Home Explore Help
Register Sign In
Omnimaga
/
SMF2.1
mirror of [email protected]:Omnimaga/SMF2.1.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Merge pull request #206 from Spuds/entity_fix

! move fixchar create_function to Subs.php (Display.php, Subs-Auth.php, ...
emanuele45 12 years ago
parent
db422644ca b6e15e72d9
commit
5ad69f60f1
8 changed files with 132 additions and 60 deletions
Split View Show Diff Stats
  1. 3 15
      Sources/Display.php
  2. 4 4
      Sources/Load.php
  3. 1 6
      Sources/ManageMaintenance.php
  4. 2 2
      Sources/Search.php
  5. 1 13
      Sources/Subs-Auth.php
  6. 2 9
      Sources/Subs-Members.php
  7. 1 11
      Sources/Subs-Post.php
  8. 118 0
      Sources/Subs.php

+ 3 - 15
Sources/Display.php
View File 

@@ -1447,29 +1447,17 @@ function Download()
 
 
 	// Convert the file to UTF-8, cuz most browsers dig that.
 
 	$utf8name = !$context['utf8'] && function_exists('iconv') ? iconv($context['character_set'], 'UTF-8', $real_filename) : (!$context['utf8'] && function_exists('mb_convert_encoding') ? mb_convert_encoding($real_filename, 'UTF-8', $context['character_set']) : $real_filename);
 
-	$fixchar = create_function('$n', '
 
-		if ($n < 32)
 
-			return \'\';
 
-		elseif ($n < 128)
 
-			return chr($n);
 
-		elseif ($n < 2048)
 
-			return chr(192 | $n >> 6) . chr(128 | $n & 63);
 
-		elseif ($n < 65536)
 
-			return chr(224 | $n >> 12) . chr(128 | $n >> 6 & 63) . chr(128 | $n & 63);
 
-		else
 
-			return chr(240 | $n >> 18) . chr(128 | $n >> 12 & 63) . chr(128 | $n >> 6 & 63) . chr(128 | $n & 63);');
 
-
 
 	$disposition = !isset($_REQUEST['image']) ? 'attachment' : 'inline';
 
 
 	// Different browsers like different standards...
 
 	if (isBrowser('firefox'))
 
-		header('Content-Disposition: ' . $disposition . '; filename*=UTF-8\'\'' . rawurlencode(preg_replace('~&#(\d{3,8});~e', '$fixchar(\'$1\')', $utf8name)));
 
+		header('Content-Disposition: ' . $disposition . '; filename*=UTF-8\'\'' . rawurlencode(preg_replace_callback('~&#(\d{3,8});~', 'fixchar__callback', $utf8name)));
 
 
 	elseif (isBrowser('opera'))
 
-		header('Content-Disposition: ' . $disposition . '; filename="' . preg_replace('~&#(\d{3,8});~e', '$fixchar(\'$1\')', $utf8name) . '"');
 
+		header('Content-Disposition: ' . $disposition . '; filename="' . preg_replace_callback('~&#(\d{3,8});~', 'fixchar__callback', $utf8name) . '"');
 
 
 	elseif (isBrowser('ie'))
 
-		header('Content-Disposition: ' . $disposition . '; filename="' . urlencode(preg_replace('~&#(\d{3,8});~e', '$fixchar(\'$1\')', $utf8name)) . '"');
 
+		header('Content-Disposition: ' . $disposition . '; filename="' . urlencode(preg_replace_callback('~&#(\d{3,8});~', 'fixchar__callback', $utf8name)) . '"');
 
 
 	else
 
 		header('Content-Disposition: ' . $disposition . '; filename="' . $utf8name . '"');

+ 4 - 4
Sources/Load.php
View File 

@@ -63,21 +63,21 @@ function reloadSettings()
 
 			cache_put_data('modSettings', $modSettings, 90);
 
 	}
 
 
-	// UTF-8 in regular expressions is unsupported on PHP(win) versions < 4.2.3.
 
+	// UTF-8 ?
 
 	$utf8 = (empty($modSettings['global_character_set']) ? $txt['lang_character_set'] : $modSettings['global_character_set']) === 'UTF-8';
 
 
 	// Set a list of common functions.
 
