AUBBC

 view release on metacpan or  search on metacpan

AUBBC.pm  view on Meta::CPAN

    for_links           => 0,
    aubbc_escape        => 1,
    no_img              => 0,
    icon_image          => 1,
    image_hight         => '60',
    image_width         => '90',
    image_border        => '0',
    image_wrap          => ' ',
    href_target         => ' target="_blank"',
    images_url          => '',
    html_type           => ' /',
    fix_amp             => 1,
    line_break          => '1',
    code_class          => '',
    code_extra          => '',
    code_download       => '^Download above code^',
    href_class          => '',
    quote_class         => '',
    quote_extra         => '',
    script_escape       => 1,
    protect_email       => '0',

AUBBC.pm  view on Meta::CPAN

}

sub DESTROY {
warn 'DESTROY AUBBC '.$VERSION if $DEBUG_AUBBC;
}

sub settings_prep {
$AUBBC{href_target}  = $AUBBC{href_target} ? ' target="_blank"' : '';
$AUBBC{image_wrap}   = $AUBBC{image_wrap} ? ' ' : '';
$AUBBC{image_border} = $AUBBC{image_border} ? '1' : '0';
$AUBBC{html_type}    = $AUBBC{html_type} eq 'xhtml' || $AUBBC{html_type} eq ' /' ? ' /' : '';
}

sub settings {
 my ($self,%s_hash) = @_;
  foreach (keys %s_hash) {
   if ('highlight_function' eq $_) {
    $AUBBC{highlight} = 0;
    $s_hash{$_} = check_subroutine($s_hash{$_},'');
    $AUBBC{highlight_function} = $s_hash{$_} unless ! $s_hash{$_};
   } else {

AUBBC.pm  view on Meta::CPAN

 my $txt = shift;
 warn 'ENTER code_highlight' if $DEBUG_AUBBC;
 $txt =~ s/:/:/g;
 $txt =~ s/\[/[/g;
 $txt =~ s/\]/]/g;
 $txt =~ s/\000[/[[/g;
 $txt =~ s/\000]/]]/g;
 $txt =~ s/\{/{/g;
 $txt =~ s/\}/}/g;
 $txt =~ s/%/%/g;
 $txt =~ s/(?<!>)\n/<br$AUBBC{html_type}>\n/g;
 if ($AUBBC{highlight}) {
  warn 'ENTER block highlight' if $DEBUG_AUBBC;
  $txt =~ s/\z/<br$AUBBC{html_type}>/ if $txt !~ m/<br$AUBBC{html_type}>\z/;
  $txt =~ s/(&#60;&#60;(?:&#39;)?(\w+)(?:&#39;)?&#59;(?s)[^\2]+\b\2\b)/<span$AUBBC{highlight_class1}>$1<\/span>/g;
  $txt =~ s/(?<![\&\$])(\#.*?(?:<br$AUBBC{html_type}>))/<span$AUBBC{highlight_class2}>$1<\/span>/g;
  $txt =~ s/(\bsub\b(?:\s+))(\w+)/$1<span$AUBBC{highlight_class8}>$2<\/span>/g;
  $txt =~ s/(\w+(?:\-&#62;)?(?:\w+)?&#40;(?:.+?)?&#41;(?:&#59;)?)/<span$AUBBC{highlight_class9}>$1<\/span>/g;
  $txt =~ s/((?:&amp;)\w+&#59;)/<span$AUBBC{highlight_class9}>$1<\/span>/g;
  $txt =~ s/(&#39;(?s).*?(?<!&#92;)&#39;)/<span$AUBBC{highlight_class3}>$1<\/span>/g;
  $txt =~ s/(&#34;(?s).*?(?<!&#92;)&#34;)/<span$AUBBC{highlight_class4}>$1<\/span>/g;
  $txt =~ s/(?<![\#|\w])(\d+)(?!\w)/<span$AUBBC{highlight_class5}>$1<\/span>/g;
  $txt =~
s/(&#124;&#124;|&amp;&amp;|\b(?:strict|package|return|require|for|my|sub|if|eq|ne|lt|ge|le|gt|or|xor|use|while|foreach|next|last|unless|elsif|else|not|and|until|continue|do|goto)\b)/<span$AUBBC{highlight_class6}>$1<\/span>/g;
  $txt =~ s/(?<!&#92;)((?:&#37;|\$|\@)\w+(?:(?:&#91;.+?&#93;|&#123;.+?&#125;)+|))/<span$AUBBC{highlight_class7}>$1<\/span>/g;
 }

AUBBC.pm  view on Meta::CPAN

  $do_f[8]++;
  $do_f[9] =
   make_link('javascript:void(0)',$AUBBC{code_download}, "javascript:MyCodePrint('aubbcode$do_f[8]');",'');
  return " id=\"aubbcode$do_f[8]\"";
 } else { return ''; }
}

sub code_tag {
 my ($code,$name) = @_;
 if (check_access('code')) {
 $name = "# $name:<br$AUBBC{html_type}>\n" if $name;
 return "$name<div$AUBBC{code_class}".&code_download."><code>\n".
$AUBBC{highlight_function}->($code).
"\n</code></div>".$AUBBC{code_extra}.$do_f[9];
 }
  else {
   return $Tag_SecLVL{code}{text};
   }
}

sub make_image {
my ($align,$src,$width,$height,$alt) = @_;
 my $img = "<img$align src=\"$src\"";
 $img .= " width=\"$width\"" if $width;
 $img .= " height=\"$height\"" if $height;
 return $img." alt=\"$alt\" border=\"$AUBBC{image_border}\"$AUBBC{html_type}>";
}

sub make_link {
 my ($link,$name,$javas,$targ) = @_;
 my $linkd = "<a href=\"$link\"";
 $linkd .= " onclick=\"$javas\"" if $javas;
 $linkd .= $AUBBC{href_target} if $targ;
 $linkd .= $AUBBC{href_class}.'>';
 $linkd .= $name ? $name : $link;
 return $linkd.'</a>';

AUBBC.pm  view on Meta::CPAN

 $msg =~ s/\[(img|right_img|left_img)\](.+?)\[\/img\]/fix_image($1, $2)/ge if ! $AUBBC{no_img};

 $msg =~ s/\[email\](?![\w\.\-\&\+]+\@[\w\.\-]+).+?\[\/email\]/\[<font color=red>$BAD_MESSAGE<\/font>\]email/g;
 $AUBBC{protect_email}
  ? $msg =~ s/\[email\]([\w\.\-\&\+]+\@[\w\.\-]+)\[\/email\]/protect_email($1)/ge
  : $msg =~ s/\[email\]([\w\.\-\&\+]+\@[\w\.\-]+)\[\/email\]/link_check("mailto:$1",$1,'','')/ge;

 $msg =~ s/\[color=([\w#]+)\](?s)(.+?)\[\/color\]/<span style="color:$1;">$2<\/span>/g;

 1 while $msg =~
  s/\[quote=([\w\s]+)\](?s)(.+?)\[\/quote\]/<div$AUBBC{quote_class}><small><strong>$1:<\/strong><\/small><br$AUBBC{html_type}>
$2<\/div>$AUBBC{quote_extra}/g;
 1 while $msg =~
  s/\[quote\](?s)(.+?)\[\/quote\]/<div$AUBBC{quote_class}>$1<\/div>$AUBBC{quote_extra}/g;

 $msg =~ s/\[(left|right|center)\](?s)(.+?)\[\/\1\]/<div style=\"text-align: $1;\">$2<\/div>/g;
 $msg =~ s/\[li=(\d+)\](?s)(.+?)\[\/li\]/<li value="$1">$2<\/li>/g;
 $msg =~ s/\[u\](?s)(.+?)\[\/u\]/<span style="text-decoration: underline;">$1<\/span>/g;
 $msg =~ s/\[strike\](?s)(.+?)\[\/strike\]/<span style="text-decoration: line-through;">$1<\/span>/g;
 $msg =~ s/\[([bh]r)\]/<$1$AUBBC{html_type}>/g;
 $msg =~ s/\[list\](?s)(.+?)\[\/list\]/fix_list($1)/ge;

 1 while $msg =~
  s/\[(blockquote|big|h[123456]|[ou]l|li|em|pre|s(?:mall|trong|u[bp])|[bip])\](?s)(.+?)\[\/\1\]/<$1>$2<\/$1>/g;
 
 $msg =~ s/(<\/?(?:ol|ul|li|hr)\s?\/?>)\r?\n?<br(?:\s?\/)?>/$1/g;

 $msg =~ s/\[url=(\w+\:\/\/$long_regex)\](.+?)\[\/url\]/link_check($1,fix_message($2),'',1)/ge;
 $msg =~ s/(?<!["=\.\/\'\[\{\;])((?:\b\w+\b\:\/\/)$long_regex)/link_check($1,$1,'',1)/ge;
}

AUBBC.pm  view on Meta::CPAN

sub link_check {
 my ($link,$name,$javas,$targ) = @_;
 check_access('url')
  ? make_link($link,$name,$javas,$targ)
  : return $Tag_SecLVL{url}{text};
}

sub fix_list {
my $list = shift;
 if ($list =~ m/\[\*/) {
 $list =~ s/<br$AUBBC{html_type}>//g;
 my $type = 'ul';
 $type = 'ol' if $list =~ s/\[\*=(\d+)\]/\[\*\]$1\|/g;
  my @clean = split('\[\*\]', $list);
  $list = "<$type>\n";
  foreach (@clean) {
   if ($_ && $_ =~ s/\A(\d+)\|(?s)(.+?)/$2/) {
    $list .= "<li value=\"$1\">$_<\/li>\n" if $_ !~ m/\A\r?\n?\z/;
   } elsif ($_ && $_ !~ m/\A\s+|\d+\|\r?\n?\z/) {
    $list .= "<li>$_<\/li>\n";
    }
  }
  $list .= "<\/$type>";
 }
 return $list;
}

sub fix_image {
 my ($tmp2, $tmp) = @_;
 if (check_access('img')) {
 if ($tmp !~ m/\A\w+:\/\/|\// || $tmp =~ m/\?|\#|\.\bjs\b\z/i) {
  $tmp = "[<font color=red>$BAD_MESSAGE</font>]$tmp2";
 }

AUBBC.pm  view on Meta::CPAN

  if $AUBBC{protect_email} eq '2' || $AUBBC{protect_email} eq '3' || $AUBBC{protect_email} eq '4';
 }
  else {
   return $Tag_SecLVL{url}{text};
   }
}

sub js_print {
my $self = shift;
print <<JS;
Content-type: text/javascript

/*
AUBBC v$VERSION
JS

print <<'JS';
Fully supports dynamic view in XHTML.
*/
function MyEmCode (type, content) {
var returner = false;
if (type == 4) {
 var farray= new Array(content.length,1);
 for(farray[1];farray[1]<farray[0];farray[1]++) { returner+=String.fromCharCode(content[farray[1]].charCodeAt(0)^content[farray[1]-1]);farray[1]++; }
} else if (type == 3) {
 for (i = 0; i < content.length; i++) { returner+=String.fromCharCode(content[i]); }
} else if (type == 2) { returner=content; }
if (returner) { window.location='mailto:'+returner; }
}

function MyCodePrint (input) {
 if (input && document.getElementById(input)) {
  var TheCode = document.getElementById(input).innerHTML;
  TheCode = TheCode.replace(/<([^br<]+|\/?[puib])>/ig, "");
  codewin = window.open("", input, "width=800,height=600,resizable=yes,menubar=yes,scrollbars=yes");
  top.codewin.document.write("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">\n"+
"<html>\n<head>\n<title>MyCodePrint</title>\n"+

