AUBBC
view release on metacpan or search on metacpan
highlight_class1 => '',
highlight_class2 => '',
highlight_class3 => '',
highlight_class4 => '',
highlight_class5 => '',
highlight_class6 => '',
highlight_class7 => '',
highlight_class8 => '',
highlight_class9 => '',
);
my @security_levels = ('Guest', 'User', 'Moderator','Administrator');
my ($user_level, $high_level, $user_key) = ('Guest', 3, 0);
my %Tag_SecLVL = (
code => { level => 0, text => $BAD_MESSAGE, },
img => { level => 0, text => $BAD_MESSAGE, },
url => { level => 0, text => $BAD_MESSAGE, },
);
sub security_levels {
my ($self,@s_levels) = @_;
$do_f[10] = 0;
@s_levels
? @security_levels = @s_levels
: return @security_levels;
}
sub user_level {
my ($self,$u_level) = @_;
$do_f[10] = 0;
defined $u_level
? $user_level = $u_level
: return $user_level;
}
sub tag_security {
my ($self,%s_tags) = @_;
%s_tags
? %Tag_SecLVL = %s_tags
: return %Tag_SecLVL;
}
sub check_access {
my $tag = shift;
unless ($do_f[10]) {
$do_f[10] = 1;
($high_level, $user_key) = (scalar(@security_levels), 0);
for(my $i = 0; $i < $high_level;) {
if ($security_levels[$i] eq $user_level) {
$user_key = $i;
last;
}
$i++;
}
}
if (defined $tag && $do_f[10]) {
$user_key >= $Tag_SecLVL{$tag}{level}
? return 1
Features:
1) Massive amount of supported tags.
2) Build your own tags to add custom made tags.
3) Full XSS Security for supported tags.
4) High Speed Parser
5) Assign security levels for links, images, build and code tags.
6) Protection for emails to hide them from harvesters.
7) Code download for code tags
8) Perl code highlighter in the code tags
9) Fully customizable settings.
The advantage of using this BBcode is to have the piece of mind of using a secure program,
to restrict the usage of HTML/XHTML elements and to make formatting of posts easy to people that have no HTML/XHTML skill.
Most sites that use these tags show a list of them and/or easy way to insert the tags to the form field by the user.
The [c] or code tags can highlight Perl code, highlighting the Perl code with CSS in HTML/XHTML,
and in the examples folder the tag_list.cgi file has a CSS code you could work from and now a setting to change to a costume highlighter function.
This module addresses many security issues the BBcode tags may have mainly cross site script also known as XSS.
Each message is escaped before it gets returned if script_escape is Enabled and checked for many types of security problems before that tag converts to HTML/XHTML.
The script_escape setting and method also converts the ' sign so the text can be stored in a SQL back-end.
Most of the free web portals use the | sign as the delimiter for the flat file database, the script_escape setting and method also converts that sign so the structure of the database is retained.
Allows easy conversion to HTML and XHTML, existing tags will convert to the HTML type set.
If there isn't a popular tag available this module provides a method to "Build your own tags" custom tags can help link to parts of the current web page, other web pages and add other HTML elements.
=cut
Features:
1) Massive amount of supported tags.
2) Build your own tags to add custom made tags.
3) Full XSS Security for supported tags.
4) High Speed Parser
5) Assign security levels for links, images, build and code tags.
6) Protection for emails to hide them from harvesters.
7) Code download for code tags
8) Perl code highlighter in the code tags
9) Fully customizable settings.
The advantage of using this BBcode is to have the piece of mind of using a secure program,
to restrict the usage of HTML/XHTML elements and to make formatting of posts easy to people that have no HTML/XHTML skill.
Most sites that use these tags show a list of them and/or easy way to insert the tags to the form field by the user.
The [c] or code tags can highlight Perl code, highlighting the Perl code with CSS in HTML/XHTML,
and in the examples folder the tag_list.cgi file has a CSS code you could work from and now a setting to change to a costume highlighter function.
