PHP Htmlspecialchars & htmlentities

Forum Developing & Coding PHP & MySQL Topic

Reageren 💬 Nieuw topic 📂

Basjee

Octo

2854 posts

Geplaatst op: 06 Apr 2007, 15:12

PimpCoins: 0

💸+

Bewerken Quote

Hey guys,
Ik ben al vanaf vanochtend bezig om ervoor te zorgen dat htmlspecialchars of htmlentities goed werkt.
Ik wil namelijk dat " zo blijft en niet veranderd in "
En dat bijv <noscript> niet werkt..
Dit is ubb.php

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
<? 
// Highlight functies 
function phphighlite_replace($code) { 
    $code = trim(str_replace(""", """, $code)); 
  #$code = str_replace(""",""",$code); 
    if(empty($code)) { 
        return "[*code] [*/code]"; 
    } else { 
        array_push($GLOBALS['phphighlite'], $code); 
        return "[*code]".(count($GLOBALS['phphighlite'])-1)."[*/code]"; 
    } 
} 

function phphighlite($id, $fixed=1) { 
    $code = $GLOBALS['phphighlite'][$id]; 
    $splitted = explode("\n", $code); 
    $grootte = count($splitted)+1; 
    if(!strpos($code,"<?") && substr($code,0,2)!="<?") { 
        $code="<?".trim($code)."?>"; 
        $addedtags=1; 
    } 
    ob_start(); 
    $oldlevel=error_reporting(0); 
    highlight_string($code); 
    error_reporting($oldlevel); 
    $buffer = ob_get_contents(); 
    ob_end_clean(); 
    if(!empty($addedtags)) { 
        $openingpos = strpos($buffer,'&lt;?'); 
        $closingpos = strrpos($buffer, '?'); 
        $buffer = substr($buffer, 0, $openingpos).substr($buffer, $openingpos+5, $closingpos-($openingpos+5)).substr($buffer, $closingpos+5); 
    } 
    $page_popup = ""; 

  $return = $buffer; 
    return $return; 
} 

function ubb($string) { 
// Code 
$GLOBALS['phphighlite'] = array("dummy"); 
$string = preg_replace("_<\?(.*?)\?>_ise","phphighlite_replace('<? \\1 ?>')",$string); 
#$string = preg_replace("_\[code\](.*?)\[/code\]_ise","phphighlite_replace('\\1')",$string); 
// Enters maken 
$string = nl2br($string); 
// Cursief 
$string = preg_replace("#\[i\](.+?)\[/i\]#is","<i>\\1</i>",$string); 
// Onderstreept 
$string = preg_replace("#\[u\](.+?)\[/u\]#is","<u>\\1</u>",$string); 
// Vetgedrukt 
$string = preg_replace("#\[b\](.+?)\[/b\]#is","<b>\\1</b>",$string); 
// Doorstreept 
$string = preg_replace("#\[s\](.+?)\[/s\]#is","<s>\\1</s>",$string); 
// Links maken met behulp van tags 
$string = preg_replace("#\[url\](http|ftp)(.+?)\[/url\]#is","<a href="\\1\\2" target="_blank">\\1\\2</a>",$string); 
$string = preg_replace("#\[url\](mailto:)(.+?)\[/url]#is","<a href="\\1\\2" target="_blank">\\2</a>",$string); 
$string = preg_replace("#\[mail\](.+?)\[/mail]#is","<a href="mailto:\\1" target="_blank">\\1</a>",$string); 
$string = preg_replace("#\[url\](.+?)\[/url\]#is","<a href="http://\\1" target="_blank">\\1</a>",$string); 
$string = preg_replace("#\[url=(http|ftp|mailto)(.+?)\](.+?)\[/url\]#is","<a href="\\1\\2" target="_blank">\\3</a>",$string); 
$string = preg_replace("#\[url=(.+?)\](.+?)\[/url\]#is","<a href="http://\\1" target="_blank">\\2</a>",$string); 
// Automatisch links maken 
$string = eregi_replace("(^|[\n\r\t])((http(s?)://)(www\.)?([a-z0-9_-]+(\.[a-z0-9_-]+)+)(/[^/ \n\r]*)*)", "<a href="\\2"target="_blank">\\2</a>",$string); 
$string = eregi_replace("(^|[\n\r\t])((http(s?)://)(www\.)?([a-z0-9_-]+([a-z0-9_-]+)+)(/[^/ \n\r]*)*)", "<a href="\\2"target="_blank">\\2</a>",$string); 
$string = eregi_replace("(^|[\n\r\t])([a-z_-][a-z0-9\._-]*@[a-z0-9_-]+(\.[a-z0-9_-]+)+)","<a href="mailto:\\2">\\2</a>",$string); 
$string = eregi_replace("(^|[\n\r\t])(www\.([a-z0-9_-]+(\.[a-z0-9_-]+)+)(/[^/ \n\r]*)*)","<a href="http://\\2" target="_blank">\\2</a>",$string); 
$string = eregi_replace("(^|[\n\r\t])(www\.([a-z0-9_-]+([a-z0-9_-]+)+)(/[^/ \n\r]*)*)","<a href="http://\\2" target="_blank">\\2</a>",$string); 
$string = eregi_replace("(^|[\n\r\t])(ftp://([a-z0-9_-]+(\.[a-z0-9_-]+)+)(/[^/ \n\r]*)*)","<a href="\\2" target="_blank">\\2</a>",$string); 
$string = eregi_replace("(^|[\n\r\t])(ftp://([a-z0-9_-]+([a-z0-9_-]+)+)(/[^/ \n\r]*)*)","<a href="\\2" target="_blank">\\2</a>",$string); 
$string = eregi_replace("(^|[\n\r\t])(ftp\.([a-z0-9_-]+(\.[a-z0-9_-]+)+)(/[^/ \n\r]*)*)","<a href="\\2" target="_blank">\\2</a>",$string); 
// Quote 
$string = preg_replace("#\[quote\](.+?)\[/quote\]#is","<table width="100%" cellspacing="0" cellpadding="0"><tr><td width="3%">&nbsp;</td><td><small>Quote</small></td></tr><tr><td width="3%">&nbsp;</td><td style="border: 1px solid #232850;"><table><tr><td>\\1</td></tr></table></td></tr></table>",$string); 
$string = preg_replace("#\[quote=(.+?)\](.+?)\[/quote\]#is","<table width="100%" cellspacing="0" cellpadding="0"><tr><td width="3%">&nbsp;</td><td><small>Quote: <b>\\1</b></small></td></tr><tr><td width="3%">&nbsp;</td><td style="border: 1px solid #232850;"><table><tr><td>\\2</td></tr></table></td></tr></table>",$string); 
// Plaatjes 
$string = preg_replace("#\[img\](http)(.+?)\[/img\]#is","<img src="\\1\\2" alt="Plaatje" title"Plaatje" />",$string); 
$string = preg_replace("#\[img\](.+?)\[/img\]#is","<img src="http://\\1" alt="Plaatje" title="Plaatje" />",$string); 
//Mail 
$string = preg_replace("#\[mail\](.+?)\[/mail\]#is","<a href:"mailto://1" />",$string); 
$string = preg_replace("#\[mail\](.+?)\[/mail\]#is","<a href:"mailto://1" />",$string); 
// Kleur 
$string = preg_replace("#\[color=(.+?)\](.+?)\[/color\]#is","<font color="\\1">\\2</font>",$string); 
// Grootte 
$string = preg_replace("#\[size=(.+?)\](.+?)\[/size\]#is","<font size="\\1">\\2</font>",$string); 
// Code 
$string = preg_replace("_\[code\]([0-9])\[/code\]_ise", "phphighlite('\\1')", $string); 
// Return 
return $string; 
} 
?>

