XSS Vulnerability in IFrame Code in phpBB2 Plus 1.5x

phpBB2.de User Anmeldungsdatum: 05.01.2005 Beiträge: 81

morpha hat folgendes geschrieben:

Pff kannst du nicht schnell mal nen Mod machen der einzelnen Usern bestimmte Tags erlaubt Very Happy

ist das hier die lösung?
http://www.phpbb2.de/dload.php?action=file&file_id=452

und wenn ja, kann man dem mod auch für die plus version benutzen?

Mail an Admin · Support Team Member Anmeldungsdatum: 26.11.2004 Beiträge: 1218

Nein das erlaubt nur HTML in Rängen Wink

phpBB2.de User Anmeldungsdatum: 05.01.2005 Beiträge: 81

again:
damit kann man bestimmte html tags bestimmten userrägengen zuteilen, die man wiederum den usern verleien kann?

dann ist das ja das ja schon die lösung, was ich in zwei beiträge über diesem zitiert hatte, oder nicht?

Mail an Admin · Support Team Member Anmeldungsdatum: 26.11.2004 Beiträge: 1218

Nein, damit erlaubst du HTML IN Rängen, zumindest laut beschreibung:

Zitat:

Allows html in ranks, so that you can add effets.

Man könnte dann also als Rang:

Code:

DEVeloper

schreiben was dann den Rang wie folgt aussehen lassen würde:
DEVeloper

Weder BBCode, noch HTML im Rang wird von phpBB2 standardmässig unterstützt Wink

phpBB2.de User Anmeldungsdatum: 05.01.2005 Beiträge: 81

ähm ok

schade Crying or Very sad

phpBB2.de User Anmeldungsdatum: 27.11.2003 Beiträge: 994 Wohnort: sLOVEnia

So if I aded admin only user rights it will works OK, or not?

phpBB2.de User Anmeldungsdatum: 04.12.2004 Beiträge: 207

muss man das auch in einem vanilla-board ändern?
dort gibt es z.b. den ordner bbcode_box nicht und auch nicht die datei add_bbcode.js... zumindest sehe ich es nicht.

oder besteht dort dieses Problem gar nbicht erst?

phpBB2.de User Anmeldungsdatum: 21.05.2004 Beiträge: 444 Wohnort: Waldenburg

im vanilla phpBB2.0.17 gibs das nicht... in einem phpBB Plus 1.5x solltest du das ändern, wobei hier auf der page wahrscheinlich ein vanilla schon den Fix enthält Cool

Pete®

phpBB2.de User Anmeldungsdatum: 28.02.2005 Beiträge: 23

ist das Sicherheitsproblem nur auf Plus beschränkt, oder betrifft es auch phpbb2 mit dem BBCodeBox-mod?

Gruß
bom

phpBB2.de User Anmeldungsdatum: 05.01.2005 Beiträge: 81

nun, die news wurden unter "XSS Vulnerability in IFrame Code in phpBB2 Plus 1.5x" veröffentlich
daraus finde ich kann man schließen, dass es nur fürs plus 1.5.x is

Mail an Admin · Support Team Member Anmeldungsdatum: 26.11.2004 Beiträge: 1218

Nein, jedes Board das den [web][/web]-BBCode verwendet ist betroffen, also im Prinzip jedes mit der BBCodeBox Wink

Is it possible for Admins to be able to post iFrames and not any other "regular" forum user / member? If so, how would I go about doing it?

I actually use alot of iFrames within my Forum. Any information or direction would be greatly appreciated.

Mail an Admin · Support Team Member Anmeldungsdatum: 26.11.2004 Beiträge: 1218

Try that:

Code:

#
#----[OPEN]-----------------------------------------
#

includes/bbcode.php

#
#----[FIND]------------------------------------------
#

// [web]and[/web]
$text = preg_replace("#\[web\](http(s)?://)([a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+]+)\[/web\]#si", "[web:$uid]\\1\\3[/web:$uid]", $text);

#
#----[REPLACE WITH]-------------------------------
#

   // pass [web] only if poster is a admin
   global $userdata;
   if ($userdata['user_level'] == ADMIN)
   {
// [web]and[/web]
$text = preg_replace("#\[web\](http(s)?://)([a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+]+)\[/web\]#si", "[web:$uid]\\1\\3[/web:$uid]", $text);
   }
   // pass [web] only if poster is a admin