This module addresses many security issues the BBcode tags may have mainly cross site script also known as XSS.
Each message is escaped before it gets returned if script_escape is Enabled and checked for many types of security problems before that tag converts to HTML/XHTML.
The script_escape setting and method also converts the ' sign so the text can be stored in a SQL back-end.
Most of the free web portals use the | sign as the delimiter for the flat file database, the script_escape setting and method also converts that sign so the structure of the database is retained.
Allows easy conversion to HTML and XHTML, existing tags will convert to the HTML type set.
If there isn't a popular tag available this module provides a method to "Build your own tags" custom tags can help link to parts of the current web page, other web pages and add other HTML elements.
=head1 Security
Security advice to ensure the proper usage of this module.
=head2 Database Manipulation
The default settings of AUBBC.pm is not good for most forums, blogs, wiki's and bulletin boards
because by default AUBBC should work and be secure. The other reason is these programs will want some
of the user input editable and portable.
For editing and portability purposes you would want to retain the tags or user input as they typed it,
but always use the script_escape before saving to a back-end. This will allow you to change the settings
of AUBBC on the fly so the tags remain portable to setting changes.
The script_escape filter is vital to security for many reasons and provides a standard format for other
methods of AUBBC. There is a file in the examples folder called Database_Manipulation.pm that try's to explain what settings
to change and how to stay safe.
=head2 Mixing HTML and BBcode
Since the script_escape method will disable HTML and JavaScript, I came up with a way
to mix the two. The recommended use of mixing is for Administrator's of the program only,
because giving anyone the ability to post unfiltered codes is just wrong.
The mixing method is good for themes, information pages and wiki's just to name a few.
for some tags when script_escape is disabled you can just run do_all_ubbc on variables with HTML mixed
with BBcode and it will work because those tags didn't need the script_escape method to make them work,
but for other tags the script_escape method is needed.
So this is where my solution comes in.
see Mixing_HTML_and_BBcode.pm file in the examples folder
=head2 Build your own tags
When adding a custom tag you will have to remember that the methods for building
custom tags try's to secure the tags. But it can not be 100% secure without
the developer of the tag knowing if and what security issues the new tag may have.
The adding method restricts characters from being used in some variables of
the tags, like name and pattern.
See the other "Build your own tags" for usage
=head2 XSS protection and settings
The script_escape filter will disable XSS so the text of the code can be seen in
HTML/XHTML and the XSS code will not work in anyway.
Some parts use standard requirements allowing only these linking path formats:
protocal://location/web/path/or/file
/local/web/path/or/file
There are some uncontrollable security issues with allowing images [img] and link [url] auto-link tags,
you can disable [img] tags by setting "no_img => 1," to 1 as shown.
Security issues with the [url] and auto-link tags is not as bad since you have to click it to
get to the risky web site, unlike an image loading.
=head2 FYI
XHTML has better JavaScript security standards then HTML.
Developers can also use cookies with "httponly" flags to disable JavaScript from
reading that cookie, but the browsers must support it.
XSS, browser hijacking and other security risks can change by settings, browser vendors and program versions.
=head1 Tag Security Access
New to v4.05. Assign security levels for links, images, build and code tags.
Default settings allows all tags to be seen so there would be no changes needed
if you just wanted the latest version and not use this method yet.
This method works with your current authentication and will be explained more later.
Note: The smilies is not controled by this security.
=head2 User Security Levels
Default security levels are from low to high!!!
# The array numbers >>: 0 1 2 3
$aubbc->security_levels('Guest', 'User', 'Moderator','Administrator')
1) The security levels array needs to have the security levels from low to high in it!!
2) The names must be spelled the same as the name passed to method user_level();
3) Security access is determined by low to high numbers and with the default Guest
will be number/level 0 in the array. if the links was set for User
the links level will have to be 1 = User making any lower level unable to
see any bbcode links but, the Administrator would still see all.
