Loading sources/comcode_compiler.php +31 −14 Original line number Diff line number Diff line Loading @@ -569,8 +569,19 @@ function __comcode_to_tempcode($comcode, $source_member, $as_admin, $wrap_pos, $ case CCP_NO_MANS_LAND: if ($next === '[') { // Look ahead to make sure it's a valid tag. If it's not then it's considered normal user input, not a tag at all $dif = (($pos < $len) && ($comcode[$pos] === '/')) ? 1 : 0; // '0' if it's an opening tag, '1' if it's a closing tag $ahead = substr($comcode, $pos + $dif, MAX_COMCODE_TAG_LOOK_AHEAD_LENGTH); $next_2 = $comcode[$pos]; $dif = 0; // '0' if it's an opening tag if ($pos < $len) { if ($next_2 === '/') { $dif = 1; // '1' if it's a closing tag } else { $matches = array(); if (($pos + 1 < $len) && (preg_match('#^\s*/#', substr($comcode, $pos), $matches) != 0)) { $dif = strlen($matches[0]); // A closing tag with odd spaces } } } $ahead = ltrim(substr($comcode, $pos + $dif, MAX_COMCODE_TAG_LOOK_AHEAD_LENGTH)); $equal_pos = strpos($ahead, '='); $space_pos = strpos($ahead, ' '); $end_pos = strpos($ahead, ']'); Loading @@ -593,10 +604,10 @@ function __comcode_to_tempcode($comcode, $source_member, $as_admin, $wrap_pos, $ } $use_pos = min($equal_pos, $space_pos, $end_pos, $lax_end_pos, $cl_pos); $potential_tag = strtolower(substr($ahead, 0, $use_pos)); if (($use_pos != 22) && ((!$in_semihtml) || ($dif === 1) || (($potential_tag != 'html') && ($potential_tag != 'semihtml'))) && ((!$in_html) || (($dif === 1) && ($potential_tag === 'html'))) && ((!$in_code_tag) || ((isset($CODE_TAGS[$potential_tag])) && ($potential_tag === $current_tag))) && ((!$structure_sweep) || ($potential_tag != 'contents'))) { $potential_tag = trim(strtolower(substr($ahead, 0, $use_pos))); if (($use_pos != 22) && ((!$in_semihtml) || ($dif !== 0) || (($potential_tag != 'html') && ($potential_tag != 'semihtml'))) && ((!$in_html) || (($dif !== 0) && ($potential_tag === 'html'))) && ((!$in_code_tag) || ((isset($CODE_TAGS[$potential_tag])) && ($potential_tag === $current_tag))) && ((!$structure_sweep) || ($potential_tag != 'contents'))) { if ($in_code_tag) { if ($dif === 1) { if ($dif !== 0) { $code_nest_stack--; } else { $code_nest_stack++; Loading Loading @@ -963,10 +974,11 @@ function __comcode_to_tempcode($comcode, $source_member, $as_admin, $wrap_pos, $ $tag_output->attach($continuation); $continuation = ''; if ($comcode[$pos] === '+') { $p_end = $pos + 5; $p_end = $pos + 1; $matches = array(); while ($p_end < $len) { $p_portion = substr($comcode, $pos - 1, $p_end - ($pos - 1) + 5); if (substr_count($p_portion, '{+START') === substr_count($p_portion, '{+END')) { $p_portion = substr($comcode, $pos - 1, strpos($comcode, '}', $p_end) - ($pos - 1) + 1); if (preg_match_all('#\{\+\s*START\s*,#', $p_portion, $matches) == preg_match_all('#\{\+\s*END\s*\}#', $p_portion, $matches)) { break; } $p_end++; Loading @@ -983,7 +995,7 @@ function __comcode_to_tempcode($comcode, $source_member, $as_admin, $wrap_pos, $ $p_opener = substr($comcode, $pos - 1, $p_len + 1); $p_portion = substr($comcode, $pos + $p_len, $p_end - ($pos + $p_len)); $p_closer = substr($comcode, $p_end, 6); $p_closer = substr($comcode, $p_end, strpos($comcode, '}', $p_end) - $p_end + 1); if ($semiparse_mode) { $ret = new Tempcode(); Loading @@ -1005,14 +1017,14 @@ function __comcode_to_tempcode($comcode, $source_member, $as_admin, $wrap_pos, $ } else { require_code('tempcode_compiler'); $ret = template_to_tempcode($p_opener . '{DIRECTIVE_EMBEDMENT}' . $p_closer); if (substr($comcode, $pos - 1, strlen('{+START,CASES,')) === '{+START,CASES,') { if (preg_match('#^\{\+\s*START\s*,\s*CASES\s*,#', substr($comcode, $pos - 1, 30)) != 0) { $ret->singular_bind('DIRECTIVE_EMBEDMENT', make_string_tempcode($p_portion)); } else { $p_portion_comcode = comcode_to_tempcode($p_portion, $source_member, $as_admin, $wrap_pos, $pass_id, $connection, $semiparse_mode, $preparse_mode, $in_semihtml, $structure_sweep, $check_only, $highlight_bits, $on_behalf_of_member); $ret->singular_bind('DIRECTIVE_EMBEDMENT', $p_portion_comcode); } $pos = $p_end + 6; $pos = $p_end + strlen($p_closer); } } elseif ($comcode[$pos] === '!') { $p_len = $pos; Loading Loading @@ -1739,7 +1751,7 @@ function __comcode_to_tempcode($comcode, $source_member, $as_admin, $wrap_pos, $ if ($next === '=') { $status = CCP_IN_TAG_BETWEEN_ATTRIBUTE_NAME_VALUE_RIGHT; $current_attribute_name = 'param'; } elseif (trim($next) === '') { } elseif ((!$close) && (trim($next) === '')) { $status = CCP_IN_TAG_BETWEEN_ATTRIBUTES; } elseif ($next === '[') { if (!$lax) { Loading Loading @@ -1876,8 +1888,10 @@ function __comcode_to_tempcode($comcode, $source_member, $as_admin, $wrap_pos, $ } } } elseif ($status === CCP_IN_TAG_NAME) { if (trim($next) != '') { $current_tag .= strtolower($next); } } break; case CCP_STARTING_TAG: Loading @@ -1896,7 +1910,7 @@ function __comcode_to_tempcode($comcode, $source_member, $as_admin, $wrap_pos, $ $status = CCP_NO_MANS_LAND; } elseif ($next === '/') { $close = true; } else { } elseif (trim($next) != '') { $current_tag .= strtolower($next); $status = CCP_IN_TAG_NAME; } Loading Loading @@ -1941,6 +1955,9 @@ function __comcode_to_tempcode($comcode, $source_member, $as_admin, $wrap_pos, $ } $pos--; } elseif ($next == '=') { $status = CCP_IN_TAG_BETWEEN_ATTRIBUTE_NAME_VALUE_RIGHT; $current_attribute_name = 'param'; } elseif (trim($next) != '') { $status = CCP_IN_TAG_ATTRIBUTE_NAME; $current_attribute_name = $next; Loading sources/comcode_renderer.php +1 −0 Original line number Diff line number Diff line Loading @@ -1416,6 +1416,7 @@ function _do_tags_comcode($tag, $attributes, $embed, $comcode_dangerous, $pass_i if (is_integer($key)) { $key = strval($key); } $_attributes[] = $key . '=' . $val; } $temp_tpl = symbol_tempcode('BLOCK', $_attributes); Loading sources/symbols.php +7 −1 Original line number Diff line number Diff line Loading @@ -63,6 +63,8 @@ function init__symbols() */ function ecv($lang, $escaped, $type, $name, $param) { $name = trim($name); // SYMBOLS... if ($type === TC_SYMBOL) { // Built-in Loading Loading @@ -3047,6 +3049,10 @@ function ecv_BLOCK($lang, $escaped, $param) $param_2 = $param; } foreach ($param_2 as &$_param) { $_param = preg_replace('#^\s*([^\s]+)\s*=#', '$1=', $_param); } if (in_array('defer=1', $param_2)) { $value = static_evaluate_tempcode(do_template('JS_BLOCK', array('_GUID' => '2334719e23b2773ad04fe0fcbdce684d', 'BLOCK_PARAMS' => block_params_arr_to_str($param_2)))); } else { Loading Loading @@ -4763,7 +4769,7 @@ function ecv_ADDON_INSTALLED($lang, $escaped, $param) $value = ''; if ((isset($param[0])) && (!running_script('install'))) { $value = (addon_installed($param[0], (isset($param[1])) && ($param[1] == '1'))) ? '1' : '0'; $value = (addon_installed(trim($param[0]), (isset($param[1])) && ($param[1] == '1'))) ? '1' : '0'; } if ($GLOBALS['XSS_DETECT']) { Loading sources/tempcode.php +5 −1 Original line number Diff line number Diff line Loading @@ -1059,6 +1059,10 @@ function handle_symbol_preprocessing($seq_part, &$children) $param = block_params_str_to_arr($param[0], true); } foreach ($param as &$_param) { $_param = preg_replace('#^\s*([^\s]+)\s*=#', '$1=', $_param); } if (in_array('defer=1', $param)) { // Nothing has to be done here, except preparing for AJAX require_javascript('ajax'); Loading Loading @@ -1095,7 +1099,7 @@ function handle_symbol_preprocessing($seq_part, &$children) $before = memory_get_usage(); } if (isset($block_parms['block'])) { $b_value = do_block($block_parms['block'], $block_parms); $b_value = do_block(trim($block_parms['block']), $block_parms); if ((isset($_GET['keep_show_loading'])) && ($_GET['keep_show_loading'] == '1')) { if (function_exists('attach_message')) { attach_message('block: ' . $block_parms['block'] . ' (' . clean_file_size(memory_get_usage() - $before) . ' used, now at ' . integer_format(memory_get_usage()) . ')', 'inform'); Loading sources/tempcode_compiler.php +6 −6 Original line number Diff line number Diff line Loading @@ -197,19 +197,19 @@ function compile_template($data, $template_name, $theme, $lang, $tolerate_errors switch (isset($next_token[0]) ? $next_token[0] : '') { case '$': $current_level_mode = PARSE_SYMBOL; $current_level_data[] = '"' . php_addslashes(($next_token === '$') ? '' : substr($next_token, 1)) . '"'; $current_level_data[] = '"' . php_addslashes(($next_token === '$') ? '' : trim(substr($next_token, 1))) . '"'; break; case '+': $current_level_mode = PARSE_DIRECTIVE; $current_level_data[] = '"' . php_addslashes(($next_token === '+') ? '' : substr($next_token, 1)) . '"'; $current_level_data[] = '"' . php_addslashes(($next_token === '+') ? '' : trim(substr($next_token, 1))) . '"'; break; case '!': $current_level_mode = PARSE_LANGUAGE_REFERENCE; $current_level_data[] = '"' . php_addslashes(($next_token === '!') ? '' : substr($next_token, 1)) . '"'; $current_level_data[] = '"' . php_addslashes(($next_token === '!') ? '' : trim(substr($next_token, 1))) . '"'; break; default: $current_level_mode = PARSE_PARAMETER; $current_level_data[] = '"' . php_addslashes($next_token) . '"'; $current_level_data[] = '"' . php_addslashes(trim($next_token)) . '"'; break; } $current_level_params = array(); Loading Loading @@ -495,7 +495,7 @@ function compile_template($data, $template_name, $theme, $lang, $tolerate_errors // Handle directive nesting if ($past_level_mode === PARSE_DIRECTIVE) { $tpl_funcs = array(); $eval = debug_eval('return ' . $first_param . ';', $tpl_funcs, array(), $cl); $eval = trim(debug_eval('return ' . $first_param . ';', $tpl_funcs, array(), $cl)); if (!is_string($eval)) { $eval = ''; } Loading Loading @@ -565,7 +565,7 @@ function compile_template($data, $template_name, $theme, $lang, $tolerate_errors } } $tpl_funcs = array(); $eval = debug_eval('return ' . implode('.', $directive_opener_params[1]) . ';', $tpl_funcs, array(), $cl); $eval = trim(debug_eval('return ' . implode('.', $directive_opener_params[1]) . ';', $tpl_funcs, array(), $cl)); if (!is_string($eval)) { $eval = ''; } Loading Loading
