duanmiaosi0150 2010-08-10 17:49
浏览 17
已采纳

如何停止BB代码操作(第二部分)?

I recently discovered an issue where people using BB Code to enter links are able to manipulate them.

They are meant to enter something like: 

[LINK=http://www.domain.com]example text[/LINK]

However they can enter something like this to make the link color red: 

[LINK=http://www.domain.com 'span style="color:red;"']example text[/LINK]

This is the code which converts it: 

$text = preg_replace("/\[LINK\=(.*?)\](.*?)\[\/LINK\]/is", "<a href='$1' target='_blank'>$2</a>", $text);

Someone else was kind enough to provide a solution to a very similar problem but they want me to start a new question for this. Their solution just needs adapting. I have tried myself but I really can't get it to work. How to stop BB Code manipulation?

  • 写回答

3条回答 默认 最新

  • doumindang2416 2010-08-10 17:59
    关注
    preg_replace_callback("/\\[LINK\=(.*?)\\\](.*?)\\[\/LINK\\]/is",
    function (array $matches) {
        if (filter_var($matches[1], FILTER_VALIDATE_URL))
            return '<a href="'.
                htmlspecialchars($matches[1], ENT_QUOTES).
                '" target="_blank">'.
                htmlspecialchars($matches[2])."</a>";
        else
            return "INVALID MARKUP";
    }, $text);

    Use a callback to validate the URL and don't forget htmlspecialchars.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥15 R语言 拟时序分析降维图如何减少分支
  • ¥15 Fluent齿轮搅油
  • ¥15 八爪鱼爬数据为什么自己停了
  • ¥15 交替优化波束形成和ris反射角使保密速率最大化
  • ¥15 树莓派与pix飞控通信
  • ¥15 自动转发微信群信息到另外一个微信群
  • ¥15 outlook无法配置成功
  • ¥30 这是哪个作者做的宝宝起名网站
  • ¥60 版本过低apk如何修改可以兼容新的安卓系统
  • ¥25 由IPR导致的DRIVER_POWER_STATE_FAILURE蓝屏