I think that should work Smile

for posting PHP code in your posts.
$text = bbencode_second_pass_php($text, $uid, $bbcode_tpl);

//

Zitat:

and

for posting replies with quote, or just for quoting stuff.
$text = str_replace("[quote:$uid]", $bbcode_tpl['quote_open'], $text);
$text = str_replace("[/quote:$uid]", $bbcode_tpl['quote_close'], $text);

// New one liner to deal with opening quotes with usernames...
// replaces the two line version that I had here before..
$text = preg_replace("/\[quote:$uid=\"(.*?)\"\]/si", $bbcode_tpl['quote_username_open'], $text);
/* BEGIN CMX ACRONYM MOD */

// acronym
$text = preg_replace("/\[acronym:$uid=\"(.*?)\"\]/si", $bbcode_tpl['acronym_open'], $text);
$text = str_replace("[/acronym:$uid]", $bbcode_tpl['acronym_close'], $text);
/* END CMX ACRONYM MOD */

//

and

PHP:

<?php and

for posting PHP code in your posts.
$text = bbencode_first_pass_pda($text, $uid, '

PHP:

<?php ', '

', '', true, '');

//

Zitat:

and

for posting replies with quote, or just for quoting stuff.
$text = bbencode_first_pass_pda($text, $uid, '

Zitat:

', '

', '', false, '');
$text = bbencode_first_pass_pda($text, $uid, '/\[quote=(\\\".*?\\\")\]/is', '[/quote]', '', false, '', "[quote:$uid=\\1]");

//

", "[/list:o]", false, 'replace_listitems');

// [color] and [/color] for setting text color
$text = preg_replace("#\[color=(\#[0-9A-F]{6}|[a-z\-]+)\](.*?)\[/color\]#si", "[color=\\1:$uid]\\2[/color:$uid]", $text);

// [size] and [/size] for setting text size
$text = preg_replace("#\[size=([1-2]?[0-9])\](.*?)\[/size\]#si", "[size=\\1:$uid]\\2[/size:$uid]", $text);

// and for bolding text.
$text = preg_replace("#\[b\](.*?)\[/b\]#si", "[b:$uid]\\1[/b:$uid]", $text);

// [scroll] and [/scroll] for scrolling text.
$text = preg_replace("#\[scrollleft\](.*?)\[/scrollleft\]#si", "[scrollleft:$uid]\\1[/scrollleft:$uid]", $text);
$text = preg_replace("#\[scrollright\](.*?)\[/scrollright\]#si", "[scrollright:$uid]\\1[/scrollright:$uid]", $text);
$text = preg_replace("#\[scrollup\](.*?)\[/scrollup\]#si", "[scrollup:$uid]\\1[/scrollup:$uid]", $text);
$text = preg_replace("#\[scrolldown\](.*?)\[/scrolldown\]#si", "[scrolldown:$uid]\\1[/scrolldown:$uid]", $text);

// and for underlining text.
$text = preg_replace("#\[u\](.*?)\[/u\]#si", "[u:$uid]\\1[/u:$uid]", $text);

// and for italicizing text.
$text = preg_replace("#\[i\](.*?)\[/i\]#si", "[i:$uid]\\1[/i:$uid]", $text);

// [flipv] and [/flipv] for flipped text.
$text = str_replace("[flipv:$uid]", $bbcode_tpl['flipv_open'], $text);
$text = str_replace("[/flipv:$uid]", $bbcode_tpl['flipv_close'], $text);

// [fliph] and [/fliph] for flipped text.
$text = str_replace("[fliph:$uid]", $bbcode_tpl['fliph_open'], $text);
$text = str_replace("[/fliph:$uid]", $bbcode_tpl['fliph_close'], $text);

// [img]image_url_here[/img] code..
$text = preg_replace("#\[img\]((http|ftp|https|ftps)://)([^ \?&=\#\"\n\r\t<]*?(\.(jpg|jpeg|gif|png)))\[/img\]#sie", "'[img:$uid]\\1' . str_replace(' ', '%20', '\\3') . '[/img:$uid]'", $text);