sources/comcode_compiler.php +31 −14 Original line number Diff line number Diff line Loading @@ -569,8 +569,19 @@ function __comcode_to_tempcode($comcode, $source_member, $as_admin, $wrap_pos, $ case CCP_NO_MANS_LAND: if ($next === '[') { // Look ahead to make sure it's a valid tag. If it's not then it's considered normal user input, not a tag at all $dif = (($pos < $len) && ($comcode[$pos] === '/')) ? 1 : 0; // '0' if it's an opening tag, '1' if it's a closing tag $ahead = substr($comcode, $pos + $dif, MAX_COMCODE_TAG_LOOK_AHEAD_LENGTH); $next_2 = $comcode[$pos]; $dif = 0; // '0' if it's an opening tag if ($pos < $len) { if ($next_2 === '/') { $dif = 1; // '1' if it's a closing tag } else { $matches = array(); if (($pos + 1 < $len) && (preg_match('#^\s*/#', substr($comcode, $pos), $matches) != 0)) { $dif = strlen($matches[0]); // A closing tag with odd spaces } } } $ahead = ltrim(substr($comcode, $pos + $dif, MAX_COMCODE_TAG_LOOK_AHEAD_LENGTH)); $equal_pos = strpos($ahead, '='); $space_pos = strpos($ahead, ' '); $end_pos = strpos($ahead, ']'); Loading @@ -593,10 +604,10 @@ function __comcode_to_tempcode($comcode, $source_member, $as_admin, $wrap_pos, $ } $use_pos = min($equal_pos, $space_pos, $end_pos, $lax_end_pos, $cl_pos); $potential_tag = strtolower(substr($ahead, 0, $use_pos)); if (($use_pos != 22) && ((!$in_semihtml) || ($dif === 1) || (($potential_tag != 'html') && ($potential_tag != 'semihtml'))) && ((!$in_html) || (($dif === 1) && ($potential_tag === 'html'))) && ((!$in_code_tag) || ((isset($CODE_TAGS[$potential_tag])) && ($potential_tag === $current_tag))) && ((!$structure_sweep) || ($potential_tag != 'contents'))) { $potential_tag = trim(strtolower(substr($ahead, 0, $use_pos))); if (($use_pos != 22) && ((!$in_semihtml) || ($dif !== 0) || (($potential_tag != 'html') && ($potential_tag != 'semihtml'))) && ((!$in_html) || (($dif !== 0) && ($potential_tag === 'html'))) && ((!$in_code_tag) || ((isset($CODE_TAGS[$potential_tag])) && ($potential_tag === $current_tag))) && ((!$structure_sweep) || ($potential_tag != 'contents'))) { if ($in_code_tag) { if ($dif === 1) { if ($dif !== 0) { $code_nest_stack--; } else { $code_nest_stack++; Loading Loading @@ -963,10 +974,11 @@ function __comcode_to_tempcode($comcode, $source_member, $as_admin, $wrap_pos, $ $tag_output->attach($continuation); $continuation = ''; if ($comcode[$pos] === '+') { $p_end = $pos + 5; $p_end = $pos + 1; $matches = array(); while ($p_end < $len) { $p_portion = substr($comcode, $pos - 1, $p_end - ($pos - 1) + 5); if (substr_count($p_portion, '{+START') === substr_count($p_portion, '{+END')) { $p_portion = substr($comcode, $pos - 1, strpos($comcode, '}', $p_end) - ($pos - 1) + 1); if (preg_match_all('#\{\+\s*START\s*,#', $p_portion, $matches) == preg_match_all('#\{\+\s*END\s*\}#', $p_portion, $matches)) { break; } $p_end++; Loading @@ -983,7 +995,7 @@ function __comcode_to_tempcode($comcode, $source_member, $as_admin, $wrap_pos, $ $p_opener = substr($comcode, $pos - 1, $p_len + 1); $p_portion = substr($comcode, $pos + $p_len, $p_end - ($pos + $p_len)); $p_closer = substr($comcode, $p_end, 6); $p_closer = substr($comcode, $p_end, strpos($comcode, '}', $p_end) - $p_end + 1); if ($semiparse_mode) { $ret = new Tempcode(); Loading @@ -1005,14 +1017,14 @@ function __comcode_to_tempcode($comcode, $source_member, $as_admin, $wrap_pos, $ } else { require_code('tempcode_compiler'); $ret = template_to_tempcode($p_opener . '{DIRECTIVE_EMBEDMENT}' . $p_closer); if (substr($comcode, $pos - 1, strlen('{+START,CASES,')) === '{+START,CASES,') { if (preg_match('#^\{\+\s*START\s*,\s*CASES\s*,#', substr($comcode, $pos - 1, 30)) != 0) { $ret->singular_bind('DIRECTIVE_EMBEDMENT', make_string_tempcode($p_portion)); } else { $p_portion_comcode = comcode_to_tempcode($p_portion, $source_member, $as_admin, $wrap_pos, $pass_id, $connection, $semiparse_mode, $preparse_mode, $in_semihtml, $structure_sweep, $check_only, $highlight_bits, $on_behalf_of_member); $ret->singular_bind('DIRECTIVE_EMBEDMENT', $p_portion_comcode); } $pos = $p_end + 6; $pos = $p_end + strlen($p_closer); } } elseif ($comcode[$pos] === '!') { $p_len = $pos; Loading Loading @@ -1739,7 +1751,7 @@ function __comcode_to_tempcode($comcode, $source_member, $as_admin, $wrap_pos, $ if ($next === '=') { $status = CCP_IN_TAG_BETWEEN_ATTRIBUTE_NAME_VALUE_RIGHT; $current_attribute_name = 'param'; } elseif (trim($next) === '') { } elseif ((!$close) && (trim($next) === '')) { $status = CCP_IN_TAG_BETWEEN_ATTRIBUTES; } elseif ($next === '[') { if (!$lax) { Loading Loading @@ -1876,8 +1888,10 @@ function __comcode_to_tempcode($comcode, $source_member, $as_admin, $wrap_pos, $ } } } elseif ($status === CCP_IN_TAG_NAME) { if (trim($next) != '') { $current_tag .= strtolower($next); } } break; case CCP_STARTING_TAG: Loading @@ -1896,7 +1910,7 @@ function __comcode_to_tempcode($comcode, $source_member, $as_admin, $wrap_pos, $ $status = CCP_NO_MANS_LAND; } elseif ($next === '/') { $close = true; } else { } elseif (trim($next) != '') { $current_tag .= strtolower($next); $status = CCP_IN_TAG_NAME; } Loading Loading @@ -1941,6 +1955,9 @@ function __comcode_to_tempcode($comcode, $source_member, $as_admin, $wrap_pos, $ } $pos--; } elseif ($next == '=') { $status = CCP_IN_TAG_BETWEEN_ATTRIBUTE_NAME_VALUE_RIGHT; $current_attribute_name = 'param'; } elseif (trim($next) != '') { $status = CCP_IN_TAG_ATTRIBUTE_NAME; $current_attribute_name = $next; Loading
sources/comcode_renderer.php +1 −0 Original line number Diff line number Diff line Loading @@ -1416,6 +1416,7 @@ function _do_tags_comcode($tag, $attributes, $embed, $comcode_dangerous, $pass_i if (is_integer($key)) { $key = strval($key); } $_attributes[] = $key . '=' . $val; } $temp_tpl = symbol_tempcode('BLOCK', $_attributes); Loading
sources/symbols.php +7 −1 Original line number Diff line number Diff line Loading @@ -63,6 +63,8 @@ function init__symbols() */ function ecv($lang, $escaped, $type, $name, $param) { $name = trim($name); // SYMBOLS... if ($type === TC_SYMBOL) { // Built-in Loading Loading @@ -3047,6 +3049,10 @@ function ecv_BLOCK($lang, $escaped, $param) $param_2 = $param; } foreach ($param_2 as &$_param) { $_param = preg_replace('#^\s*([^\s]+)\s*=#', '$1=', $_param); } if (in_array('defer=1', $param_2)) { $value = static_evaluate_tempcode(do_template('JS_BLOCK', array('_GUID' => '2334719e23b2773ad04fe0fcbdce684d', 'BLOCK_PARAMS' => block_params_arr_to_str($param_2)))); } else { Loading Loading @@ -4763,7 +4769,7 @@ function ecv_ADDON_INSTALLED($lang, $escaped, $param) $value = ''; if ((isset($param[0])) && (!running_script('install'))) { $value = (addon_installed($param[0], (isset($param[1])) && ($param[1] == '1'))) ? '1' : '0'; $value = (addon_installed(trim($param[0]), (isset($param[1])) && ($param[1] == '1'))) ? '1' : '0'; } if ($GLOBALS['XSS_DETECT']) { Loading
