09-17-2003, 08:11 PM
09-17-2003, 08:11 PM
09-17-2003, 09:45 PM
Yes I do
09-18-2003, 12:28 AM
good 4 u! :rolleyes:
09-18-2003, 12:49 AM
If you're wanting the code...
Grrr, this vb code is driving me nuts.. see file in next post
09-18-2003, 12:53 AM
09-18-2003, 01:15 AM
I didn't think you were going to reply me! :thumbsup:
What I see is that you actually gave the real code to use in this forums! that's great because that is what I've been looking for.
There are several lines in the txt, which one should I modify?
The user sends to the db the urls this way:
and everything between "URL(" and ")URL" must be replaced later on for a real link. How could I do it?
09-18-2003, 01:22 AM
*Shouts for mordred*
The code in the file I posted is about as much as I know, and even that was taken from some forum software :) Mordred or some other regex understanding person will be able to help you more :)
09-18-2003, 01:35 AM
I know I just have to modify some characters in one of those lines, but which one should I use and how?
I'll try everything.
09-18-2003, 01:44 AM
Well, it has not been that difficult after all (having already the code, that is). Check it out if you want and tell me if it could give any error:
$url = "bla bla bla URL(http://www.codingforums.com/)URL bla bla bla";
echo preg_replace("/URL\((http:\/\/.+?)\)URL/is","<a href=\"\\1\" target=\"_blank\">\\1</a>",$url);
09-18-2003, 01:48 AM
A modified version of the first regexp would be:
preg_replace("/URL\((.+?)\)URL/", "<a href=\"$1\">$1</a>", $message);
Here's another one modified for your purpose, taken out of phpBB (and hopefully more secure since they updated exactly this code last week due to an exploit):
preg_replace("#url\(([\w]+?://[^ \"\n\r\t<]*?)\)url#i", "<a href=\"$1\">$1</a>", $message);
Could be that the BBCode of this board eats some backslashes though.
09-18-2003, 02:01 AM
Thanks Mordred, that's what I'm going to use. Just one more question: what do you mean with Cross-Site-Scripting attacks? :(
09-18-2003, 11:48 AM
This article elaborates on this topic:
Just try to be careful. A good measure is to try hijacking your own site, or let a coworker do that.
09-18-2003, 12:45 PM
I always try to validate everything as much as I can but my very first rule is to replace all < and > to &lt; and > (HTML is never allowed)