// bbcode_box Mod
// [fade] and [/fade] for faded text.
$text = preg_replace("#\[fade\](.*?)\[/fade\]#si", "[fade:$uid]\\1[/fade:$uid]", $text);
// [align] and [/align]
$text = preg_replace("#\[align=(left|right|center|justify)\](.*?)\[/align\]#si", "[align=\\1:$uid]\\2[/align:$uid]", $text);
// [marq] and [/marq]
$text = preg_replace("#\[marq=(left|right|up|down)\](.*?)\[/marq\]#si", "[marq=\\1:$uid]\\2[/marq:$uid]", $text);
// [table] and [/table]
$text = preg_replace("#\[table=(.*?)\](.*?)\[/table\]#si", "[table=\\1:$uid]\\2[/table:$uid]", $text);
// [cell] and [/cell]
$text = preg_replace("#\[cell=(.*?)\](.*?)\[/cell\]#si", "[cell=\\1:$uid]\\2[/cell:$uid]", $text);
// [font] and [/font]
$text = preg_replace("#\[font=(.*?)\](.*?)\[/font\]#si", "[font=\\1:$uid]\\2[/font:$uid]", $text);
// [poet] and [/poet]
$text = preg_replace("#\[poet(.*?)\](.*?)\[/poet\]#si", "[poet\\1:$uid]\\2[/poet:$uid]", $text);
// [center] and [/center]
$text = preg_replace("#\[center\](.*?)\[/center\]#si", "[center:$uid]\\1[/center:$uid]", $text);
// [real]and[/real]
$text = preg_replace("#\[ram\](.*?)\[/ram\]#si", "[ram:$uid]\\1[/ram:$uid]", $text);
// [stream]and[/stream]
$text = preg_replace("#\[stream\](.*?)\[/stream\]#si", "[stream:$uid]\\1[/stream:$uid]", $text);
//[flash width= heigth= loop=] and [/flash]
$text = preg_replace("#\[flash width=([0-6]?[0-9]?[0-9]) height=([0-4]?[0-9]?[0-9])\](([a-z]+?)://([^, \n\r]+))\[\/flash\]#si","[flash width=\\1 height=\\2:$uid\]\\3[/flash:$uid]", $text);
//[video width= heigth=] and [/video]
$text = preg_replace("#\[video width=([0-6]?[0-9]?[0-9]) height=([0-4]?[0-9]?[0-9])\](([a-z]+?)://([^, \n\r]+))\[\/video\]#si","[video width=\\1 height=\\2:$uid\]\\3[/video:$uid]", $text);
// [hr]
$text = preg_replace("#\[hr\]#si", "[hr:$uid]", $text);
//[glow=red]and[/glow]for glowing text.
$text = preg_replace("#\[glow=(\#[0-9A-F]{6}|[a-z\-]+)\](.*?)\[/glow\]#si", "[glow=\\1:$uid]\\2[/glow:$uid]", $text);
//[shadow=red]and[/shadow]for glowing text.
$text = preg_replace("#\[shadow=(\#[0-9A-F]{6}|[a-z\-]+)\](.*?)\[/shadow\]#si", "[shadow=\\1:$uid]\\2[/shadow:$uid]", $text);
// [highlight] and [/highlight] for setting text highlight
$text = preg_replace("#\[highlight=(\#[0-9A-F]{6}|[a-z\-]+)\](.*?)\[/highlight\]#si", "[highlight=\\1:$uid]\\2[/highlight:$uid]", $text);
// [s] and [/s] for sed text.
$text = preg_replace("#\[s\](.*?)\[/s\]#si", "[s:$uid]\\1[/s:$uid]", $text);
// [left]image_url_here[/left] code..
$text = preg_replace("#\[left\]((ht|f)tp://)([^ \?&=\"\n\r\t<]*?(\.(jpg|jpeg|gif|png)))\[/left\]#sie", "'[left:$uid]\\1' . str_replace(' ', '%20', '\\3') . '[/left:$uid]'", $text);
// [right]image_url_here[/right] code..
$text = preg_replace("#\[right\]((ht|f)tp://)([^ \?&=\"\n\r\t<]*?(\.(jpg|jpeg|gif|png)))\[/right\]#sie", "'[right:$uid]\\1' . str_replace(' ', '%20', '\\3') . '[/right:$uid]'", $text);
// bbcode_box Mod

// Remove our padding from the string..
return substr($text, 1);;

} // bbencode_first_pass()