sources/tempcode.php +5 −1 Original line number Diff line number Diff line Loading @@ -1059,6 +1059,10 @@ function handle_symbol_preprocessing($seq_part, &$children) $param = block_params_str_to_arr($param[0], true); } foreach ($param as &$_param) { $_param = preg_replace('#^\s*([^\s]+)\s*=#', '$1=', $_param); } if (in_array('defer=1', $param)) { // Nothing has to be done here, except preparing for AJAX require_javascript('ajax'); Loading Loading @@ -1095,7 +1099,7 @@ function handle_symbol_preprocessing($seq_part, &$children) $before = memory_get_usage(); } if (isset($block_parms['block'])) { $b_value = do_block($block_parms['block'], $block_parms); $b_value = do_block(trim($block_parms['block']), $block_parms); if ((isset($_GET['keep_show_loading'])) && ($_GET['keep_show_loading'] == '1')) { if (function_exists('attach_message')) { attach_message('block: ' . $block_parms['block'] . ' (' . clean_file_size(memory_get_usage() - $before) . ' used, now at ' . integer_format(memory_get_usage()) . ')', 'inform'); Loading
sources/tempcode_compiler.php +6 −6 Original line number Diff line number Diff line Loading @@ -197,19 +197,19 @@ function compile_template($data, $template_name, $theme, $lang, $tolerate_errors switch (isset($next_token[0]) ? $next_token[0] : '') { case '$': $current_level_mode = PARSE_SYMBOL; $current_level_data[] = '"' . php_addslashes(($next_token === '$') ? '' : substr($next_token, 1)) . '"'; $current_level_data[] = '"' . php_addslashes(($next_token === '$') ? '' : trim(substr($next_token, 1))) . '"'; break; case '+': $current_level_mode = PARSE_DIRECTIVE; $current_level_data[] = '"' . php_addslashes(($next_token === '+') ? '' : substr($next_token, 1)) . '"'; $current_level_data[] = '"' . php_addslashes(($next_token === '+') ? '' : trim(substr($next_token, 1))) . '"'; break; case '!': $current_level_mode = PARSE_LANGUAGE_REFERENCE; $current_level_data[] = '"' . php_addslashes(($next_token === '!') ? '' : substr($next_token, 1)) . '"'; $current_level_data[] = '"' . php_addslashes(($next_token === '!') ? '' : trim(substr($next_token, 1))) . '"'; break; default: $current_level_mode = PARSE_PARAMETER; $current_level_data[] = '"' . php_addslashes($next_token) . '"'; $current_level_data[] = '"' . php_addslashes(trim($next_token)) . '"'; break; } $current_level_params = array(); Loading Loading @@ -495,7 +495,7 @@ function compile_template($data, $template_name, $theme, $lang, $tolerate_errors // Handle directive nesting if ($past_level_mode === PARSE_DIRECTIVE) { $tpl_funcs = array(); $eval = debug_eval('return ' . $first_param . ';', $tpl_funcs, array(), $cl); $eval = trim(debug_eval('return ' . $first_param . ';', $tpl_funcs, array(), $cl)); if (!is_string($eval)) { $eval = ''; } Loading Loading @@ -565,7 +565,7 @@ function compile_template($data, $template_name, $theme, $lang, $tolerate_errors } } $tpl_funcs = array(); $eval = debug_eval('return ' . implode('.', $directive_opener_params[1]) . ';', $tpl_funcs, array(), $cl); $eval = trim(debug_eval('return ' . implode('.', $directive_opener_params[1]) . ';', $tpl_funcs, array(), $cl)); if (!is_string($eval)) { $eval = ''; } Loading