AUBBC.pm  view on Meta::CPAN

   ? return \&{$name}
   : return '';
}

sub add_build_tag {
 my ($self,%NewTag) = @_;
 warn 'ENTER add_build_tag' if $DEBUG_AUBBC;
 
 $NewTag{function2} = $NewTag{function} || 'undefined!';
 $NewTag{function} = check_subroutine($NewTag{function},'')
  if $NewTag{type} ne '4';
 
 $self->aubbc_error("Usage: add_build_tag - function 'Undefined subroutine' => $NewTag{function2}")
  if ! $NewTag{function};
 
 if ($NewTag{function}) {
  $NewTag{pattern} = 'l' if $NewTag{type} eq '3' || $NewTag{type} eq '4';
  if ($NewTag{type} && $NewTag{name} =~ m/\A[\w\-]+\z/ && $NewTag{pattern} =~ m/\A[lns_:\-,]+|all\z/) {
  
    if ($NewTag{pattern} eq 'all') {
     $NewTag{pattern} = '^\[|\]';
    }
     else {
     my @pat_split = ();
     my %is_pat = ('l' => 'a-z', 'n' => '\d', '_' => '\_', ':' => '\:', 's' => '\s', '-' => '\-');
     @pat_split = split /\,/, $NewTag{pattern};
     $NewTag{pattern} = '';
     $NewTag{pattern} .= $is_pat{$_} || '' foreach @pat_split;
    }
   
   $Build_AUBBC{$NewTag{name}} = [$NewTag{pattern}, $NewTag{type}, $NewTag{function}];
   $NewTag{level}  ||= 0;
   $NewTag{error}  ||= $BAD_MESSAGE;
   $Tag_SecLVL{$NewTag{name}}  = {level => $NewTag{level}, text => $NewTag{error},};
   $do_f[5] = 1 if !$do_f[5];
   warn 'Added Build_AUBBC Tag '.$Build_AUBBC{$NewTag{name}} if $DEBUG_AUBBC && $Build_AUBBC{$NewTag{name}};
  }
   else {
   $self->aubbc_error('Usage: add_build_tag - Bad name or pattern format');
  }
 }
}

sub remove_build_tag {
 my ($self,$name,$type) = @_;
 warn 'ENTER remove_build_tag' if $DEBUG_AUBBC;
 delete $Build_AUBBC{$name} if exists $Build_AUBBC{$name} && !$type; # clear one
 %Build_AUBBC = () if $type && !$name; # clear all
}

sub do_unicode{
 warn 'ENTER do_unicode' if $DEBUG_AUBBC;
 $msg =~ s/\[utf:\/\/(\#?\w+)\]/&$1;/g;
}

sub do_smileys {
warn 'ENTER do_smileys' if $DEBUG_AUBBC;
$msg =~

AUBBC.pm  view on Meta::CPAN

  }
  $text =~ s/"/&#34;/g;
  $text =~ s/</&#60;/g;
  $text =~ s/>/&#62;/g;
  $text =~ s/'/&#39;/g;
  $text =~ s/\)/&#41;/g;
  $text =~ s/\(/&#40;/g;
  $text =~ s/\\/&#92;/g;
  $text =~ s/\|/&#124;/g;
  ! $option && $AUBBC{line_break} eq '2'
   ? $text =~ s/\n/<br$AUBBC{html_type}>/g
   : $text =~ s/\n/<br$AUBBC{html_type}>\n/g if !$option && $AUBBC{line_break} eq '1';
  return $text;
 }
}

sub html_to_text {
 my ($self, $html, $option) = @_;
 warn 'ENTER html_to_text' if $DEBUG_AUBBC;
 $html = '' unless defined $html;
 if ($html) {
  $html =~ s/&amp;/&/g;

AUBBC.pm  view on Meta::CPAN


shakaflex [at] gmail.com

http://search.cpan.org/~sflex/

http://aubbc.googlecode.com/

Development Notes: Highlighting functions list and tags/commands for more
language highlighters. Ideas make some new tags like [perl] or have a command in the code
tag like [code]perl:print 'perl';[/code] with a default highlighting method if
a command was not used. Then highlighting of many types of code could be allowed
even markup like HTML.

Notes: This code has a lot of settings and works good
with most default settings see the POD and example files
in the archive for usage.

=head1 NAME

AUBBC

AUBBC.pm  view on Meta::CPAN


9) Fully customizable settings.

The advantage of using this BBcode is to have the piece of mind of using a secure program,
to restrict the usage of HTML/XHTML elements and to make formatting of posts easy to people that have no HTML/XHTML skill.
Most sites that use these tags show a list of them and/or easy way to insert the tags to the form field by the user.

The [c] or code tags can highlight Perl code, highlighting the Perl code with CSS in HTML/XHTML,
and in the examples folder the tag_list.cgi file has a CSS code you could work from and now a setting to change to a costume highlighter function.
This module addresses many security issues the BBcode tags may have mainly cross site script also known as XSS.
Each message is escaped before it gets returned if script_escape is Enabled and checked for many types of security problems before that tag converts to HTML/XHTML.
The script_escape setting and method also converts the &#39; sign so the text can be stored in a SQL back-end.
Most of the free web portals use the &#124; sign as the delimiter for the flat file database, the script_escape setting and method also converts that sign so the structure of the database is retained.

Allows easy conversion to HTML and XHTML, existing tags will convert to the HTML type set.

If there isn't a popular tag available this module provides a method to "Build your own tags" custom tags can help link to parts of the current web page, other web pages and add other HTML elements.


=cut

AUBBC.pod  view on Meta::CPAN


9) Fully customizable settings.

The advantage of using this BBcode is to have the piece of mind of using a secure program,
to restrict the usage of HTML/XHTML elements and to make formatting of posts easy to people that have no HTML/XHTML skill.
Most sites that use these tags show a list of them and/or easy way to insert the tags to the form field by the user.