 	$ent_list = empty($modSettings['disableEntityCheck']) ? '&(#\d{1,7}|quot|amp|lt|gt|nbsp);' : '&(#021|quot|amp|lt|gt|nbsp);';
 
-	$ent_check = empty($modSettings['disableEntityCheck']) ? array('preg_replace(\'~(&#(\d{1,7}|x[0-9a-fA-F]{1,6});)~e\', \'$smcFunc[\\\'entity_fix\\\'](\\\'\\2\\\')\', ', ')') : array('', '');
 
+	$ent_check = empty($modSettings['disableEntityCheck']) ? array('preg_replace_callback(\'~(&#(\d{1,7}|x[0-9a-fA-F]{1,6});)~\', \'entity_fix__callback\', ', ')') : array('', '');
 
 
-	// Preg_replace can handle complex characters only for higher PHP versions.
 
+	// Preg_replace space characters depend on the character set in use
 
 	$space_chars = $utf8 ? '\x{A0}\x{AD}\x{2000}-\x{200F}\x{201F}\x{202F}\x{3000}\x{FEFF}' : '\x00-\x08\x0B\x0C\x0E-\x19\xA0';
 
 
 	// global array of anonymous helper functions, used mosly to properly handle multi byte strings
 
 	$smcFunc += array(
 
 		'entity_fix' => create_function('$string', '
 
 			$num = $string[0] === \'x\' ? hexdec(substr($string, 1)) : (int) $string;
 
-			return $num < 0x20 || $num > 0x10FFFF || ($num >= 0xD800 && $num <= 0xDFFF) || $num == 0x202E ? \'\' : \'&#\' . $num . \';\';'),
 
+			return $num < 0x20 || $num > 0x10FFFF || ($num >= 0xD800 && $num <= 0xDFFF) || $num === 0x202E || $num === 0x202D ? \'\' : \'&#\' . $num . \';\';'),
 
 		'htmlspecialchars' => create_function('$string, $quote_style = ENT_COMPAT, $charset = \'ISO-8859-1\'', '
 
 			global $smcFunc;
 
 			return ' . strtr($ent_check[0], array('&' => '&amp;')) . 'htmlspecialchars($string, $quote_style, ' . ($utf8 ? '\'UTF-8\'' : '$charset') . ')' . $ent_check[1] . ';'),

+ 1 - 6
Sources/ManageMaintenance.php
View File 

@@ -970,11 +970,6 @@ function ConvertEntities()
 
 	);
 
 	$context['num_tables'] = count($tables);
 
 
-	// This function will do the conversion later on.
 
-	$entity_replace = create_function('$string', '
 
-		$num = substr($string, 0, 1) === \'x\' ? hexdec(substr($string, 1)) : (int) $string;
 
-		return $num < 0x20 || $num > 0x10FFFF || ($num >= 0xD800 && $num <= 0xDFFF) ? \'\' : ($num < 0x80 ? \'&#\' . $num . \';\' : ($num < 0x800 ? chr(192 | $num >> 6) . chr(128 | $num & 63) : ($num < 0x10000 ? chr(224 | $num >> 12) . chr(128 | $num >> 6 & 63) . chr(128 | $num & 63) : chr(240 | $num >> 18) . chr(128 | $num >> 12 & 63) . chr(128 | $num >> 6 & 63) . chr(128 | $num & 63))));');
 
-
 
 	// Loop through all tables that need converting.
 
 	for (; $context['table'] < $context['num_tables']; $context['table']++)
 
 	{
 
@@ -1061,7 +1056,7 @@ function ConvertEntities()
 
 					if ($column_name !== $primary_key && strpos($column_value, '&#') !== false)
 
 					{
 
 						$changes[] = $column_name . ' = {string:changes_' . $column_name . '}';
 
-						$insertion_variables['changes_' . $column_name] = preg_replace('~(&#(\d{1,7}|x[0-9a-fA-F]{1,6});)~e', '$entity_replace(\'\\2\')', $column_value);
 
+						$insertion_variables['changes_' . $column_name] = preg_replace_callback('~&#(\d{1,7}|x[0-9a-fA-F]{1,6});~', 'fixchar__callback', $column_value);
 