Er staat * tussen de [code*] tags omdat het anders op een gekke manier word vertoond, dit hoort dus niet zo!

En dit is nieuws.php

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
<?php 
error_reporting(E_ALL); 
ob_start(); 
include_once "includes/ban_check.php"; 
include_once "includes/config.php"; 
include "includes/func/pagina.php"; 
include_once "includes/func/ubb.php"; 
include_once "includes/func/verkort.php"; 

$id = isset($_GET['id']) ? $_GET['id'] : 'xx';   
if(is_numeric($id))    
{ 
$mQuery = mysql_query("SELECT * FROM nieuws WHERE ID = ".$id) or die(errormsg(mysql_error())); 
     
    if(mysql_num_rows($mQuery) === 0) 
    { 
         
        echo 'Dit nieuwsbericht bestaat niet (meer).'; 
     
    } 
    else 
    { 
      
        while($aGet = mysql_fetch_assoc($mQuery)) 
        { 
         
            echo '<img src="'.htmlspecialchars($aGet['icon']).'" width="104" height="64" align="left"><div class="iTitel" valign=center> '.ubb($aGet['titel']).' </div><div class="iCategorie"><i>'.ubb($aGet['datum']).' <br /> Categorie: '.ubb($aGet['categorie']).' <br /> Door: '.ubb($aGet['auteur']).'</i></div> 
            <br /><br /><div class="bericht" style="scrollbar-face-color:#1c1c1c;overflow-x:hidden;overflow:scroll;width:600px;scrollbar-3dlight-color:#1c1c1c;scrollbar-arrow-color:#FFFFFF;scrollbar-base-color:#1c1c1c;scrollbar-highlight-color:#1c1c1c;scrollbar-darkshadow-color:#1c1c1c;height:220px">'.ubb($aGet['nieuws']).'</div> 
            <br /> '; 
         
        } 
     
    } 
} else { 
    $Query = mysql_query("SELECT * FROM nieuws ORDER BY id DESC LIMIT ".$start.",".$maxpp."") or die(errormsg(mysql_error())); 
    if(mysql_num_rows($Query) < 1) 
    { 
     
        echo 'Er is momenteel geen nieuws.'; 
     
    } 
    else 
    {    
        while($Get = mysql_fetch_assoc($Query)) 
        { 
         
            echo ' <div class="nonieuws" onmouseover="this.className=\'nieuws\'" onmouseout="this.className=\'nonieuws\'" onClick="window.location.href=\'/nieuws.php?id='.$Get['id'].'\'">  <img src="'.htmlspecialchars($Get['icon']).'" width="104" height="64" align="left"><div class="titel" valign=center><a href=\'/nieuws.php?id='.$Get['id'].'\'>'.$Get['titel'].' </a></div><div class="bericht" valign=center>'.verkort(ubb($Get['nieuws']), 180).'</div></div><br />'; 
                 
        } 
              
        echo '<div align="center">'; 
        echo $navigatie; 
        echo '</div>'; 
          
    } 

} 
?>

Ik heb alle reacties op php.net doorgelezen maar kom er niet uit!
Ik heb dit allemaal geprobeerd:
htmlspecialchars()
htmlspecialchars(, ENT_QUOTES)
htmlspecialchars(, ENT_NOQUOTES)
htmlentities()
htmlentities(, ENT_QUOTES)
htmlentities(, ENT_NOQUOTES)

Kan iemand mij alsjeblieft helpen??