The [c] or code tags can highlight Perl code, highlighting the Perl code with CSS in HTML/XHTML,
and in the examples folder the tag_list.cgi file has a CSS code you could work from and now a setting to change to a costume highlighter function.
This module addresses many security issues the BBcode tags may have mainly cross site script also known as XSS.
Each message is escaped before it gets returned if script_escape is Enabled and checked for many types of security problems before that tag converts to HTML/XHTML.
The script_escape setting and method also converts the &#39; sign so the text can be stored in a SQL back-end.
Most of the free web portals use the &#124; sign as the delimiter for the flat file database, the script_escape setting and method also converts that sign so the structure of the database is retained.

Allows easy conversion to HTML and XHTML, existing tags will convert to the HTML type set.

If there isn't a popular tag available this module provides a method to "Build your own tags" custom tags can help link to parts of the current web page, other web pages and add other HTML elements.

=head1 Security

Security advice to ensure the proper usage of this module.

=head2 Database Manipulation

The default settings of AUBBC.pm is not good for most forums, blogs, wiki's and bulletin boards
because by default AUBBC should work and be secure. The other reason is these programs will want some
of the user input editable and portable.

For editing and portability purposes you would want to retain the tags or user input as they typed it,
but always use the script_escape before saving to a back-end. This will allow you to change the settings
of AUBBC on the fly so the tags remain portable to setting changes.
The script_escape filter is vital to security for many reasons and provides a standard format for other
methods of AUBBC. There is a file in the examples folder called Database_Manipulation.pm that try's to explain what settings
to change and how to stay safe.

=head2 Mixing HTML and BBcode

Since the script_escape method will disable HTML and JavaScript, I came up with a way
to mix the two. The recommended use of mixing is for Administrator's of the program only,

AUBBC.pod  view on Meta::CPAN


level - the array number of the security level

text  - the text or HTML to show if user has no access

Build your own tags has 2 new variables now:

  $aubbc->add_build_tag(
        name     => 'ok',
        pattern  => 'l,s',
        type     => 1,
        function => 'My_Message::check_ok_tag',
        level    => 3,
        error    => 'register to see this',
        );
        
level - the array number of the security level

error - the text or HTML to show if user has no access

For the build tags leaving the variables blank will default level to 0 and

AUBBC.pod  view on Meta::CPAN

This is the link to your images folder and is only used for Smilies.

 For the smileis to work you must provide a URL.

example:

 smilies must be in /smilies folder

the images_url link must have the /smilies folder in it and not point directly to /smilies.

=head2 html_type

Default is 'html' and the only other support is 'xhtml'

=head2 fix_amp

Default is 1 Enabled and the only other setting is 0 to Disable.
This setting finds all the & that need to covert to the amp; html code name
so the w3c xhtml validation checks ok.

=head2 line_break

AUBBC.pod  view on Meta::CPAN


=head2 protect_email

Default is 1 and other possible values are (0, 2, 3, 4).

Can add a protection to hide emails in the [email] tag from email harvesters.


Not 100% fool proof.

        0 - has no type of protection.


        1 - uses unicode type protection.


        2 - Javascript and unicode type protection.


        3 - Javascript and unicode type protection.


        4 - Javascript encryption

The settings 2, 3 and 4 require the JavaScript function in the js_print method of
this module. js_print can be used directly and it will print out the proper file
headers for a browser to know its a JavaScript file.

=head2 email_message

AUBBC.pod  view on Meta::CPAN

The way you use this smiley is [lol]

Must have the images_url set to the proper location.

images_url/smilies/lol.gif

=head1 Build your own tags

These are the settings and methods for using custom tags.

=head2 $aubbc->add_build_tag(name=>'stuff', pattern=>'stuff' , type=>'stuff', function=>'stuff',...);

name - will be the tags name and is limited to a-z 0-9 - _

pattern - limited to 'all' or 'l,n,-,:,_,s'

    'all' = anything but [ or ]
    'l' = 'a-z'
    'n' = '0-9'
    's' = ' '
    '-' = '-'
    ':' = ':'
    '_' = '_'

type - 1 is style [name://pattern], 2 is style [name]pattern[/name], 3 is style [name],
the next setting for type the function will not be used to run Perl subroutines and
will replace the text with what text is defined in the function setting, the setting is
type 4 this will use style [name] but will work different then the other built settings
see function below on how type 4 works

function - a pre-defined subroutine that receives the matched pattern, tag name and returns what you want,
unless type is set to 4 then it will replace the tag with what text is in the function.

   Note: if the function returns undefined, '' or 0 the tag will not be changed.

level - the array number of the security level

error - the text or HTML to show if user has no access

        Note: For the build tags leaving the variables blank will default level to 0 and
        error to the $AUBBC::BAD_MESSAGE string.

Usage:

  package My_Message;

  use AUBBC;
  my $aubbc = AUBBC->new();

  $aubbc->add_build_tag(
        name     => 'ok',
        pattern  => 'l,s',
        type     => 1,
        function => 'My_Message::check_ok_tag',
        );
  $aubbc->add_build_tag(
        name     => 'ip',
        pattern  => '',
        type     => 3,
        function => 'My_Message::get_some_tag',
        );
  $aubbc->add_build_tag(
        name     => 'agent',
        pattern  => '',
        type     => 3,
        function => 'My_Message::get_some_tag',
        );
  $aubbc->add_build_tag(
        name     => 'hello',
        pattern  => '',
        type     => 4,
        function => 'Hello World!',
        );
  my $message = '[ok://test me] [ok://test other] [ok://n0 w00rk] [ip] [agent] [hello]';

  $message = $aubbc->do_all_ubbc($message);

  print $message;

  sub check_ok_tag {
  my ($tag_name, $text_from_AUBBC) = @_;

AUBBC.pod  view on Meta::CPAN

Fixed - The element ID for the code download started at 1 for every instance this
will force the browser to take priority to load the first ID it reads. The fix
starts the counter at 'time.$$.000' to try to produce a more unique ID for each
instance.

Fixed - under the code tag in do_ubbc line " $do_f[8] = '' if $do_f[8]; "
should have been $do_f[9] = '' if $do_f[9];

v4.01 - 11/08/2010

Fixed - Bug that converts the true text typed to the HTML code name.
All parts of the module where effected by this bug, in the code tag if the
author ment & #59 ; it would show ; . This also caused a long standing bug with
typing any HTML code name and saving it to a backend.
this fix removes the HTML code name regex in do_unicode and had to add/move two
filters in "script_escape to conver the & to an amp and ; to #59;" and
"html_to_text to conver amp to & and #59 to ;". This fix also helped in allowing
the regex's for highlighting subroutines to be made.

Fixed - had to add a null byte marker to escape_aubbc so the code tag's
highlighter can detect the escaped character and change it back. In do_all_ubbc

AUBBC.pod  view on Meta::CPAN

of all the Perl BBcode modules. BBCode::Parser Parse::BBCode HTML::BBCode HTML::BBReverse

Fixed - fixed a line break and new line sandbox bug

Improvement - Massive speed improvement to the hole module and no features lost.
changed new for faster loading, the module uses vars for some variables,
re-spaced the hole code.

v2.10 - 08/31/2010 11:17:13

Addition - adding type 4 to add_build_tag this will use style 3 but will work
different then the other built functions. Type 4 will print the text defined in
function and not point to a defined Perl subroutine.

Addition - added line_break setting to have control over the script_escape and
html_to_text methods converting html line break <br> and new line \n

Addition - added fix_amp this setting finds all the & that need to covert to the amp; html code name
so the w3c xhtml validation checks ok.

Addition - added no_img this setting will allow some control for using [img] tags
for security reasons

Fixed - bug in settings_prep when a setting gets changed html_type could change

Fixed - Better support for XHTML 1.0 Strict for some tags having issues in do_ubbc

Fixed - in do_ubbc the [url] tag produces a bug if a link is used as a name
the fix converts the period and/or colon of the name so its not seen as a new
link.

Improvement - in do_unicode removed then changed the two regexs to do a 3 in 1 filter.

Improvement - in html_to_text added a code to fix a <br> bug if ppl use html or xhtml line break.

AUBBC.pod  view on Meta::CPAN

All tags in %AUBBC_TAGS will only convert if lowercase.

"new" now uses the most standard referenced object method.

Removed DOS_prevent() method, since the script has been tested more and was causing a timing problem.

Removed [cd]#code[/cd] code tag, which had no code_class or code_extra.

Commented bad_pattern check for [email] tags, this security check is not needed because the next line will take care of all email tag security.

Added missing $AUBBC{image_border}, $AUBBC{html_type} and $AUBBC{image_wrap} to the none icon image.

Changed names of left and right align images to [left_img]..[/img] and [right_img]..[/img], also updated examples to show tags.

Added missing $AUBBC{html_type} to quote, code tags and code_highlight function.

v1.0 01/20/2008 08:46:08

Released.

=head1 COPYLEFT

AUBBC.pm, v4.06 - 04/12/2011 By: N.K.A.

Advanced Universal Bulletin Board Code a Perl BBcode API

shakaflex [at] gmail.com

http://search.cpan.org/~sflex/

http://aubbc.googlecode.com/

Development Notes: Highlighting functions list and tags/commands for more
language highlighters. Ideas make some new tags like [perl] or have a command in the code
tag like [code]perl:$some ='perl';[/code] with a default highlighting method if
a command was not used. Then highlighting of many types of code could be allowed
even markup like HTML.

Notes: This code has a lot of settings and works good
with most default settings see the POD and example files
in the archive for usage.

=cut

CHANGES  view on Meta::CPAN

Fixed - The element ID for the code download started at 1 for every instance this
will force the browser to take priority to load the first ID it reads. The fix
starts the counter at 'time.$$.000' to try to produce a more unique ID for each
instance.

Fixed - under the code tag in do_ubbc line " $do_f[8] = '' if $do_f[8]; "
should have been $do_f[9] = '' if $do_f[9];

v4.01 - 11/08/2010

Fixed - Bug that converts the true text typed to the HTML code name.
All parts of the module where effected by this bug, in the code tag if the
author ment & #59 ; it would show ; . This also caused a long standing bug with
typing any HTML code name and saving it to a backend.
this fix removes the HTML code name regex in do_unicode and had to add/move two
filters in "script_escape to conver the & to an amp and ; to #59;" and
"html_to_text to conver amp to & and #59 to ;". This fix also helped in allowing
the regex's for highlighting subroutines to be made.

Fixed - had to add a null byte marker to escape_aubbc so the code tag's
highlighter can detect the escaped character and change it back. In do_all_ubbc

CHANGES  view on Meta::CPAN

of all the Perl BBcode modules. BBCode::Parser Parse::BBCode HTML::BBCode HTML::BBReverse

Fixed - fixed a line break and new line sandbox bug

Improvement - Massive speed improvement to the hole module and no features lost.
changed new for faster loading, the module uses vars for some variables,
re-spaced the hole code.

v2.10 - 08/31/2010 11:17:13

Addition - adding type 4 to add_build_tag this will use style 3 but will work
different then the other built functions. Type 4 will print the text defined in
function and not point to a defined Perl subroutine.

Addition - added line_break setting to have control over the script_escape and
html_to_text methods converting html line break <br> and new line \n

Addition - added fix_amp this setting finds all the & that need to covert to the amp; html code name
so the w3c xhtml validation checks ok.