 					}
 
 
 				$where = array();

+ 2 - 2
Sources/Search.php
View File 

@@ -1933,7 +1933,7 @@ function prepareSearchContext($reset = false)
 
 				foreach ($context['key_words'] as $keyword)
 
 				{
 
 					$keyword = un_htmlspecialchars($keyword);
 
-					$keyword = preg_replace('~&amp;#(\d{1,7}|x[0-9a-fA-F]{1,6});~e', '$GLOBALS[\'smcFunc\'][\'entity_fix\'](\'\\1\')', strtr($keyword, array('\\\'' => '\'', '&' => '&amp;')));
 
+					$keyword = preg_replace('~(&amp;#(\d{1,7}|x[0-9a-fA-F]{1,6});)~e', 'entity_fix__callback', strtr($keyword, array('\\\'' => '\'', '&' => '&amp;')));
 
 
 					if (preg_match('~[\'\.,/@%&;:(){}\[\]_\-+\\\\]$~', $keyword) != 0 || preg_match('~^[\'\.,/@%&;:(){}\[\]_\-+\\\\]~', $keyword) != 0)
 
 						$force_partial_word = true;
 
@@ -1957,7 +1957,7 @@ function prepareSearchContext($reset = false)
 
 			}
 
 
 			// Re-fix the international characters.
 
-			$message['body'] = preg_replace('~&amp;#(\d{1,7}|x[0-9a-fA-F]{1,6});~e', '$GLOBALS[\'smcFunc\'][\'entity_fix\'](\'\\1\')', $message['body']);
 
+			$message['body'] = preg_replace('~(&amp;#(\d{1,7}|x[0-9a-fA-F]{1,6});)~e', 'entity_fix__callback', $message['body']);
 
 		}
 
 	}
 
 	else

+ 1 - 13
Sources/Subs-Auth.php
View File 

@@ -511,19 +511,7 @@ function RequestMembers()
 
 		$row['real_name'] = strtr($row['real_name'], array('&amp;' => '&#038;', '&lt;' => '&#060;', '&gt;' => '&#062;', '&quot;' => '&#034;'));
 
 
 		if (preg_match('~&#\d+;~', $row['real_name']) != 0)
 
-		{
 
-			$fixchar = create_function('$n', '
 
-				if ($n < 128)
 
-					return chr($n);
 
-				elseif ($n < 2048)
 
-					return chr(192 | $n >> 6) . chr(128 | $n & 63);
 
-				elseif ($n < 65536)
 
-					return chr(224 | $n >> 12) . chr(128 | $n >> 6 & 63) . chr(128 | $n & 63);
 
-				else
 
-					return chr(240 | $n >> 18) . chr(128 | $n >> 12 & 63) . chr(128 | $n >> 6 & 63) . chr(128 | $n & 63);');
 
-
 
-			$row['real_name'] = preg_replace('~&#(\d+);~e', '$fixchar(\'$1\')', $row['real_name']);
 
-		}
 
+			$row['real_name'] = preg_replace_callback('~&#(\d+);~', 'fixchar__callback', $row['real_name']);
 
 
 		echo $row['real_name'], "\n";
 
 	}

+ 2 - 9
Sources/Subs-Members.php
View File 

@@ -866,14 +866,7 @@ function isReservedName($name, $current_ID_MEMBER = 0, $is_name = true, $fatal =
 
 {
 
 	global $user_info, $modSettings, $smcFunc, $context;
 
 
-	// No cheating with entities please.
 
