\](.*?)\[\/url\]/" ); $replace=array( "<b>$1</b>", "<u>$1</b>", "<i>$1</i>", "<a href=http://$1>$2</a>", "<a href=http://$1>$1</a>" ); $teksts=preg_replace($get,$replace,$teksts); echo $teksts; } ?> Edited February 15, 2010 by bobsters Link to comment Share on other sites More sharing options...
briedis Posted February 15, 2010 Report Share Posted February 15, 2010 (edited) Es nezinu, ko tu tur esi mēģinājis, bet tas ir kaut kas varen greizs :) Iesākumam vari iztikt ar šo: $bb_from = array('[b]','[/b]'); $bb_to = array('<b>','</b>'); echo str_replace($bb_from,$bb_to, $teksts); EDIT: Nu re, bobster pasteidzās :) Tik problēma ar bobster variantu ir, ka viņš ir foršs caurums priekš XSS... Edited February 15, 2010 by briedis Link to comment Share on other sites More sharing options...
bobsters Posted February 15, 2010 Report Share Posted February 15, 2010 (edited) EDIT: Nu re, bobster pasteidzās :) Tik problēma ar bobster variantu ir, ka viņš ir foršs caurums priekš XSS... kur tu doma ka ir caurums? Edited February 15, 2010 by bobsters Link to comment Share on other sites More sharing options...
briedis Posted February 15, 2010 Report Share Posted February 15, 2010 (edited) kur tu doma ka ir caurums? [img='http://www.saite.lv/bilde.jpg' onload='alert("hello, xss");'] btw, tev pat atribūtu vērtības netiek iekļautas pēdiņās ;) Edited February 15, 2010 by briedis Link to comment Share on other sites More sharing options...
chizijs Posted February 15, 2010 Author Report Share Posted February 15, 2010 pieliekot vēl htmlspecialchars($teksts); vairāk neparveido Link to comment Share on other sites More sharing options...
bobsters Posted February 15, 2010 Report Share Posted February 15, 2010 hmm nebiju tik talu aizdomajies! Paldies! Link to comment Share on other sites More sharing options...
briedis Posted February 15, 2010 Report Share Posted February 15, 2010 pieliekot vēl htmlspecialchars($teksts); vairāk neparveido Nu tad ieliec pareizajā vietā to htmlspecialchars... Vai maz zini, ko viņš dara? :) Link to comment Share on other sites More sharing options...
rATRIJS Posted February 15, 2010 Report Share Posted February 15, 2010 Es gan nekad neesmu izmantojis, bet vai izmantot PHP lietas nebuutu labaak? http://uk2.php.net/manual/en/ref.bbcode.php Link to comment Share on other sites More sharing options...
chizijs Posted February 15, 2010 Author Report Share Posted February 15, 2010 Ā šita vanē $teksts=htmlspecialchars($_POST['teksts']); :D Link to comment Share on other sites More sharing options...
Mastermind Posted February 15, 2010 Report Share Posted February 15, 2010 Kāpēc jāizmanto bb kods, ja var "simple" izveidot atļauto html tagu sarakstu un "nevēlamos" html tagus izravēt servera pusē pirms saglabāšanas un miers? Link to comment Share on other sites More sharing options...
briedis Posted February 15, 2010 Report Share Posted February 15, 2010 Kāpēc jāizmanto bb kods, ja var "simple" izveidot atļauto html tagu sarakstu un "nevēlamos" html tagus izravēt servera pusē pirms saglabāšanas un miers? Iespējams tāpēc, ka pie bb koda visi vairāk ir pieraduši, nekā pie html... Link to comment Share on other sites More sharing options...
Recommended Posts