/**
* $text - The text to operate on.
* $uid - The UID to add to matching tags.
* $open_tag - The opening tag to match. Can be an array of opening tags.
* $close_tag - The closing tag to match.
* $close_tag_new - The closing tag to replace with.
* $mark_lowest_level - boolean - should we specially mark the tags that occur
* at the lowest level of nesting? (useful for [code], because
* we need to match these tags first and transform HTML tags
* in their contents..
* $func - This variable should contain a string that is the name of a function.
* That function will be called when a match is found, and passed 2
* parameters: ($text, $uid). The function should return a string.
* This is used when some transformation needs to be applied to the
* text INSIDE a pair of matching tags. If this variable is FALSE or the
* empty string, it will not be executed.
* If open_tag is an array, then the pda will try to match pairs consisting of
* any element of open_tag followed by close_tag. This allows us to match things
* like [list=A]...

and

... in one pass of the PDA.
*
* NOTES: - this function assumes the first character of $text is a space.
* - every opening tag and closing tag must be of the [...] format.
*/
function bbencode_first_pass_pda($text, $uid, $open_tag, $close_tag, $close_tag_new, $mark_lowest_level, $func, $open_regexp_replace = false)
{
$open_tag_count = 0;

if (!$close_tag_new || ($close_tag_new == ''))
{
$close_tag_new = $close_tag;
}

$close_tag_length = strlen($close_tag);
$close_tag_new_length = strlen($close_tag_new);
$uid_length = strlen($uid);

$use_function_pointer = ($func && ($func != ''));

$stack = array();

if (is_array($open_tag))
{
if (0 == count($open_tag))
{
// No opening tags to match, so return.
return $text;
}
$open_tag_count = count($open_tag);
}
else
{
// only one opening tag. make it into a 1-element array.
$open_tag_temp = $open_tag;
$open_tag = array();
$open_tag[0] = $open_tag_temp;
$open_tag_count = 1;
}

$open_is_regexp = false;

if ($open_regexp_replace)
{
$open_is_regexp = true;
if (!is_array($open_regexp_replace))
{
$open_regexp_temp = $open_regexp_replace;
$open_regexp_replace = array();
$open_regexp_replace[0] = $open_regexp_temp;
}
}

if ($mark_lowest_level && $open_is_regexp)
{
message_die(GENERAL_ERROR, "Unsupported operation for bbcode_first_pass_pda().");
}

// Start at the 2nd char of the string, looking for opening tags.
$curr_pos = 1;
while ($curr_pos && ($curr_pos < strlen($text)))
{
$curr_pos = strpos($text, "[", $curr_pos);

// If not found, $curr_pos will be 0, and the loop will end.
if ($curr_pos)
{
// We found a [. It starts at $curr_pos.
// check if it's a starting or ending tag.
$found_start = false;
$which_start_tag = "";
$start_tag_index = -1;

for ($i = 0; $i < $open_tag_count; $i++)
{
// Grab everything until the first "]"...
$possible_start = substr($text, $curr_pos, strpos($text, ']', $curr_pos + 1) - $curr_pos + 1);

//
// We're going to try and catch usernames with "[' characters.
//
if( preg_match('#\[quote=\\\"#si', $possible_start, $match) && !preg_match('#\[quote=\\\"(.*?)\\\"\]#si', $possible_start) )
{
// OK we are in a quote tag that probably contains a ] bracket.
// Grab a bit more of the string to hopefully get all of it..
if ($close_pos = strpos($text, '"]', $curr_pos + 9))
{
if (strpos(substr($text, $curr_pos + 9, $close_pos - ($curr_pos + 9)), '[quote') === false)
{
$possible_start = substr($text, $curr_pos, $close_pos - $curr_pos + 2);
}
}
}

// Now compare, either using regexp or not.
if ($open_is_regexp)
{
$match_result = array();
if (preg_match($open_tag[$i], $possible_start, $match_result))
{
$found_start = true;
$which_start_tag = $match_result[0];
$start_tag_index = $i;
break;
}
}
else
{
// straightforward string comparison.
if (0 == strcasecmp($open_tag[$i], $possible_start))
{
$found_start = true;
$which_start_tag = $open_tag[$i];
$start_tag_index = $i;
break;
}
}
}

