Smiley module: bug with entities and smiley substitution #827

Closed
Phorum opened this Issue Jun 11, 2011 · 1 comment

Projects

None yet

2 participants

@Phorum

There a subtle bug in the smileys module. Sample string a user writes into a message
{{{
")
}}}
The smiley module utilizes the format_fixup hook which receives this data:
{{{
")
}}}
Now the smiley module, which by default contains the ;) smiley, replaces this into
{{{
&quot<img ....
}}}

I first tried to attack this with a single preg_replace() for subject/body by using PCREs negative lookbehind assertions, unfortunately they do not support variable pattern lengths. This is the best pattern I came up with, which isn't supported:
{{{
/(?<!&([A-Za-z]+|#[0-9]+));)/

preg_replace(): Compilation failed: lookbehind assertion is not fixed length
}}}

Second approach was to first use preg_split to split the string on the entities and then build it back again and only apply smiley replacement on the non-entity captured elements (they're the only ones with a & at the start). This is the solution we're using now, patch is attached.

Reported by: Markus markus@fischer.name
Imported from TRAC: http://trac.phorum.org/ticket/933

@oricgn oricgn added this to the Phorum 5.2.x - Next Stable milestone Sep 11, 2015
@oricgn oricgn added a commit to oricgn/phorum-core that referenced this issue Sep 15, 2015
@oricgn oricgn Do not substitute smileys in html entites (Issue #827) 9908171
@oricgn oricgn added a commit to oricgn/phorum-core that referenced this issue Sep 15, 2015
@oricgn oricgn Do not substitute smileys in html entites (Issue #827) 409e98b
@oricgn

Patch included in Phorum 5.2 with commit 9908171 and in 5.3 with commit 409e98b

@oricgn oricgn closed this Sep 15, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment