A
Az_eff
Guest
Вообщем перенес форум с одного хостинга на другой .. много читал о переносе всё делал как надо.Все вроде перенеслось ,очень обрадовался!! но потом заметил ошибки (( помойму одна и таже .. на многих страницах в админке и на форуме например когда заходишь в чей нибудь профиль .
Вот она
<!--c1--><div class='codetop'>Код</div><div class='codemain'><!--ec1-->--------------------*/ // regex_build_url: Checks, and builds the a href /*-------------------------------------------------------------------------*/ /** * Convert URLs * * @param array Input vars * @return string Converted text */ function regex_build_url( $url=array() ) { //----------------------------------------- // INIT //----------------------------------------- $skip_it = 0; $url['end'] = isset( $url['end'] ) ? $url['end'] : ''; //----------------------------------------- // URL filtering? //----------------------------------------- if ( $this->ipsclass->vars['ipb_use_url_filter'] ) { $list_type = $this->ipsclass->vars['ipb_url_filter_option'] == "black" ? "blacklist" : "whitelist"; if ( $this->ipsclass->vars['ipb_url_'.$list_type] ) { $list_values = array(); $list_values = explode( "\n", str_replace( "\r", "", $this->ipsclass->vars['ipb_url_'.$list_type] ) ); if ( count( $list_values ) ) { $good_url = 0; foreach( $list_values as $my_url ) { if( !trim($my_url) ) { continue; } $my_url = preg_quote( $my_url, '/' ); $my_url = str_replace( "\*", "(.*?)", $my_url ); if ( $list_type == "blacklist" ) { if( preg_match( '/'.$my_url.'/i', $url['html'] ) ) { $this->error = 'domain_not_allowed'; } } else { if ( preg_match( '/'.$my_url.'/i', $url['html'] ) ) { $good_url = 1; } } } if ( ! $good_url AND $list_type == "whitelist" ) { $this->error = 'domain_not_allowed'; } } } } //----------------------------------------- // Is there another bbcode + js? // Block XSS attempt //----------------------------------------- $bbcodes = array( 'b', 'i', 'u', 's', 'center', 'left', 'right', 'url', 'email', 'code', 'quote', 'sql', 'html', 'indent', 'list', 'flash', 'sub', 'sup', 'background', 'color', 'size', 'font', 'img' ); if ( is_array( $this->ipsclass->cache['bbcode'] ) and count( $this->ipsclass->cache['bbcode'] ) ) { foreach( $this->ipsclass->cache['bbcode'] as $row ) { $bbcodes[] = preg_quote( $row['bbcode_tag'], '#' ); } } if ( preg_match( "#\[(" . implode( '|', $bbcodes ) . ")(.*?)\]#is", $url['html'] ) ) { $this->error = 'domain_not_allowed'; return $url['html']; } //----------------------------------------- // Make sure the last character isn't punctuation.. // if it is, remove it and add it to the // end array //----------------------------------------- if ( preg_match( "/([\.,\?]|!)$/", $url['html'], $match) ) { $url['end'] .= $match[1]; $url['html'] = preg_replace( "/([\.,\?]|!)$/", "", $url['html'] ); $url['show'] = preg_replace( "/([\.,\?]|!)$/", "", $url['show'] ); } //----------------------------------------- // Make sure it's not being used in a // closing code/quote/html or sql block //----------------------------------------- if ( preg_match( "/\[\/(html|quote|code|sql)/i", $url['html'] ) ) { return $url['html']; } //----------------------------------------- // Make sure it's fixed if used in an // opening quote block //----------------------------------------- if ( preg_match( "/(\+\-\-\>)$/", $url['html'], $match) ) { $url['end'] .= $match[1]; $url['html'] = preg_replace( "/(\+\-\-\>)$/", "", $url['html'] ); $url['show'] = preg_replace( "/(\+\-\-\>)$/", "", $url['show'] ); } //----------------------------------------- // clean up the ampersands / brackets //----------------------------------------- $url['html'] = str_replace( "&", "&", $url['html'] ); $url['html'] = str_replace( "[" , "%5b" , $url['html'] ); $url['html'] = str_replace( "]" , "%5d" , $url['html'] ); $url['html'] = str_replace( " " , "%20" , $url['html'] ); //----------------------------------------- // Make sure we don't have a JS link //----------------------------------------- if ( preg_match( '#javascript\:#is', preg_replace( '#\s{1,}#s', '', $url['html'] ) ) ) { $url['html'] = preg_replace( "/java script:/i", "java script: ", $url['html'] ); } if ( preg_match( '#javascript\:#is', preg_replace( '#\s{1,}#s', '', $url['show'] ) ) ) { $url['show'] = preg_replace( "/java script:/i", "java script: ", $url['show'] ); } //----------------------------------------- // Do we have http:// at the front? //----------------------------------------- if ( ! preg_match("#^(http|news|https|ftp|aim)://#", $url['html'] ) ) { $url['html'] = 'http://'.$url['html']; } //----------------------------------------- // Tidy up the viewable URL //----------------------------------------- if ( preg_match( "/^< 3 ) $skip_it = 1; //----------------------------------------- // Make sure it's a "proper" url //----------------------------------------- if ( ! preg_match( "/^(http|ftp|https|news):\/\//i", $url['show'] )) $skip_it = 1; $show = $url['show']; if ($skip_it != 1) { $stripped = preg_replace( "#^(http|ftp|https|news)://(\S+)$#i", "\\2", $url['show'] ); $uri_type = preg_replace( "#^(http|ftp|https|news)://(\S+)$#i", "\\1", $url['show'] ); $show = $uri_type.'://'.substr( $stripped , 0, 35 ).'...'.substr( $stripped , -15 ); } return ( isset($url['st']) ? $url['st'] : '' ) . "".$show."" . $url['end']; } /*-------------------------------------------------------------------------*/ // Remove sessions in a nice way /*-------------------------------------------------------------------------*/ /** * Remove session keys from URLs * * @param string Start token * @param string End token * @return string Converted text */ function regex_bash_session( $matches=array() ) { //----------------------------------------- // Case 1: index.php?s=0000 :: Return nothing (parses: index.php) // Case 2: index.php?s=0000&this=1 :: Return ? (parses: index.php?this=1) // Case 3: index.php?this=1&s=0000 :: Return nothing (parses: index.php?this=1) // Case 4: index.php?t=1&s=00&y=2 :: Return & (parses: index.php?t=1&y=2) //----------------------------------------- $start_tok = str_replace( '&', '&', $matches[1] ); $end_tok = str_replace( '&', '&', $matches[3] ); //1: if ($start_tok == '?' and $end_tok == '') { return ""; } //2: else if ($start_tok == '?' and $end_tok == '&') { return '?'; } //3: else if ($start_tok == '&' and $end_tok == '') { return ""; } else if ($start_tok == '&' and $end_tok == '&') { return "&"; } else { return $start_tok.$end_tok; } } /*-------------------------------------------------------------------------*/ // Converts hex entity code to character /*-------------------------------------------------------------------------*/ /** * Converts hex entity code to character * * @param string hex entity * @return string decimal entity */ function regex_bash_hex($hex_entity) { return html_entity_decode( "&#".hexdec( $hex_entity ).";" ); } /*-------------------------------------------------------------------------*/ // regex_check_flash: Checks, and builds the // html. /*-------------------------------------------------------------------------*/ /** * Check and convert flash BBcode tags * * @param integer Movie width * @param integer Movie height * @param string Movie URL * @return string Converted text */ function regex_check_flash( $matches=array() ) { //----------------------------------------- // INIT //----------------------------------------- $width = $matches[2]; $height = $matches[4]; $url = $matches[6]; $default = "[flash=".$width.",".$height."]".$url."[/flash]"; //----------------------------------------- // Checks.... //----------------------------------------- if ( ! $this->ipsclass->vars['allow_flash'] ) { return $default; } if ( $width > $this->ipsclass->vars['max_w_flash'] ) { $this->error = 'flash_too_big'; return $default; } if ( $height > $this->ipsclass->vars['max_h_flash'] ) { $this->error = 'flash_too_big'; return $default; } if ( ! preg_match( "/^http:\/\/(\S+)\.swf$/i", $url) ) { $this->error = 'flash_url'; return $default; } return ""; } /*-------------------------------------------------------------------------*/ // Unconvert size /*-------------------------------------------------------------------------*/ /** * Convert font-size HTML back into BBCode * * @param integer Core size * @param string Raw text * @return string Converted text */ function unconvert_size( $matches=array() ) { //----------------------------------------- // INIT //----------------------------------------- $size = trim($matches[1]); $text = $matches[2]; foreach( $this->font_sizes as $k => $v ) { if( $size == $v ) { $size = $k; break; } } //$size -= 7; return ''.$text.''; } /*-------------------------------------------------------------------------*/ // Unconvert flash /*-------------------------------------------------------------------------*/ /** * Convert flash HTML back into BBCode * * @param string Raw text * @return string Converted text */ function unconvert_flash($matches=array()) { $f_arr = explode( "+", $matches[1] ); return '[flash='.$f_arr[0].','.$f_arr[1].']'.$f_arr[2].'[/flash]'; } /*-------------------------------------------------------------------------*/ // Unconvert SQL /*-------------------------------------------------------------------------*/ /** * Convert SQL HTML back into BBCode * * @param string Raw text * @return string Converted text */ function unconvert_sql($matches=array()) { $sql = stripslashes($matches[2]); $sql = preg_replace( "##is", "", $sql ); $sql = str_replace( "" , "", $sql ); $sql = preg_replace( "#\s*$#" , "", $sql ); return '[sql]'.$sql.'[/sql]'; } /*-------------------------------------------------------------------------*/ // Unconvert HTML /*-------------------------------------------------------------------------*/ /** * Convert HTML TAG HTML back into BBCode * * @param string Raw text * @return string Converted text */ function unconvert_htm($matches=array()) { $html = stripslashes($matches[2]); $html = preg_replace( "##is", "", $html ); $html = str_replace( "" , "", $html ); $html = preg_replace( "#\s*$#" , "", $html ); return '
'; } /*-------------------------------------------------------------------------*/ // convert_emoticon: // replaces the text with the emoticon image /*-------------------------------------------------------------------------*/ /** * Convert emoticon to image HTML * * @param string Emo code 
* @param string Image URL * @return string Converted text */ function convert_emoticon($code="", $image="") { if (!$code or !$image) return; //----------------------------------------- // Remove slashes added by preg_quote //----------------------------------------- $code = stripslashes($code); $this->emoticon_count++; return "$image"; } /*-------------------------------------------------------------------------*/ // Custom array sort /*-------------------------------------------------------------------------*/ /** * Custom sort operation * * @param string A * @param string B * @return integer */ function smilie_length_sort($a, $b) { if ( strlen($a['typed']) == strlen($b['typed']) ) { return 0; } return ( strlen($a['typed']) > strlen($b['typed']) ) ? -1 : 1; } /*-------------------------------------------------------------------------*/ // Custom array sort /*-------------------------------------------------------------------------*/ /** * Custom sort operation * * @param string A * @param string B * @return integer */ function word_length_sort($a, $b) { if ( strlen($a['type']) == strlen($b['type']) ) { return 0; } return ( strlen($a['type']) > strlen($b['type']) ) ? -1 : 1; } /*-------------------------------------------------------------------------*/ // Make quote safe /*-------------------------------------------------------------------------*/ /** * Make quotes safe * * @param string Raw text * @return string Converted text */ function _make_quote_safe( $txt='' ) { //----------------------------------------- // INIT //----------------------------------------- $begin = ''; $end = ''; //----------------------------------------- // Come via preg_replace_callback? //----------------------------------------- if ( is_array( $txt ) ) { $begin = $txt[1]; $end = $txt[3]; $txt = $txt[2]; } //----------------------------------------- // Sort name //----------------------------------------- $txt = str_replace( "+", "+" , $txt ); $txt = str_replace( "-", "-" , $txt ); $txt = str_replace( ":", ":" , $txt ); $txt = str_replace( "[", "[" , $txt ); $txt = str_replace( "]", "]" , $txt ); $txt = str_replace( ")", ")" , $txt ); $txt = str_replace( "(", "(" , $txt ); $txt = str_replace( "'", "'" , $txt ); return $begin . $txt . $end; } /*-------------------------------------------------------------------------*/ // Fix up quoted usernames /*-------------------------------------------------------------------------*/ /** * Fix up quoted usernames * * @param array Quote data * @return string Converted text */ function _make_quote_name_safe( $matches=array() ) { $quote = $matches[1]; $name = $matches[2]; $next = $matches[4]; # Squeeze past the parser... $name = str_replace( ''', "'", $name ); return 'name=' . $quote . $name . $quote . ' ' . $next . '='; } /*-------------------------------------------------------------------------*/ // Parse new quotes /*-------------------------------------------------------------------------*/ /** * Parse new quotes * * @param string Quote data * @param string Raw text * @return string Converted text */ function _parse_new_quote( $matches=array() ) { //----------------------------------------- // INIT //----------------------------------------- $return = array(); $quote_data = $matches[1]; $quote_text = $matches[2]; //----------------------------------------- // No data? //----------------------------------------- if ( ! $quote_data ) { return '
Вот она
<!--c1--><div class='codetop'>Код</div><div class='codemain'><!--ec1-->--------------------*/ // regex_build_url: Checks, and builds the a href /*-------------------------------------------------------------------------*/ /** * Convert URLs * * @param array Input vars * @return string Converted text */ function regex_build_url( $url=array() ) { //----------------------------------------- // INIT //----------------------------------------- $skip_it = 0; $url['end'] = isset( $url['end'] ) ? $url['end'] : ''; //----------------------------------------- // URL filtering? //----------------------------------------- if ( $this->ipsclass->vars['ipb_use_url_filter'] ) { $list_type = $this->ipsclass->vars['ipb_url_filter_option'] == "black" ? "blacklist" : "whitelist"; if ( $this->ipsclass->vars['ipb_url_'.$list_type] ) { $list_values = array(); $list_values = explode( "\n", str_replace( "\r", "", $this->ipsclass->vars['ipb_url_'.$list_type] ) ); if ( count( $list_values ) ) { $good_url = 0; foreach( $list_values as $my_url ) { if( !trim($my_url) ) { continue; } $my_url = preg_quote( $my_url, '/' ); $my_url = str_replace( "\*", "(.*?)", $my_url ); if ( $list_type == "blacklist" ) { if( preg_match( '/'.$my_url.'/i', $url['html'] ) ) { $this->error = 'domain_not_allowed'; } } else { if ( preg_match( '/'.$my_url.'/i', $url['html'] ) ) { $good_url = 1; } } } if ( ! $good_url AND $list_type == "whitelist" ) { $this->error = 'domain_not_allowed'; } } } } //----------------------------------------- // Is there another bbcode + js? // Block XSS attempt //----------------------------------------- $bbcodes = array( 'b', 'i', 'u', 's', 'center', 'left', 'right', 'url', 'email', 'code', 'quote', 'sql', 'html', 'indent', 'list', 'flash', 'sub', 'sup', 'background', 'color', 'size', 'font', 'img' ); if ( is_array( $this->ipsclass->cache['bbcode'] ) and count( $this->ipsclass->cache['bbcode'] ) ) { foreach( $this->ipsclass->cache['bbcode'] as $row ) { $bbcodes[] = preg_quote( $row['bbcode_tag'], '#' ); } } if ( preg_match( "#\[(" . implode( '|', $bbcodes ) . ")(.*?)\]#is", $url['html'] ) ) { $this->error = 'domain_not_allowed'; return $url['html']; } //----------------------------------------- // Make sure the last character isn't punctuation.. // if it is, remove it and add it to the // end array //----------------------------------------- if ( preg_match( "/([\.,\?]|!)$/", $url['html'], $match) ) { $url['end'] .= $match[1]; $url['html'] = preg_replace( "/([\.,\?]|!)$/", "", $url['html'] ); $url['show'] = preg_replace( "/([\.,\?]|!)$/", "", $url['show'] ); } //----------------------------------------- // Make sure it's not being used in a // closing code/quote/html or sql block //----------------------------------------- if ( preg_match( "/\[\/(html|quote|code|sql)/i", $url['html'] ) ) { return $url['html']; } //----------------------------------------- // Make sure it's fixed if used in an // opening quote block //----------------------------------------- if ( preg_match( "/(\+\-\-\>)$/", $url['html'], $match) ) { $url['end'] .= $match[1]; $url['html'] = preg_replace( "/(\+\-\-\>)$/", "", $url['html'] ); $url['show'] = preg_replace( "/(\+\-\-\>)$/", "", $url['show'] ); } //----------------------------------------- // clean up the ampersands / brackets //----------------------------------------- $url['html'] = str_replace( "&", "&", $url['html'] ); $url['html'] = str_replace( "[" , "%5b" , $url['html'] ); $url['html'] = str_replace( "]" , "%5d" , $url['html'] ); $url['html'] = str_replace( " " , "%20" , $url['html'] ); //----------------------------------------- // Make sure we don't have a JS link //----------------------------------------- if ( preg_match( '#javascript\:#is', preg_replace( '#\s{1,}#s', '', $url['html'] ) ) ) { $url['html'] = preg_replace( "/java script:/i", "java script: ", $url['html'] ); } if ( preg_match( '#javascript\:#is', preg_replace( '#\s{1,}#s', '', $url['show'] ) ) ) { $url['show'] = preg_replace( "/java script:/i", "java script: ", $url['show'] ); } //----------------------------------------- // Do we have http:// at the front? //----------------------------------------- if ( ! preg_match("#^(http|news|https|ftp|aim)://#", $url['html'] ) ) { $url['html'] = 'http://'.$url['html']; } //----------------------------------------- // Tidy up the viewable URL //----------------------------------------- if ( preg_match( "/^< 3 ) $skip_it = 1; //----------------------------------------- // Make sure it's a "proper" url //----------------------------------------- if ( ! preg_match( "/^(http|ftp|https|news):\/\//i", $url['show'] )) $skip_it = 1; $show = $url['show']; if ($skip_it != 1) { $stripped = preg_replace( "#^(http|ftp|https|news)://(\S+)$#i", "\\2", $url['show'] ); $uri_type = preg_replace( "#^(http|ftp|https|news)://(\S+)$#i", "\\1", $url['show'] ); $show = $uri_type.'://'.substr( $stripped , 0, 35 ).'...'.substr( $stripped , -15 ); } return ( isset($url['st']) ? $url['st'] : '' ) . "".$show."" . $url['end']; } /*-------------------------------------------------------------------------*/ // Remove sessions in a nice way /*-------------------------------------------------------------------------*/ /** * Remove session keys from URLs * * @param string Start token * @param string End token * @return string Converted text */ function regex_bash_session( $matches=array() ) { //----------------------------------------- // Case 1: index.php?s=0000 :: Return nothing (parses: index.php) // Case 2: index.php?s=0000&this=1 :: Return ? (parses: index.php?this=1) // Case 3: index.php?this=1&s=0000 :: Return nothing (parses: index.php?this=1) // Case 4: index.php?t=1&s=00&y=2 :: Return & (parses: index.php?t=1&y=2) //----------------------------------------- $start_tok = str_replace( '&', '&', $matches[1] ); $end_tok = str_replace( '&', '&', $matches[3] ); //1: if ($start_tok == '?' and $end_tok == '') { return ""; } //2: else if ($start_tok == '?' and $end_tok == '&') { return '?'; } //3: else if ($start_tok == '&' and $end_tok == '') { return ""; } else if ($start_tok == '&' and $end_tok == '&') { return "&"; } else { return $start_tok.$end_tok; } } /*-------------------------------------------------------------------------*/ // Converts hex entity code to character /*-------------------------------------------------------------------------*/ /** * Converts hex entity code to character * * @param string hex entity * @return string decimal entity */ function regex_bash_hex($hex_entity) { return html_entity_decode( "&#".hexdec( $hex_entity ).";" ); } /*-------------------------------------------------------------------------*/ // regex_check_flash: Checks, and builds the // html. /*-------------------------------------------------------------------------*/ /** * Check and convert flash BBcode tags * * @param integer Movie width * @param integer Movie height * @param string Movie URL * @return string Converted text */ function regex_check_flash( $matches=array() ) { //----------------------------------------- // INIT //----------------------------------------- $width = $matches[2]; $height = $matches[4]; $url = $matches[6]; $default = "[flash=".$width.",".$height."]".$url."[/flash]"; //----------------------------------------- // Checks.... //----------------------------------------- if ( ! $this->ipsclass->vars['allow_flash'] ) { return $default; } if ( $width > $this->ipsclass->vars['max_w_flash'] ) { $this->error = 'flash_too_big'; return $default; } if ( $height > $this->ipsclass->vars['max_h_flash'] ) { $this->error = 'flash_too_big'; return $default; } if ( ! preg_match( "/^http:\/\/(\S+)\.swf$/i", $url) ) { $this->error = 'flash_url'; return $default; } return ""; } /*-------------------------------------------------------------------------*/ // Unconvert size /*-------------------------------------------------------------------------*/ /** * Convert font-size HTML back into BBCode * * @param integer Core size * @param string Raw text * @return string Converted text */ function unconvert_size( $matches=array() ) { //----------------------------------------- // INIT //----------------------------------------- $size = trim($matches[1]); $text = $matches[2]; foreach( $this->font_sizes as $k => $v ) { if( $size == $v ) { $size = $k; break; } } //$size -= 7; return ''.$text.''; } /*-------------------------------------------------------------------------*/ // Unconvert flash /*-------------------------------------------------------------------------*/ /** * Convert flash HTML back into BBCode * * @param string Raw text * @return string Converted text */ function unconvert_flash($matches=array()) { $f_arr = explode( "+", $matches[1] ); return '[flash='.$f_arr[0].','.$f_arr[1].']'.$f_arr[2].'[/flash]'; } /*-------------------------------------------------------------------------*/ // Unconvert SQL /*-------------------------------------------------------------------------*/ /** * Convert SQL HTML back into BBCode * * @param string Raw text * @return string Converted text */ function unconvert_sql($matches=array()) { $sql = stripslashes($matches[2]); $sql = preg_replace( "##is", "", $sql ); $sql = str_replace( "" , "", $sql ); $sql = preg_replace( "#\s*$#" , "", $sql ); return '[sql]'.$sql.'[/sql]'; } /*-------------------------------------------------------------------------*/ // Unconvert HTML /*-------------------------------------------------------------------------*/ /** * Convert HTML TAG HTML back into BBCode * * @param string Raw text * @return string Converted text */ function unconvert_htm($matches=array()) { $html = stripslashes($matches[2]); $html = preg_replace( "##is", "", $html ); $html = str_replace( "" , "", $html ); $html = preg_replace( "#\s*$#" , "", $html ); return '
HTML:
'.$html.'