if ($found_start)
{
// We have an opening tag.
// Push its position, the text we matched, and its index in the open_tag array on to the stack, and then keep going to the right.
$match = array("pos" => $curr_pos, "tag" => $which_start_tag, "index" => $start_tag_index);
array_push($stack, $match);
//
// Rather than just increment $curr_pos
// Set it to the ending of the tag we just found
// Keeps error in nested tag from breaking out
// of table structure..
//
$curr_pos += strlen($possible_start);
}
else
{
// check for a closing tag..
$possible_end = substr($text, $curr_pos, $close_tag_length);
if (0 == strcasecmp($close_tag, $possible_end))
{
// We have an ending tag.
// Check if we've already found a matching starting tag.
if (sizeof($stack) > 0)
{
// There exists a starting tag.
$curr_nesting_depth = sizeof($stack);
// We need to do 2 replacements now.
$match = array_pop($stack);
$start_index = $match['pos'];
$start_tag = $match['tag'];
$start_length = strlen($start_tag);
$start_tag_index = $match['index'];

if ($open_is_regexp)
{
$start_tag = preg_replace($open_tag[$start_tag_index], $open_regexp_replace[$start_tag_index], $start_tag);
}

// everything before the opening tag.
$before_start_tag = substr($text, 0, $start_index);

// everything after the opening tag, but before the closing tag.
$between_tags = substr($text, $start_index + $start_length, $curr_pos - $start_index - $start_length);

// Run the given function on the text between the tags..
if ($use_function_pointer)
{
$between_tags = $func($between_tags, $uid);
}

// everything after the closing tag.
$after_end_tag = substr($text, $curr_pos + $close_tag_length);

// Mark the lowest nesting level if needed.
if ($mark_lowest_level && ($curr_nesting_depth == 1))
{
if ($open_tag[0] == '[code]')
{
$code_entities_match = array('#<#', '#>#', '#"#', '#:#', '#\[#', '#\]#', '#$#', '#$#', '#\{#', '#\}#');
$code_entities_replace = array('<', '>', '"', ':', '[', ']', '(', ')', '{', '}');
$between_tags = preg_replace($code_entities_match, $code_entities_replace, $between_tags);
}
$text = $before_start_tag . substr($start_tag, 0, $start_length - 1) . ":$curr_nesting_depth:$uid]";
$text .= $between_tags . substr($close_tag_new, 0, $close_tag_new_length - 1) . ":$curr_nesting_depth:$uid]";
}
else
{
if ($open_tag[0] == '[code]')
{
$text = $before_start_tag . '[code]';
$text .= $between_tags . '[/code]';
}
else if ($open_tag[0] == '[php]') // PHP MOD
{
$text = $before_start_tag . '/*php ';
$text .= $between_tags . ' /php*/';
}
else
{
if ($open_is_regexp)
{
$text = $before_start_tag . $start_tag;
}
else
{
$text = $before_start_tag . substr($start_tag, 0, $start_length - 1) . ":$uid]";
}
$text .= $between_tags . substr($close_tag_new, 0, $close_tag_new_length - 1) . ":$uid]";
}
}

$text .= $after_end_tag;

// Now.. we've screwed up the indices by changing the length of the string.
// So, if there's anything in the stack, we want to resume searching just after it.
// otherwise, we go back to the start.
if (sizeof($stack) > 0)
{
$match = array_pop($stack);
$curr_pos = $match['pos'];
// bbcode_array_push($stack, $match);
// ++$curr_pos;
}
else
{
$curr_pos = 1;
}
}
else
{
// No matching start tag found. Increment pos, keep going.
++$curr_pos;
}
}
else
{
// No starting tag or ending tag.. Increment pos, keep looping.,
++$curr_pos;
}
}
}
} // while

return $text;

} // bbencode_first_pass_pda()

/**
* Does second-pass bbencoding of the [code] tags. This includes
* running htmlspecialchars() over the text contained between
* any pair of [code] tags that are at the first level of
* nesting. Tags at the first level of nesting are indicated
* by this format: [code:1:$uid] ... [/code:1:$uid]
* Other tags are in this format: [code:$uid] ... [/code:$uid]
*/
function bbencode_second_pass_code($text, $uid, $bbcode_tpl)
{
global $lang;

$code_start_html = $bbcode_tpl['code_open'];
$code_end_html = $bbcode_tpl['code_close'];

// First, do all the 1st-level matches. These need an htmlspecialchars() run,
// so they have to be handled differently.
$match_count = preg_match_all("#\[code:1:$uid\](.*?)\[/code:1:$uid\]#si", $text, $matches);

for ($i = 0; $i < $match_count; $i++)
{
$before_replace = $matches[1][$i];
$after_replace = $matches[1][$i];