=head2 Tag Security Levels
To change the security level of links, images and code use this method this way:
$aubbc->tag_security(
code => { level => 0, text => 'register to see this', },
img => { level => 0, text => 'register to see this', },
url => { level => 0, text => 'register to see this', },
);
level - the array number of the security level
text - the text or HTML to show if user has no access
Build your own tags has 2 new variables now:
$aubbc->add_build_tag(
name => 'ok',
pattern => 'l,s',
type => 1,
function => 'My_Message::check_ok_tag',
level => 3,
error => 'register to see this',
);
level - the array number of the security level
error - the text or HTML to show if user has no access
For the build tags leaving the variables blank will default level to 0 and
error to the $AUBBC::BAD_MESSAGE string.
=head2 User Access
This method receives the current users security level name from the web application.
$aubbc->user_level('Administrator');
If you are using the tag security you will want to set the user_level after the user
was authenticated by the web application and before do_all_ubbc is used.
=head1 Settings
These settings effect a large part of what the do_all_ubbc method can do and what other
methods can do in do_all_ubbc. some settings are used in many methods
=head2 $aubbc->settings();
This is the method to change them when needed.
Small Bug if Enabled:
Any use of ]] will equal ] and any [[ will equal [
=head2 no_img
Enable or Disable the [img] tags Default 0 allows the tags and 1 will just not
convert the tag.
There are some uncontrollable security issues with allowing anyone to post
an image link.
=head2 icon_image
Enable or Disable Custom Image Size Default 1 is Enabled, 0 is Disable.
If enabled will use the values from image_hight and image_width
in all Image Tags [img]/images/large_pic.gif[/img]
Default is '' and this is for a custom message, code, image, est.. to be used after a [quote] tags.
example:
quote_extra => 'QUOTES AND SAYINGS DISPLAYED ON THIS BLOG ARE NOT WRITTEN BY THE AUTHOR OF THE BLOG.',
quote_extra => '<div style="clear: left"> </div>',
=head2 script_escape
This will turn on or off the sanitizer/escape security for the hole message.
Default is 1 on and 0 for Disable.
Notes: 1)The code highlighter works best with an escaped character format like the
script_escape => 1 setting can provide.
2) If this setting is disabled and a character escaping method or security filter is not used
can result is a security compromise of the AUBBC tags.
3) if Disabled the method "$message = $aubbc->script_escape($message);" can be used on the message as needed before do_all_ubbc() is called.
=head2 protect_email
Default is 1 and other possible values are (0, 2, 3, 4).
Can add a protection to hide emails in the [email] tag from email harvesters.
the next setting for type the function will not be used to run Perl subroutines and
will replace the text with what text is defined in the function setting, the setting is
type 4 this will use style [name] but will work different then the other built settings
see function below on how type 4 works
function - a pre-defined subroutine that receives the matched pattern, tag name and returns what you want,
unless type is set to 4 then it will replace the tag with what text is in the function.
Note: if the function returns undefined, '' or 0 the tag will not be changed.
level - the array number of the security level
error - the text or HTML to show if user has no access
Note: For the build tags leaving the variables blank will default level to 0 and
error to the $AUBBC::BAD_MESSAGE string.
Usage:
package My_Message;
=head1 Bugs and Reports
Please report anything you think is a bug to bug-AUBBC [at] rt.cpan.org or shakaflex [at] gmail.com
=head1 History
v4.06 - 04/12/2011
Fixed - The hash for tag_security() needed the images and link renamed to a tag
name being used. Changed the image name to img and the link to url. Read
"Tag Security Levels" for more info.
Fixed - security for links was in method make_link and was causing an access issue
if used outside of the module. Made a new method to check link access now the
make_link method could be used outside of the module without the security access
in it, as intended.
