duanmiaosi0150 2010-08-10 17:49
浏览 17
已采纳

如何停止BB代码操作(第二部分)?

I recently discovered an issue where people using BB Code to enter links are able to manipulate them.

They are meant to enter something like: 

[LINK=http://www.domain.com]example text[/LINK]

However they can enter something like this to make the link color red: 

[LINK=http://www.domain.com 'span style="color:red;"']example text[/LINK]

This is the code which converts it: 

$text = preg_replace("/\[LINK\=(.*?)\](.*?)\[\/LINK\]/is", "<a href='$1' target='_blank'>$2</a>", $text);

Someone else was kind enough to provide a solution to a very similar problem but they want me to start a new question for this. Their solution just needs adapting. I have tried myself but I really can't get it to work. How to stop BB Code manipulation?

  • 写回答

3条回答 默认 最新

  • doumindang2416 2010-08-10 17:59
    关注
    preg_replace_callback("/\\[LINK\=(.*?)\\\](.*?)\\[\/LINK\\]/is",
    function (array $matches) {
        if (filter_var($matches[1], FILTER_VALIDATE_URL))
            return '<a href="'.
                htmlspecialchars($matches[1], ENT_QUOTES).
                '" target="_blank">'.
                htmlspecialchars($matches[2])."</a>";
        else
            return "INVALID MARKUP";
    }, $text);

    Use a callback to validate the URL and don't forget htmlspecialchars.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥20 基于MSP430f5529的MPU6050驱动,求出欧拉角
  • ¥20 Java-Oj-桌布的计算
  • ¥15 powerbuilder中的datawindow数据整合到新的DataWindow
  • ¥20 有人知道这种图怎么画吗?
  • ¥15 pyqt6如何引用qrc文件加载里面的的资源
  • ¥15 安卓JNI项目使用lua上的问题
  • ¥20 RL+GNN解决人员排班问题时梯度消失
  • ¥60 要数控稳压电源测试数据
  • ¥15 能帮我写下这个编程吗
  • ¥15 ikuai客户端l2tp协议链接报终止15信号和无法将p.p.p6转换为我的l2tp线路