// Replace 2 spaces with "  " so non-tabbed code indents without making huge long lines.
$after_replace = str_replace(" ", "  ", $after_replace);
// now Replace 2 spaces with "  " to catch odd #s of spaces.
$after_replace = str_replace(" ", "  ", $after_replace);

// Replace tabs with "   " so tabbed code indents sorta right without making huge long lines.
$after_replace = str_replace("\t", "   ", $after_replace);

// now Replace space occurring at the beginning of a line
$after_replace = preg_replace("/^ {1}/m", ' ', $after_replace);

$str_to_match = "[code:1:$uid]" . $before_replace . "[/code:1:$uid]";

$replacement = $code_start_html;
$replacement .= $after_replace;
$replacement .= $code_end_html;

$text = str_replace($str_to_match, $replacement, $text);
}

// Now, do all the non-first-level matches. These are simple.
$text = str_replace("[code:$uid]", $code_start_html, $text);
$text = str_replace("[/code:$uid]", $code_end_html, $text);

return $text;

} // bbencode_second_pass_code()
/**
* PHP MOD
* Original code/function by phpBB Group
* Modified by JW Frazier / Fubonis < php_fubonis@yahoo.com >
*/
function bbencode_second_pass_php($text, $uid, $bbcode_tpl)
{
$code_start_html = $bbcode_tpl['php_open'];
$code_end_html = $bbcode_tpl['php_close'];
$matches = array();
$match_count = preg_match_all("#\[php:1:$uid\](.*?)\[/php:1:$uid\]#si", $text, $matches);

for ($i = 0; $i < $match_count; $i++)
{
$before_replace = $matches[1][$i];
$after_replace = trim($matches[1][$i]);
$str_to_match = "[php:1:$uid]" . $before_replace . "[/php:1:$uid]";
$replacement = $code_start_html;
$after_replace = str_replace('<', '<', $after_replace);
$after_replace = str_replace('>', '>', $after_replace);
$after_replace = str_replace('&', '&', $after_replace);
$added = FALSE;
if (preg_match('/^<\?.*?\?>$/si', $after_replace) <= 0)
{
$after_replace = "<?php $after_replace ?>";
$added = TRUE;
}
if(strcmp('4.2.0', phpversion()) > 0)
{
ob_start();
highlight_string($after_replace);
$after_replace = ob_get_contents();
ob_end_clean();
}
else
{
$after_replace = highlight_string($after_replace, TRUE);
}
if ($added == TRUE)
{
$after_replace = str_replace('<?php ', '', $after_replace);
$after_replace = str_replace('?>', '', $after_replace);
}
$after_replace = preg_replace('//si', '', $after_replace);
$after_replace = str_replace('', '', $after_replace);
$after_replace = str_replace("\n", '', $after_replace);
$replacement .= $after_replace;
$replacement .= $code_end_html;

$text = str_replace($str_to_match, $replacement, $text);
}

$text = str_replace("[php:$uid]", $code_start_html, $text);
$text = str_replace("[/php:$uid]", $code_end_html, $text);

return $text;
}
/**
* Rewritten by Nathan Codding - Feb 6, 2001.
* - Goes through the given string, and replaces xxxx://yyyy with an HTML <a> tag linking
* to that URL
* - Goes through the given string, and replaces www.xxxx.yyyy[zzzz] with an HTML <a> tag linking
* to http://www.xxxx.yyyy[/zzzz]
* - Goes through the given string, and replaces xxxx@yyyy with an HTML mailto: tag linking
* to that email address
* - Only matches these 2 patterns either after a space, or at the beginning of a line
*
* Notes: the email one might get annoying - it's easy to make it more restrictive, though.. maybe
* have it require something like xxxx@yyyy.zzzz or such. We'll see.
*/
function make_clickable($text)
{
$text = preg_replace('#(script|about|applet|activex|chrome):#is', "\\1:", $text);

// pad it with a space so we can match things at the start of the 1st line.
$ret = ' ' . $text;

// matches an "xxxx://yyyy" URL at the start of a line, or after a space.
// xxxx can only be alpha characters.
// yyyy is anything up to the first space, newline, comma, double quote or <
$ret = preg_replace("#(^|[\n ])([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*)#is", "\\1<a href=\"\\2\" target=\"_blank\">\\2</a>", $ret);