Addition - added no_img this setting will allow some control for using [img] tags
for security reasons

Fixed - bug in settings_prep when a setting gets changed html_type could change

Fixed - Better support for XHTML 1.0 Strict for some tags having issues in do_ubbc

Fixed - in do_ubbc the [url] tag produces a bug if a link is used as a name
the fix converts the period and/or colon of the name so its not seen as a new
link.

Improvement - in do_unicode removed then changed the two regexs to do a 3 in 1 filter.

Improvement - in html_to_text added a code to fix a <br> bug if ppl use html or xhtml line break.

CHANGES  view on Meta::CPAN

All tags in %AUBBC_TAGS will only convert if lowercase.

"new" now uses the most standard referenced object method.

Removed DOS_prevent() method, since the script has been tested more and was causing a timing problem.

Removed [cd]#code[/cd] code tag, which had no code_class or code_extra.

Commented bad_pattern check for [email] tags, this security check is not needed because the next line will take care of all email tag security.

Added missing $AUBBC{image_border}, $AUBBC{html_type} and $AUBBC{image_wrap} to the none icon image.

Changed names of left and right align images to [left_img]..[/img] and [right_img]..[/img], also updated examples to show tags.

Added missing $AUBBC{html_type} to quote, code tags and code_highlight function.

v1.0 01/20/2008 08:46:08

Released.

README  view on Meta::CPAN


9) Fully customizable settings.

The advantage of using this BBcode is to have the piece of mind of using a secure program,
to restrict the usage of HTML/XHTML elements and to make formatting of posts easy to people that have no HTML/XHTML skill.
Most sites that use these tags show a list of them and/or easy way to insert the tags to the form field by the user.

The [c] or code tags can highlight Perl code, highlighting the Perl code with CSS in HTML/XHTML,
and in the examples folder the tag_list.cgi file has a CSS code you could work from and now a setting to change to a costume highlighter function.
This module addresses many security issues the BBcode tags may have mainly cross site script also known as XSS.
Each message is escaped before it gets returned if script_escape is Enabled and checked for many types of security problems before that tag converts to HTML/XHTML.
The script_escape setting and method also converts the &#39; sign so the text can be stored in a SQL back-end.
Most of the free web portals use the &#124; sign as the delimiter for the flat file database, the script_escape setting and method also converts that sign so the structure of the database is retained.

Allows easy conversion to HTML and XHTML, existing tags will convert to the HTML type set.

If there isn't a popular tag available this module provides a method to "Build your own tags" custom tags can help link to parts of the current web page, other web pages and add other HTML elements.

=head1 Security

Security advice to ensure the proper usage of this module.

=head2 Database Manipulation

The default settings of AUBBC.pm is not good for most forums, blogs, wiki's and bulletin boards
because by default AUBBC should work and be secure. The other reason is these programs will want some
of the user input editable and portable.

For editing and portability purposes you would want to retain the tags or user input as they typed it,
but always use the script_escape before saving to a back-end. This will allow you to change the settings
of AUBBC on the fly so the tags remain portable to setting changes.
The script_escape filter is vital to security for many reasons and provides a standard format for other
methods of AUBBC. There is a file in the examples folder called Database_Manipulation.pm that try's to explain what settings
to change and how to stay safe.

=head2 Mixing HTML and BBcode

Since the script_escape method will disable HTML and JavaScript, I came up with a way
to mix the two. The recommended use of mixing is for Administrator's of the program only,

README  view on Meta::CPAN


level - the array number of the security level

text  - the text or HTML to show if user has no access

Build your own tags has 2 new variables now:

  $aubbc->add_build_tag(
        name     => 'ok',
        pattern  => 'l,s',
        type     => 1,
        function => 'My_Message::check_ok_tag',
        level    => 3,
        error    => 'register to see this',
        );

level - the array number of the security level

error - the text or HTML to show if user has no access

For the build tags leaving the variables blank will default level to 0 and

README  view on Meta::CPAN

This is the link to your images folder and is only used for Smilies.

 For the smileis to work you must provide a URL.

example:

 smilies must be in /smilies folder

the images_url link must have the /smilies folder in it and not point directly to /smilies.

=head2 html_type

Default is 'html' and the only other support is 'xhtml'

=head2 fix_amp

Default is 1 Enabled and the only other setting is 0 to Disable.
This setting finds all the & that need to covert to the amp; html code name
so the w3c xhtml validation checks ok.

=head2 line_break

README  view on Meta::CPAN


=head2 protect_email

Default is 1 and other possible values are (0, 2, 3, 4).

Can add a protection to hide emails in the [email] tag from email harvesters.


Not 100% fool proof.

        0 - has no type of protection.


        1 - uses unicode type protection.


        2 - Javascript and unicode type protection.


        3 - Javascript and unicode type protection.


        4 - Javascript encryption

The settings 2, 3 and 4 require the JavaScript function in the js_print method of
this module. js_print can be used directly and it will print out the proper file
headers for a browser to know its a JavaScript file.

=head2 email_message

README  view on Meta::CPAN

The way you use this smiley is [lol]

Must have the images_url set to the proper location.

images_url/smilies/lol.gif

=head1 Build your own tags

These are the settings and methods for using custom tags.

=head2 $aubbc->add_build_tag(name=>'stuff', pattern=>'stuff' , type=>'stuff', function=>'stuff',...);

name - will be the tags name and is limited to a-z 0-9 - _

pattern - limited to 'all' or 'l,n,-,:,_,s'

    'all' = anything but [ or ]
    'l' = 'a-z'
    'n' = '0-9'
    's' = ' '
    '-' = '-'
    ':' = ':'
    '_' = '_'

type - 1 is style [name://pattern], 2 is style [name]pattern[/name], 3 is style [name],
the next setting for type the function will not be used to run Perl subroutines and
will replace the text with what text is defined in the function setting, the setting is
type 4 this will use style [name] but will work different then the other built settings
see function below on how type 4 works

function - a pre-defined subroutine that receives the matched pattern, tag name and returns what you want,
unless type is set to 4 then it will replace the tag with what text is in the function.