Changed - forgot to say in version 4.05 that I changed the aubbc_error so a new line
will be added after each inserted error.
v4.05 - 04/05/2011
Addition - Assign security levels for links, images, built and code tags.
New subroutine names: security_levels, user_level, tag_security, check_access
Changed - The default value for $AUBBC::BAD_MESSAGE is now 'Unathorized'
v4.04 - 02/05/2011
Fixed - Bug with quote tag, needed to convert all its tags.
v4.03 - 02/03/2011
Addition - New Object method aubbc_error . Developers can now controle if or when
different then the other built functions. Type 4 will print the text defined in
function and not point to a defined Perl subroutine.
Addition - added line_break setting to have control over the script_escape and
html_to_text methods converting html line break <br> and new line \n
Addition - added fix_amp this setting finds all the & that need to covert to the amp; html code name
so the w3c xhtml validation checks ok.
Addition - added no_img this setting will allow some control for using [img] tags
for security reasons
Fixed - bug in settings_prep when a setting gets changed html_type could change
Fixed - Better support for XHTML 1.0 Strict for some tags having issues in do_ubbc
Fixed - in do_ubbc the [url] tag produces a bug if a link is used as a name
the fix converts the period and/or colon of the name so its not seen as a new
link.
Improvement - in do_unicode removed then changed the two regexs to do a 3 in 1 filter.
Now every message that is passed to do_all_ubbc() gets escaped before being returned if script_escape is Enabled.
All tags in %AUBBC_TAGS will only convert if lowercase.
"new" now uses the most standard referenced object method.
Removed DOS_prevent() method, since the script has been tested more and was causing a timing problem.
Removed [cd]#code[/cd] code tag, which had no code_class or code_extra.
Commented bad_pattern check for [email] tags, this security check is not needed because the next line will take care of all email tag security.
Added missing $AUBBC{image_border}, $AUBBC{html_type} and $AUBBC{image_wrap} to the none icon image.
Changed names of left and right align images to [left_img]..[/img] and [right_img]..[/img], also updated examples to show tags.
Added missing $AUBBC{html_type} to quote, code tags and code_highlight function.
v1.0 01/20/2008 08:46:08
Released.
Improvement history for AUBBC
v4.06 - 04/12/2011
Fixed - The hash for tag_security() needed the images and link renamed to a tag
name being used. Changed the image name to img and the link to url. Read
"Tag Security Levels" for more info.
Fixed - security for links was in method make_link and was causing an access issue
if used outside of the module. Made a new method to check link access now the
make_link method could be used outside of the module without the security access
in it, as intended.
Changed - forgot to say in version 4.05 that I changed the aubbc_error so a new line
will be added after each inserted error.
v4.05 - 04/05/2011
Addition - Assign security levels for links, images, built and code tags.
New subroutine names: security_levels, user_level, tag_security, check_access
Changed - The default value for $AUBBC::BAD_MESSAGE is now 'Unathorized'
v4.04 - 02/05/2011
Fixed - Bug with quote tag, needed to convert all its tags.
v4.03 - 02/03/2011
Addition - New Object method aubbc_error . Developers can now controle if or when
different then the other built functions. Type 4 will print the text defined in
function and not point to a defined Perl subroutine.
Addition - added line_break setting to have control over the script_escape and
html_to_text methods converting html line break <br> and new line \n
Addition - added fix_amp this setting finds all the & that need to covert to the amp; html code name
so the w3c xhtml validation checks ok.
Addition - added no_img this setting will allow some control for using [img] tags
for security reasons
Fixed - bug in settings_prep when a setting gets changed html_type could change
Fixed - Better support for XHTML 1.0 Strict for some tags having issues in do_ubbc
Fixed - in do_ubbc the [url] tag produces a bug if a link is used as a name
the fix converts the period and/or colon of the name so its not seen as a new
link.
Improvement - in do_unicode removed then changed the two regexs to do a 3 in 1 filter.
Now every message that is passed to do_all_ubbc() gets escaped before being returned if script_escape is Enabled.
All tags in %AUBBC_TAGS will only convert if lowercase.
"new" now uses the most standard referenced object method.
Removed DOS_prevent() method, since the script has been tested more and was causing a timing problem.
Removed [cd]#code[/cd] code tag, which had no code_class or code_extra.
Commented bad_pattern check for [email] tags, this security check is not needed because the next line will take care of all email tag security.
Added missing $AUBBC{image_border}, $AUBBC{html_type} and $AUBBC{image_wrap} to the none icon image.
Changed names of left and right align images to [left_img]..[/img] and [right_img]..[/img], also updated examples to show tags.
Added missing $AUBBC{html_type} to quote, code tags and code_highlight function.
v1.0 01/20/2008 08:46:08
Released.
Features:
1) Massive amount of supported tags.
2) Build your own tags to add custom made tags.
3) Full XSS Security for supported tags.
4) High Speed Parser
5) Assign security levels for links, images, build and code tags.
6) Protection for emails to hide them from harvesters.
7) Code download for code tags
8) Perl code highlighter in the code tags
9) Fully customizable settings.
The advantage of using this BBcode is to have the piece of mind of using a secure program,
to restrict the usage of HTML/XHTML elements and to make formatting of posts easy to people that have no HTML/XHTML skill.
Most sites that use these tags show a list of them and/or easy way to insert the tags to the form field by the user.
The [c] or code tags can highlight Perl code, highlighting the Perl code with CSS in HTML/XHTML,
and in the examples folder the tag_list.cgi file has a CSS code you could work from and now a setting to change to a costume highlighter function.
This module addresses many security issues the BBcode tags may have mainly cross site script also known as XSS.
Each message is escaped before it gets returned if script_escape is Enabled and checked for many types of security problems before that tag converts to HTML/XHTML.
The script_escape setting and method also converts the ' sign so the text can be stored in a SQL back-end.
Most of the free web portals use the | sign as the delimiter for the flat file database, the script_escape setting and method also converts that sign so the structure of the database is retained.
Allows easy conversion to HTML and XHTML, existing tags will convert to the HTML type set.
If there isn't a popular tag available this module provides a method to "Build your own tags" custom tags can help link to parts of the current web page, other web pages and add other HTML elements.
=head1 Security
Security advice to ensure the proper usage of this module.
=head2 Database Manipulation
The default settings of AUBBC.pm is not good for most forums, blogs, wiki's and bulletin boards
because by default AUBBC should work and be secure. The other reason is these programs will want some
of the user input editable and portable.
For editing and portability purposes you would want to retain the tags or user input as they typed it,
but always use the script_escape before saving to a back-end. This will allow you to change the settings
of AUBBC on the fly so the tags remain portable to setting changes.
The script_escape filter is vital to security for many reasons and provides a standard format for other
methods of AUBBC. There is a file in the examples folder called Database_Manipulation.pm that try's to explain what settings
to change and how to stay safe.
=head2 Mixing HTML and BBcode
Since the script_escape method will disable HTML and JavaScript, I came up with a way
to mix the two. The recommended use of mixing is for Administrator's of the program only,
because giving anyone the ability to post unfiltered codes is just wrong.
The mixing method is good for themes, information pages and wiki's just to name a few.
for some tags when script_escape is disabled you can just run do_all_ubbc on variables with HTML mixed
with BBcode and it will work because those tags didn't need the script_escape method to make them work,
but for other tags the script_escape method is needed.
So this is where my solution comes in.
see Mixing_HTML_and_BBcode.pm file in the examples folder
=head2 Build your own tags
When adding a custom tag you will have to remember that the methods for building
custom tags try's to secure the tags. But it can not be 100% secure without
the developer of the tag knowing if and what security issues the new tag may have.
The adding method restricts characters from being used in some variables of
the tags, like name and pattern.
See the other "Build your own tags" for usage
=head2 XSS protection and settings
The script_escape filter will disable XSS so the text of the code can be seen in
HTML/XHTML and the XSS code will not work in anyway.
Some parts use standard requirements allowing only these linking path formats:
protocal://location/web/path/or/file
/local/web/path/or/file
There are some uncontrollable security issues with allowing images [img] and link [url] auto-link tags,
you can disable [img] tags by setting "no_img => 1," to 1 as shown.
Security issues with the [url] and auto-link tags is not as bad since you have to click it to
get to the risky web site, unlike an image loading.
=head2 FYI
XHTML has better JavaScript security standards then HTML.
Developers can also use cookies with "httponly" flags to disable JavaScript from
reading that cookie, but the browsers must support it.
XSS, browser hijacking and other security risks can change by settings, browser vendors and program versions.
=head1 Tag Security Access
New to v4.05. Assign security levels for links, images, build and code tags.
Default settings allows all tags to be seen so there would be no changes needed
if you just wanted the latest version and not use this method yet.
This method works with your current authentication and will be explained more later.
Note: The smilies is not controled by this security.
=head2 User Security Levels
Default security levels are from low to high!!!
# The array numbers >>: 0 1 2 3
$aubbc->security_levels('Guest', 'User', 'Moderator','Administrator')
1) The security levels array needs to have the security levels from low to high in it!!
2) The names must be spelled the same as the name passed to method user_level();
3) Security access is determined by low to high numbers and with the default Guest
will be number/level 0 in the array. if the links was set for User
the links level will have to be 1 = User making any lower level unable to
see any bbcode links but, the Administrator would still see all.
=head2 Tag Security Levels
To change the security level of links, images and code use this method this way:
$aubbc->tag_security(
code => { level => 0, text => 'register to see this', },
img => { level => 0, text => 'register to see this', },
url => { level => 0, text => 'register to see this', },
);
level - the array number of the security level
text - the text or HTML to show if user has no access
Build your own tags has 2 new variables now:
$aubbc->add_build_tag(
name => 'ok',
pattern => 'l,s',
type => 1,
function => 'My_Message::check_ok_tag',
level => 3,
error => 'register to see this',
);
level - the array number of the security level
error - the text or HTML to show if user has no access
For the build tags leaving the variables blank will default level to 0 and
error to the $AUBBC::BAD_MESSAGE string.
=head2 User Access
This method receives the current users security level name from the web application.
$aubbc->user_level('Administrator');
If you are using the tag security you will want to set the user_level after the user
was authenticated by the web application and before do_all_ubbc is used.
=head1 Settings
These settings effect a large part of what the do_all_ubbc method can do and what other
methods can do in do_all_ubbc. some settings are used in many methods
=head2 $aubbc->settings();
This is the method to change them when needed.
Small Bug if Enabled:
Any use of ]] will equal ] and any [[ will equal [
=head2 no_img
Enable or Disable the [img] tags Default 0 allows the tags and 1 will just not
convert the tag.
There are some uncontrollable security issues with allowing anyone to post
an image link.
=head2 icon_image
Enable or Disable Custom Image Size Default 1 is Enabled, 0 is Disable.
If enabled will use the values from image_hight and image_width
in all Image Tags [img]/images/large_pic.gif[/img]
Default is '' and this is for a custom message, code, image, est.. to be used after a [quote] tags.
example:
quote_extra => 'QUOTES AND SAYINGS DISPLAYED ON THIS BLOG ARE NOT WRITTEN BY THE AUTHOR OF THE BLOG.',
quote_extra => '<div style="clear: left"> </div>',
=head2 script_escape
This will turn on or off the sanitizer/escape security for the hole message.
Default is 1 on and 0 for Disable.
Notes: 1)The code highlighter works best with an escaped character format like the
script_escape => 1 setting can provide.
2) If this setting is disabled and a character escaping method or security filter is not used
can result is a security compromise of the AUBBC tags.
3) if Disabled the method "$message = $aubbc->script_escape($message);" can be used on the message as needed before do_all_ubbc() is called.
=head2 protect_email
Default is 1 and other possible values are (0, 2, 3, 4).
Can add a protection to hide emails in the [email] tag from email harvesters.
the next setting for type the function will not be used to run Perl subroutines and
will replace the text with what text is defined in the function setting, the setting is
type 4 this will use style [name] but will work different then the other built settings
see function below on how type 4 works
function - a pre-defined subroutine that receives the matched pattern, tag name and returns what you want,
unless type is set to 4 then it will replace the tag with what text is in the function.
Note: if the function returns undefined, '' or 0 the tag will not be changed.
level - the array number of the security level
error - the text or HTML to show if user has no access
Note: For the build tags leaving the variables blank will default level to 0 and
error to the $AUBBC::BAD_MESSAGE string.
Usage:
package My_Message;
=head1 Bugs and Reports
Please report anything you think is a bug to bug-AUBBC [at] rt.cpan.org or shakaflex [at] gmail.com
=head1 History
v4.06 - 04/12/2011
Fixed - The hash for tag_security() needed the images and link renamed to a tag
name being used. Changed the image name to img and the link to url. Read
"Tag Security Levels" for more info.
Fixed - security for links was in method make_link and was causing an access issue
if used outside of the module. Made a new method to check link access now the
make_link method could be used outside of the module without the security access
in it, as intended.
Changed - forgot to say in version 4.05 that I changed the aubbc_error so a new line
will be added after each inserted error.
v4.05 - 04/05/2011
Addition - Assign security levels for links, images, built and code tags.
New subroutine names: security_levels, user_level, tag_security, check_access
Changed - The default value for $AUBBC::BAD_MESSAGE is now 'Unathorized'
v4.04 - 02/05/2011
Fixed - Bug with quote tag, needed to convert all its tags.
v4.03 - 02/03/2011
Addition - New Object method aubbc_error . Developers can now controle if or when
different then the other built functions. Type 4 will print the text defined in
function and not point to a defined Perl subroutine.
Addition - added line_break setting to have control over the script_escape and
html_to_text methods converting html line break <br> and new line \n
Addition - added fix_amp this setting finds all the & that need to covert to the amp; html code name
so the w3c xhtml validation checks ok.
Addition - added no_img this setting will allow some control for using [img] tags
for security reasons
Fixed - bug in settings_prep when a setting gets changed html_type could change
Fixed - Better support for XHTML 1.0 Strict for some tags having issues in do_ubbc
Fixed - in do_ubbc the [url] tag produces a bug if a link is used as a name
the fix converts the period and/or colon of the name so its not seen as a new
link.
Improvement - in do_unicode removed then changed the two regexs to do a 3 in 1 filter.
Now every message that is passed to do_all_ubbc() gets escaped before being returned if script_escape is Enabled.
All tags in %AUBBC_TAGS will only convert if lowercase.
"new" now uses the most standard referenced object method.
Removed DOS_prevent() method, since the script has been tested more and was causing a timing problem.
Removed [cd]#code[/cd] code tag, which had no code_class or code_extra.
Commented bad_pattern check for [email] tags, this security check is not needed because the next line will take care of all email tag security.
Added missing $AUBBC{image_border}, $AUBBC{html_type} and $AUBBC{image_wrap} to the none icon image.
Changed names of left and right align images to [left_img]..[/img] and [right_img]..[/img], also updated examples to show tags.
Added missing $AUBBC{html_type} to quote, code tags and code_highlight function.
v1.0 01/20/2008 08:46:08
Released.
examples/Database_Manipulation.cgi view on Meta::CPAN
=head1 ABSTRACT
Advanced Universal Bulletin Board Code a Perl BBcode API
=head1 DESCRIPTION
This is a none working file(syntax checks ok)! It discribes one way to use this module
in projects like forums, blogs, wiki's, bulletin boards or other development.