-	$replaceEntities = create_function('$string', '
 
-		$num = substr($string, 0, 1) === \'x\' ? hexdec(substr($string, 1)) : (int) $string;' . (empty($context['utf8']) ? '
 
-		return $num < 0x20 ? \'\' : ($num < 0x80 ? chr($num) : \'&#\' . $string . \';\');' : '
 
-		return $num < 0x20 || $num > 0x10FFFF || ($num >= 0xD800 && $num <= 0xDFFF) ? \'\' : ($num < 0x80 ? chr($num) : ($num < 0x800 ? chr(192 | $num >> 6) . chr(128 | $num & 63) : ($num < 0x10000 ? chr(224 | $num >> 12) . chr(128 | $num >> 6 & 63) . chr(128 | $num & 63) : chr(240 | $num >> 18) . chr(128 | $num >> 12 & 63) . chr(128 | $num >> 6 & 63) . chr(128 | $num & 63))));')
 
-	);
 
-
 
-	$name = preg_replace('~(&#(\d{1,7}|x[0-9a-fA-F]{1,6});)~e', '$replaceEntities(\'\\2\')', $name);
 
+	$name = preg_replace_callback('~(&#(\d{1,7}|x[0-9a-fA-F]{1,6});)~', 'replaceEntities__callback', $name);
 
 	$checkName = $smcFunc['strtolower']($name);
 
 
 	// Administrators are never restricted ;).
 
@@ -890,7 +883,7 @@ function isReservedName($name, $current_ID_MEMBER = 0, $is_name = true, $fatal =
 
 				continue;
 
 
 			// The admin might've used entities too, level the playing field.
 
-			$reservedCheck = preg_replace('~(&#(\d{1,7}|x[0-9a-fA-F]{1,6});)~e', '$replaceEntities(\'\\2\')', $reserved);
 
+			$reservedCheck = preg_replace('~(&#(\d{1,7}|x[0-9a-fA-F]{1,6});)~', 'replaceEntities__callback', $reserved);
 
 
 			// Case sensitive name?
 
 			if (empty($modSettings['reserveCase']))

+ 1 - 11
Sources/Subs-Post.php
View File 

@@ -1211,17 +1211,7 @@ function mimespecialchars($string, $with_charset = true, $hotmail_fix = false, $
 
 					$string = $newstring;
 
 			}
 
 
-			$fixchar = create_function('$n', '
 
-				if ($n < 128)
 
-					return chr($n);
 
-				elseif ($n < 2048)
 
-					return chr(192 | $n >> 6) . chr(128 | $n & 63);
 
-				elseif ($n < 65536)
 
-					return chr(224 | $n >> 12) . chr(128 | $n >> 6 & 63) . chr(128 | $n & 63);
 
-				else
 
-					return chr(240 | $n >> 18) . chr(128 | $n >> 12 & 63) . chr(128 | $n >> 6 & 63) . chr(128 | $n & 63);');
 
-
 
-			$string = preg_replace('~&#(\d{3,8});~e', '$fixchar(\'$1\')', $string);
 
+			$string = preg_replace_callback('~&#(\d{3,8});~', 'fixchar__callback', $string);
 
 
 			// Unicode, baby.
 
 			$charset = 'UTF-8';

+ 118 - 0
Sources/Subs.php
View File 

@@ -4262,4 +4262,122 @@ function sanitizeMSCutPaste($string)
 
 	return $string;
 
 }
 
 
+/**
 
+ * Decode numeric html entities to their ascii or UTF8 equivalent character.
 
+ *
 
+ * Callback function for preg_replace_callback in subs-members
 
+ * Uses capture group 2 in the supplied array
 
+ * Does basic scan to ensure characters are inside a valid range
 
+ *
 
+ * @param array $matches
 
+ * @return string $string
 
+*/
 
+function replaceEntities__callback($matches)
 
+{
 
+	global $context;
 
+	
+	if (!isset($matches[2]))
 
+		return '';
 
+
 
+	$num = $matches[2][0] === 'x' ? hexdec(substr($matches[2], 1)) : (int) $matches[2];
 
+	
+	// remove left to right / right to left overrides
 
+	if ($num === 0x202D || $num === 0x202E) 
+		return '';
 
+	
+	// Quote, Ampersand, Apostrophe, Less/Greater Than get html replaced
 
+	if (in_array($num, array(0x22, 0x26, 0x27, 0x3C, 0x3E))) 
+		return '&#' . $num . ';';
 
+
 
+	if (empty($context['utf8']))
 
+	{
 
+		// no control characters
 
+		if ($num < 0x20)
 
+			return '';
 
+		// text is text
 
+		elseif ($num < 0x80)
 
+			return chr($num);
 