   Note: if the function returns undefined, '' or 0 the tag will not be changed.

level - the array number of the security level

error - the text or HTML to show if user has no access

        Note: For the build tags leaving the variables blank will default level to 0 and
        error to the $AUBBC::BAD_MESSAGE string.

Usage:

  package My_Message;

  use AUBBC;
  my $aubbc = AUBBC->new();

  $aubbc->add_build_tag(
        name     => 'ok',
        pattern  => 'l,s',
        type     => 1,
        function => 'My_Message::check_ok_tag',
        );
  $aubbc->add_build_tag(
        name     => 'ip',
        pattern  => '',
        type     => 3,
        function => 'My_Message::get_some_tag',
        );
  $aubbc->add_build_tag(
        name     => 'agent',
        pattern  => '',
        type     => 3,
        function => 'My_Message::get_some_tag',
        );
  $aubbc->add_build_tag(
        name     => 'hello',
        pattern  => '',
        type     => 4,
        function => 'Hello World!',
        );
  my $message = '[ok://test me] [ok://test other] [ok://n0 w00rk] [ip] [agent] [hello]';

  $message = $aubbc->do_all_ubbc($message);

  print $message;

  sub check_ok_tag {
  my ($tag_name, $text_from_AUBBC) = @_;

README  view on Meta::CPAN

Fixed - The element ID for the code download started at 1 for every instance this
will force the browser to take priority to load the first ID it reads. The fix
starts the counter at 'time.$$.000' to try to produce a more unique ID for each
instance.

Fixed - under the code tag in do_ubbc line " $do_f[8] = '' if $do_f[8]; "
should have been $do_f[9] = '' if $do_f[9];

v4.01 - 11/08/2010

Fixed - Bug that converts the true text typed to the HTML code name.
All parts of the module where effected by this bug, in the code tag if the
author ment & #59 ; it would show ; . This also caused a long standing bug with
typing any HTML code name and saving it to a backend.
this fix removes the HTML code name regex in do_unicode and had to add/move two
filters in "script_escape to conver the & to an amp and ; to #59;" and
"html_to_text to conver amp to & and #59 to ;". This fix also helped in allowing
the regex's for highlighting subroutines to be made.

Fixed - had to add a null byte marker to escape_aubbc so the code tag's
highlighter can detect the escaped character and change it back. In do_all_ubbc

README  view on Meta::CPAN

of all the Perl BBcode modules. BBCode::Parser Parse::BBCode HTML::BBCode HTML::BBReverse

Fixed - fixed a line break and new line sandbox bug

Improvement - Massive speed improvement to the hole module and no features lost.
changed new for faster loading, the module uses vars for some variables,
re-spaced the hole code.

v2.10 - 08/31/2010 11:17:13

Addition - adding type 4 to add_build_tag this will use style 3 but will work
different then the other built functions. Type 4 will print the text defined in
function and not point to a defined Perl subroutine.

Addition - added line_break setting to have control over the script_escape and
html_to_text methods converting html line break <br> and new line \n

Addition - added fix_amp this setting finds all the & that need to covert to the amp; html code name
so the w3c xhtml validation checks ok.

Addition - added no_img this setting will allow some control for using [img] tags
for security reasons

Fixed - bug in settings_prep when a setting gets changed html_type could change

Fixed - Better support for XHTML 1.0 Strict for some tags having issues in do_ubbc

Fixed - in do_ubbc the [url] tag produces a bug if a link is used as a name
the fix converts the period and/or colon of the name so its not seen as a new
link.

Improvement - in do_unicode removed then changed the two regexs to do a 3 in 1 filter.

Improvement - in html_to_text added a code to fix a <br> bug if ppl use html or xhtml line break.

README  view on Meta::CPAN

All tags in %AUBBC_TAGS will only convert if lowercase.

"new" now uses the most standard referenced object method.

Removed DOS_prevent() method, since the script has been tested more and was causing a timing problem.

Removed [cd]#code[/cd] code tag, which had no code_class or code_extra.

Commented bad_pattern check for [email] tags, this security check is not needed because the next line will take care of all email tag security.

Added missing $AUBBC{image_border}, $AUBBC{html_type} and $AUBBC{image_wrap} to the none icon image.

Changed names of left and right align images to [left_img]..[/img] and [right_img]..[/img], also updated examples to show tags.

Added missing $AUBBC{html_type} to quote, code tags and code_highlight function.

v1.0 01/20/2008 08:46:08

Released.

=head1 COPYLEFT

AUBBC.pm, v4.06 - 04/12/2011 By: N.K.A.

Advanced Universal Bulletin Board Code a Perl BBcode API

shakaflex [at] gmail.com

http://search.cpan.org/~sflex/

http://aubbc.googlecode.com/

Development Notes: Highlighting functions list and tags/commands for more
language highlighters. Ideas make some new tags like [perl] or have a command in the code
tag like [code]perl:$some ='perl';[/code] with a default highlighting method if
a command was not used. Then highlighting of many types of code could be allowed
even markup like HTML.

Notes: This code has a lot of settings and works good
with most default settings see the POD and example files
in the archive for usage.

=cut

examples/Database_Manipulation.cgi  view on Meta::CPAN

sub saving_data {
# This is to show how to save the user input safely to your backend
# you will need to use a module like CGI or what ever is out there
# to recive the HTML form data lets say the data is in $message

# Befor the data can be saved you will have to use the script_escape method on $message

$message = $aubbc->script_escape($message);

# Then save $message to your database, extra security methods maybe required or desired
# depending on the type of backend used.......