Keep in mind Im trying to explain the settings, when to use methods to ensure
security of the module and a simple method to save user input to be
edited later.
Other settings may effect the message output also.
=cut
# Start the module
use AUBBC;
my $aubbc = new AUBBC;
examples/Database_Manipulation.cgi view on Meta::CPAN
sub saving_data {
# This is to show how to save the user input safely to your backend
# you will need to use a module like CGI or what ever is out there
# to recive the HTML form data lets say the data is in $message
# Befor the data can be saved you will have to use the script_escape method on $message
$message = $aubbc->script_escape($message);
# Then save $message to your database, extra security methods maybe required or desired
# depending on the type of backend used.......
}
sub editing_data {
# This will be a two part subroutine. This first one will get the message from
# the backend and display the data in a HTML form to be edited lets say its
# in variable $form_data
# Since this gets into sandboxing the html_to_text method you may want
examples/Database_Manipulation.cgi view on Meta::CPAN
sub editing_data2 {
# Part 2 of editing data, you will need to use a module like CGI or what ever is out there
# to recive the HTML form data
# Before the HTML form data can be saved you will have to use the script_escape
# method on the variable that holds the HTML form data lets say its $message2
$message2 = $aubbc->script_escape($message2);
# Then save it to your database, extra security methods maybe required or desired
# depending on the type of backend used.......
}
sub display_data {
# Get the data from the backend lets say we did that and its in $message3
# use do_all_ubbc on $message3 and now $message3 is ready to be printed in HTML.
$message3 = $aubbc->do_all_ubbc($message3);
# Here you would want to print the propper HTML headers and elements with $message3 in it
examples/Mixing_HTML_and_BBcode.cgi view on Meta::CPAN
=head1 ABSTRACT
Advanced Universal Bulletin Board Code a Perl BBcode API
=head1 DESCRIPTION
This is a none working file(syntax checks ok)! It discribes one way to use this module
in projects like forums, blogs, wiki's, bulletin boards or other development.
Keep in mind Im trying to explain the settings, when to use methods to ensure
security of the module and a simple method to save user input to be
edited later.
Other settings may effect the message output also.
=cut
# Start the module
use AUBBC;
my $aubbc = new AUBBC;
examples/Mixing_HTML_and_BBcode.cgi view on Meta::CPAN
# to recive the HTML form data lets say the data is in $message
# Befor the data can be saved you will have to use the script_escape method on $message
# But not on the hole $message, so I use this filter to get the <aubbc> tag
$message =~ s/(<aubbc>(?s)(.*?)<\/aubbc>)/
my $ret = $aubbc->script_escape( $2 );
$ret ? '<aubbc>'.$ret."<\/aubbc>" : $1;
/exg;
# Then save $message to your database, extra security methods maybe required or desired
# depending on the type of backend used.......
}
sub editing_data {
# This will be a two part subroutine. This first one will get the message from
# the backend and display the data in a HTML form to be edited lets say its
# in variable $form_data
# Since this gets into sandboxing the script_escape method you may want
examples/Mixing_HTML_and_BBcode.cgi view on Meta::CPAN
# to recive the HTML form data
# Before the HTML form data can be saved you will have to use the script_escape
# method with the regex on the variable that holds the HTML form data lets say its $message2
$message2 =~ s/(<aubbc>(?s)(.*?)<\/aubbc>)/
my $ret = $aubbc->script_escape( $2 );
$ret ? '<aubbc>'.$ret."<\/aubbc>" : $1;
/exg;
# Then save it to your database, extra security methods maybe required or desired
# depending on the type of backend used.......
}
sub display_data {
# Get the data from the backend lets say we did that and its in $message3
# use do_all_ubbc on $message3 and
$message3 = $aubbc->do_all_ubbc($message3);
( run in 1.199 second using v1.01-cache-2.11-cpan-39bf76dae61 )