// matches a "www|ftp.xxxx.yyyy[/zzzz]" kinda lazy URL thing
// Must contain at least 2 dots. xxxx contains either alphanum, or "-"
// zzzz is optional.. will contain everything up to the first space, newline,
// comma, double quote or <.
$ret = preg_replace("#(^|[\n ])((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*)#is", "\\1<a href=\"http://\\2\" target=\"_blank\">\\2</a>", $ret);

// matches an email@domain type address at the start of a line, or after a space.
// Note: Only the followed chars are valid; alphanums, "-", "_" and or ".".
$ret = preg_replace("#(^|[\n ])([a-z0-9&\-_.]+?)@([\w\-]+\.([\w\-\.]+\.)*[\w]+)#i", "\\1<a href=\"mailto:\\2@\\3\">\\2@\\3</a>", $ret);

// Remove our padding..
$ret = substr($ret, 1);

return($ret);
}

/**
* Nathan Codding - Feb 6, 2001
* Reverses the effects of make_clickable(), for use in editpost.
* - Does not distinguish between "www.xxxx.yyyy" and "http://aaaa.bbbb" type URLs.
*
*/
function undo_make_clickable($text)
{
$text = preg_replace("#<a href=\"(.*?)\" target=\"_blank\">.*?</a>#i", "\\1", $text);
$text = preg_replace("#<a href=\"mailto:(.*?)\">.*?</a>#i", "\\1", $text);

return $text;

}

/**
* Nathan Codding - August 24, 2000.
* Takes a string, and does the reverse of the PHP standard function
* htmlspecialchars().
*/
function undo_htmlspecialchars($input)
{
$input = preg_replace("/>/i", ">", $input);
$input = preg_replace("/</i", "<", $input);
$input = preg_replace("/"/i", "\"", $input);
$input = preg_replace("/&/i", "&", $input);

return $input;
}

/**
* This is used to change a [*] tag into a [*:$uid] tag as part
* of the first-pass bbencoding of [list] tags. It fits the
* standard required in order to be passed as a variable
* function into bbencode_first_pass_pda().
*/
function replace_listitems($text, $uid)
{
$text = str_replace("[*]", "[*:$uid]", $text);

return $text;
}

/**
* Escapes the "/" character with "\/". This is useful when you need
* to stick a runtime string into a PREG regexp that is being delimited
* with slashes.
*/
function escape_slashes($input)
{
$output = str_replace('/', '\/', $input);
return $output;
}

/**
* This function does exactly what the PHP4 function array_push() does
* however, to keep phpBB compatable with PHP 3 we had to come up with our own
* method of doing it.
* This function was deprecated in phpBB 2.0.18
*/
function bbcode_array_push(&$stack, $value)
{
$stack[] = $value;
return(sizeof($stack));
}

/**
* This function does exactly what the PHP4 function array_pop() does
* however, to keep phpBB compatable with PHP 3 we had to come up with our own
* method of doing it.
* This function was deprecated in phpBB 2.0.18
*/
function bbcode_array_pop(&$stack)
{
$arrSize = count($stack);
$x = 1;

while(list($key, $val) = each($stack))
{
if($x < count($stack))
{
$tmpArr[] = $val;
}
else
{
$return_val = $val;
}
$x++;
}
$stack = $tmpArr;

return($return_val);
}

//
// Smilies code ... would this be better tagged on to the end of bbcode.php?
// Probably so and I'll move it before B2
//
function smilies_pass($message)
{
static $orig, $repl;

if (!isset($orig))
{
global $db, $board_config;
$orig = $repl = array();

$sql = 'SELECT * FROM ' . SMILIES_TABLE;
if( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't obtain smilies data", "", __LINE__, __FILE__, $sql);
}
$smilies = $db->sql_fetchrowset($result);

if (count($smilies))
{
usort($smilies, 'smiley_sort');
}

for ($i = 0; $i < count($smilies); $i++)
{
$orig[] = "/(?<=.\W|\W.|^\W)" . preg_quote($smilies[$i]['code'], "/") . "(?=.\W|\W.|\W$)/";
$repl[] = '<img src="'. $board_config['smilies_path'] . '/' . $smilies[$i]['smile_url'] . '" alt="' . $smilies[$i]['emoticon'] . '" border="0" />';
}
}

if (count($orig))
{
$message = preg_replace($orig, $repl, ' ' . $message . ' ');
$message = substr($message, 1, -1);
}

return $message;
}
function acronym_pass($message)
{
static $orig, $repl;

if( !isset($orig) )
{
global $db, $board_config;
$orig = $repl = array();