}

sub editing_data {
# This will be a two part subroutine. This first one will get the message from
# the backend and display the data in a HTML form to be edited lets say its
# in variable $form_data

# Since this gets into sandboxing the html_to_text method you may want
# to play with settings for other view's or can skip the form feilds sandboxing

examples/Database_Manipulation.cgi  view on Meta::CPAN

sub editing_data2 {
# Part 2 of editing data, you will need to use a module like CGI or what ever is out there
# to recive the HTML form data

# Before the HTML form data can be saved you will have to use the script_escape
# method on the variable that holds the HTML form data lets say its $message2

$message2 = $aubbc->script_escape($message2);

# Then save it to your database, extra security methods maybe required or desired
# depending on the type of backend used.......

}

sub display_data {
# Get the data from the backend lets say we did that and its in $message3
# use do_all_ubbc on $message3 and now $message3 is ready to be printed in HTML.
$message3 = $aubbc->do_all_ubbc($message3);

# Here you would want to print the propper HTML headers and elements with $message3 in it
# or return the variable, how ever you want to make it!!

examples/Mixing_HTML_and_BBcode.cgi  view on Meta::CPAN


# Befor the data can be saved you will have to use the script_escape method on $message
# But not on the hole $message, so I use this filter to get the <aubbc> tag

$message =~ s/(<aubbc>(?s)(.*?)<\/aubbc>)/
        my $ret = $aubbc->script_escape( $2 );
        $ret ? '<aubbc>'.$ret."<\/aubbc>" : $1;
        /exg;

# Then save $message to your database, extra security methods maybe required or desired
# depending on the type of backend used.......

}

sub editing_data {
# This will be a two part subroutine. This first one will get the message from
# the backend and display the data in a HTML form to be edited lets say its
# in variable $form_data

# Since this gets into sandboxing the script_escape method you may want
# to play with settings for other view's or can skip the form feilds sandboxing

examples/Mixing_HTML_and_BBcode.cgi  view on Meta::CPAN


# Before the HTML form data can be saved you will have to use the script_escape
# method with the regex on the variable that holds the HTML form data lets say its $message2

$message2 =~ s/(<aubbc>(?s)(.*?)<\/aubbc>)/
        my $ret = $aubbc->script_escape( $2 );
        $ret ? '<aubbc>'.$ret."<\/aubbc>" : $1;
        /exg;

# Then save it to your database, extra security methods maybe required or desired
# depending on the type of backend used.......

}

sub display_data {
# Get the data from the backend lets say we did that and its in $message3
# use do_all_ubbc on $message3 and

$message3 = $aubbc->do_all_ubbc($message3);

# Before you print we want to remove the <aubbc> home made element

examples/tag_list.cgi  view on Meta::CPAN


use strict;
use warnings;
#use lib '../';
use AUBBC;
my $aubbc = AUBBC->new();

# Change some default settings
$aubbc->settings(
        protect_email => 4,
        html_type => 'xhtml',
        code_class => ' class="codepost"',
        code_extra => '<div style="clear: left"> </div>',
        quote_class => ' class="quote"',
        quote_extra => '<div style="clear: left"> </div>',
        highlight_class1 => ' class="highlightclass1"',
        highlight_class2 => ' class="highlightclass2"',
        highlight_class3 => ' class="highlightclass1"',
        highlight_class4 => ' class="highlightclass1"',
        highlight_class5 => ' class="highlightclass5"',
        highlight_class6 => ' class="highlightclass6"',
        highlight_class7 => ' class="highlightclass7"',
        highlight_class8 => ' class="highlightclass5"',
        highlight_class9 => ' class="highlightclass5"',
        );

# Add some tags to Build tags
  foreach my $tag (('cpan','google','wikisource','ws','wikiquote','wq','wikibooks','wb','wikipedia','wp')) {
  $aubbc->add_build_tag(
        name     => $tag,
        pattern  => 'all',
        type     => 1,
        function =>'main::other_sites',
        );
  }

  $aubbc->add_build_tag(
        name     => 'time',
        pattern  => '',
        type     => 3,
        function => 'main::other_sites',
        );

# This is so eather the print_list sub will run or the js_print
# if this file was ran on a web server
        $ENV{'QUERY_STRING'}
                ? $aubbc->js_print()
                : print_list->();

sub print_list {

examples/tag_list.cgi  view on Meta::CPAN

[[ws://Wikisource:About_Wikisource] or [wikisource://Wikisource:About_Wikisource] Wikisource[br]
[[cpan://Cpan] = [cpan://Cpan] Cpan Module Search[br]
[[time] = [time]
HTML

# replace the list with any error that may happen
$message = $aubbc->aubbc_error()
 ? $aubbc->aubbc_error()
 : $aubbc->do_all_ubbc($message);

print "Content-type: text/html\n\n";
print <<HTML;
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

    <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>AUBBC.pm Tag List</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
</head>
<body>
<script type="text/javascript" src="?js_print">
</script>
<style type="text/css">
.codepost {
background-color: #ffffff;
 width: 80%;
 height: auto;
 white-space: nowrap;
 overflow: scroll;
 padding-left: 2px;
 padding-bottom: 5px;
 margin: 0;
 top: 0;

test.pl  view on Meta::CPAN


use AUBBC;
$aubbc = new AUBBC;
{
 # did it load?
 #$aubbc = ''; # main reinforce failure
 $aubbc
  ? print $msg{1} . "$count\n"
  : print $msg{2} . "$count\n";

 $aubbc->settings(html_type => 'xhtml') if $aubbc;
 $message = $aubbc->do_all_ubbc($message) if $aubbc;
 $setting = $aubbc->get_setting('html_type') if $aubbc;
 $Current_version = $aubbc->version() if $aubbc;

 $count++;
 # did it convert?
 #$message .= ']'; # reinforce failure
 $message !~ m/[\[\]\:]+/
  ? print $msg{1} . "$count\n"
  : print $msg{2} . "$count\n";
}



( run in 0.940 second using v1.01-cache-2.11-cpan-600a1bdf6e4 )