+		// all others get html-ised
 
+		else
 
+			return '&#' . $matches[2] . ';';
 
+	}
 
+	else
 
+	{
 
+		// <0x20 are control characters, 0x20 is a space, > 0x10FFFF is past the end of the utf8 character set
 
+		// 0xD800 >= $num <= 0xDFFF are surrogate markers (not valid for utf8 text)
 
+		if ($num < 0x20 || $num > 0x10FFFF || ($num >= 0xD800 && $num <= 0xDFFF))
 
+			return '';
 
+		// <0x80 (or less than 128) are standard ascii characters a-z A-Z 0-9 and puncuation
 
+		elseif ($num < 0x80)
 
+			return chr($num);
 
+		// <0x800 (2048)
 
+		elseif ($num < 0x800)
 
+			return chr(($num >> 6) + 192) . chr(($num & 63) + 128);
 
+		// < 0x10000 (65536)
 
+		elseif ($num < 0x10000)
 
+			return chr(($num >> 12) + 224) . chr((($num >> 6) & 63) + 128) . chr(($num & 63) + 128);
 
+		// <= 0x10FFFF (1114111)
 
+		else
 
+			return chr(($num >> 18) + 240) . chr((($num >> 12) & 63) + 128) . chr((($num >> 6) & 63) + 128) . chr(($num & 63) + 128);
 
+	}
 
+}
 
+
 
+/**
 
+ * Converts html entities to utf8 equivalents
 
+ *
 
+ * Callback function for preg_replace_callback
 
+ * Uses capture group 1 in the supplied array
 
+ * Does basic checks to keep characters inside a viewable range.
 
+ *
 
+ * @param array $matches
 
+ * @return string $string
 
+*/
 
+function fixchar__callback($matches)
 
+{
 
+	if (!isset($matches[1]))
 
+		return '';
 
+	
+	$num = $matches[1][0] === 'x' ? hexdec(substr($matches[1], 1)) : (int) $matches[1];
 
+
 
+	// <0x20 are control characters, > 0x10FFFF is past the end of the utf8 character set
 
+	// 0xD800 >= $num <= 0xDFFF are surrogate markers (not valid for utf8 text), 0x202D-E are left to right overrides
 
+	if ($num < 0x20 || $num > 0x10FFFF || ($num >= 0xD800 && $num <= 0xDFFF) || $num === 0x202D || $num === 0x202E)
 
+		return '';
 
+	// <0x80 (or less than 128) are standard ascii characters a-z A-Z 0-9 and puncuation
 
+	elseif ($num < 0x80)
 
+		return chr($num);
 
+	// <0x800 (2048)
 
+	elseif ($num < 0x800)
 
+		return chr(($num >> 6) + 192) . chr(($num & 63) + 128);
 
+	// < 0x10000 (65536)
 
+	elseif ($num < 0x10000)
 
+		return chr(($num >> 12) + 224) . chr((($num >> 6) & 63) + 128) . chr(($num & 63) + 128);
 
+	// <= 0x10FFFF (1114111)
 
+	else
 
+		return chr(($num >> 18) + 240) . chr((($num >> 12) & 63) + 128) . chr((($num >> 6) & 63) + 128) . chr(($num & 63) + 128);
 
+}
 
+
 
+/**
 
+ * Strips out invalid html entities, replaces others with html style &#123; codes
 
+ *
 
+ * Callback function used of preg_replace_callback in smcFunc $ent_checks, for example
 
+ * strpos, strlen, substr etc
 
+ *
 
+ * @param array $matches
 
+ * @return string $string
 
+*/
 
+function entity_fix__callback($matches)
 
+{
 
+	if (!isset($matches[2]))
 
+		return '';
 
+	
+	$num = $matches[2][0] === 'x' ? hexdec(substr($matches[2], 1)) : (int) $matches[2];
 
+	
+	// we don't allow control characters, characters out of range, byte markers, etc
 
+	if ($num < 0x20 || $num > 0x10FFFF || ($num >= 0xD800 && $num <= 0xDFFF) || $num == 0x202D || $num == 0x202E)
 
+		return '';
 
+	else
 
+		return '&#' . $num . ';';
 
+}
 
+
 
 ?>