$sql = 'SELECT * FROM ' . ACRONYMS_TABLE;
if( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't obtain acronyms data", "", __LINE__, __FILE__, $sql);
}

$acronyms = $db->sql_fetchrowset($result);

if( count($acronyms) )
{
usort( $acronyms, 'acronym_sort' );
}

for ($i = 0; $i < count($acronyms); $i++)
{
$orig[] = '#\b(' . preg_quote( $acronyms[$i]['acronym'], "/") . ')\b#';
//$orig[] = "/(?<=.\W|\W.|^\W)" . phpbb_preg_quote($acronyms[$i]['acronym'], "/") . "(?=.\W|\W.|\W$)/";
$repl[] = '<acronym title="' . $acronyms[$i]['description'] . '">' . $acronyms[$i]['acronym'] . '</acronym>'; ;
}
}

if( count( $orig ) )
{
$segments = preg_split( '#(<acronym.+?>.+?</acronym>|<.+?>)#s' , $message, -1, PREG_SPLIT_NO_EMPTY | PREG_SPLIT_DELIM_CAPTURE);

$message = '';

foreach( $segments as $seg )
{
if( $seg[0] != '<' && $seg[0] != '[' )
{
$message .= str_replace('\"', '"', substr(preg_replace('#(\>(((?>([^><]+|(?R)))*)\<))#se', "preg_replace(\$orig, \$repl, '\\0')", '>' . $seg . '<'), 1, -1));
}
else
{
$message .= $seg;
}
}
}

return $message;
}
function smiley_sort($a, $b)
{
if ( strlen($a['code']) == strlen($b['code']) )
{
return 0;
}

return ( strlen($a['code']) > strlen($b['code']) ) ? -1 : 1;
}
function acronym_sort($a, $b)
{
if ( strlen($a['acronym']) == strlen($b['acronym']) )
{
return 0;
}

return ( strlen($a['acronym']) > strlen($b['acronym']) ) ? -1 : 1;
}
?>
[/code]

Thanks in advance for any additional help or direction.

Mail an Admin · Support Team Member Anmeldungsdatum: 26.11.2004 Beiträge: 1218

You removed the code already, you have to change the [web]-Code with the one I've posted instead of removing the whole Mod Wink

But since you're the only one who could use [web], we don't need the button anymore, so here is a complete manual:

Code:

#
#----[OPEN]-------------------------------------------------
#

includes/bbcode.php

#
#----[FIND]--------------------------------------------------
#

$bbcode_tpl['img'] = str_replace('{URL}', '\\1', $bbcode_tpl['img']);

#
#----[AFTER ADD]-------------------------------------------
#

$bbcode_tpl['web'] = str_replace('{URL}', '\\1', $bbcode_tpl['web']);

#
#----[FIND]---------------------------------------------------
#

// [img]image_url_here[/img] code..
// This one gets first-passed..
$patterns[] = "#\[img:$uid\]([^?].*?)\[/img:$uid\]#i";
$replacements[] = $bbcode_tpl['img'];

#
#----[AFTER ADD]--------------------------------------------
#

//web
$patterns[] = "#\[web:$uid\](.*?)\[/web:$uid\]#si";
$replacements[] = $bbcode_tpl['web'];

#
#----[FIND]----------------------------------------------------
#

// [img]image_url_here[/img] code..
$text = preg_replace("#\[img\]((http|ftp|https|ftps)://)([^ \?&=\#\"\n\r\t<]*?(\.(jpg|jpeg|gif|png)))\[/img\]#sie", "'[img:$uid]\\1' . str_replace(' ', '%20', '\\3') . '[/img:$uid]'", $text);

#
#----[AFTER ADD]---------------------------------------------
#

// pass [web] only if poster is a admin
global $userdata;
if ($userdata['user_level'] == ADMIN)
{
// [web]and[/web]
$text = preg_replace("#\[web\](http(s)?://)([a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+]+)\[/web\]#si", "[web:$uid]\\1\\3[/web:$uid]", $text);
}
// pass [web] only if poster is a admin

#
#----[OPEN]----------------------------------------------------
#

templates/yourtemplate/bbcode.tpl

#
#----[FIND]-----------------------------------------------------
#

<img src="{URL}" alt="Image" title="Image" border="0" />

#
#----[AFTER ADD]----------------------------------------------
#

<iframe width="100%" height="350" src="{URL}"></iframe>