AUBBC
view release on metacpan or search on metacpan
for_links => 0,
aubbc_escape => 1,
no_img => 0,
icon_image => 1,
image_hight => '60',
image_width => '90',
image_border => '0',
image_wrap => ' ',
href_target => ' target="_blank"',
images_url => '',
html_type => ' /',
fix_amp => 1,
line_break => '1',
code_class => '',
code_extra => '',
code_download => '^Download above code^',
href_class => '',
quote_class => '',
quote_extra => '',
script_escape => 1,
protect_email => '0',
}
sub DESTROY {
warn 'DESTROY AUBBC '.$VERSION if $DEBUG_AUBBC;
}
sub settings_prep {
$AUBBC{href_target} = $AUBBC{href_target} ? ' target="_blank"' : '';
$AUBBC{image_wrap} = $AUBBC{image_wrap} ? ' ' : '';
$AUBBC{image_border} = $AUBBC{image_border} ? '1' : '0';
$AUBBC{html_type} = $AUBBC{html_type} eq 'xhtml' || $AUBBC{html_type} eq ' /' ? ' /' : '';
}
sub settings {
my ($self,%s_hash) = @_;
foreach (keys %s_hash) {
if ('highlight_function' eq $_) {
$AUBBC{highlight} = 0;
$s_hash{$_} = check_subroutine($s_hash{$_},'');
$AUBBC{highlight_function} = $s_hash{$_} unless ! $s_hash{$_};
} else {
my $txt = shift;
warn 'ENTER code_highlight' if $DEBUG_AUBBC;
$txt =~ s/:/:/g;
$txt =~ s/\[/[/g;
$txt =~ s/\]/]/g;
$txt =~ s/\000[/[[/g;
$txt =~ s/\000]/]]/g;
$txt =~ s/\{/{/g;
$txt =~ s/\}/}/g;
$txt =~ s/%/%/g;
$txt =~ s/(?<!>)\n/<br$AUBBC{html_type}>\n/g;
if ($AUBBC{highlight}) {
warn 'ENTER block highlight' if $DEBUG_AUBBC;
$txt =~ s/\z/<br$AUBBC{html_type}>/ if $txt !~ m/<br$AUBBC{html_type}>\z/;
$txt =~ s/(<<(?:')?(\w+)(?:')?;(?s)[^\2]+\b\2\b)/<span$AUBBC{highlight_class1}>$1<\/span>/g;
$txt =~ s/(?<![\&\$])(\#.*?(?:<br$AUBBC{html_type}>))/<span$AUBBC{highlight_class2}>$1<\/span>/g;
$txt =~ s/(\bsub\b(?:\s+))(\w+)/$1<span$AUBBC{highlight_class8}>$2<\/span>/g;
$txt =~ s/(\w+(?:\->)?(?:\w+)?((?:.+?)?)(?:;)?)/<span$AUBBC{highlight_class9}>$1<\/span>/g;
$txt =~ s/((?:&)\w+;)/<span$AUBBC{highlight_class9}>$1<\/span>/g;
$txt =~ s/('(?s).*?(?<!\)')/<span$AUBBC{highlight_class3}>$1<\/span>/g;
$txt =~ s/("(?s).*?(?<!\)")/<span$AUBBC{highlight_class4}>$1<\/span>/g;
$txt =~ s/(?<![\#|\w])(\d+)(?!\w)/<span$AUBBC{highlight_class5}>$1<\/span>/g;
$txt =~
s/(|||&&|\b(?:strict|package|return|require|for|my|sub|if|eq|ne|lt|ge|le|gt|or|xor|use|while|foreach|next|last|unless|elsif|else|not|and|until|continue|do|goto)\b)/<span$AUBBC{highlight_class6}>$1<\/span>/g;
$txt =~ s/(?<!\)((?:%|\$|\@)\w+(?:(?:[.+?]|{.+?})+|))/<span$AUBBC{highlight_class7}>$1<\/span>/g;
}
$do_f[8]++;
$do_f[9] =
make_link('javascript:void(0)',$AUBBC{code_download}, "javascript:MyCodePrint('aubbcode$do_f[8]');",'');
return " id=\"aubbcode$do_f[8]\"";
} else { return ''; }
}
sub code_tag {
my ($code,$name) = @_;
if (check_access('code')) {
$name = "# $name:<br$AUBBC{html_type}>\n" if $name;
return "$name<div$AUBBC{code_class}".&code_download."><code>\n".
$AUBBC{highlight_function}->($code).
"\n</code></div>".$AUBBC{code_extra}.$do_f[9];
}
else {
return $Tag_SecLVL{code}{text};
}
}
sub make_image {
my ($align,$src,$width,$height,$alt) = @_;
my $img = "<img$align src=\"$src\"";
$img .= " width=\"$width\"" if $width;
$img .= " height=\"$height\"" if $height;
return $img." alt=\"$alt\" border=\"$AUBBC{image_border}\"$AUBBC{html_type}>";
}
sub make_link {
my ($link,$name,$javas,$targ) = @_;
my $linkd = "<a href=\"$link\"";
$linkd .= " onclick=\"$javas\"" if $javas;
$linkd .= $AUBBC{href_target} if $targ;
$linkd .= $AUBBC{href_class}.'>';
$linkd .= $name ? $name : $link;
return $linkd.'</a>';
$msg =~ s/\[(img|right_img|left_img)\](.+?)\[\/img\]/fix_image($1, $2)/ge if ! $AUBBC{no_img};
$msg =~ s/\[email\](?![\w\.\-\&\+]+\@[\w\.\-]+).+?\[\/email\]/\[<font color=red>$BAD_MESSAGE<\/font>\]email/g;
$AUBBC{protect_email}
? $msg =~ s/\[email\]([\w\.\-\&\+]+\@[\w\.\-]+)\[\/email\]/protect_email($1)/ge
: $msg =~ s/\[email\]([\w\.\-\&\+]+\@[\w\.\-]+)\[\/email\]/link_check("mailto:$1",$1,'','')/ge;
$msg =~ s/\[color=([\w#]+)\](?s)(.+?)\[\/color\]/<span style="color:$1;">$2<\/span>/g;
1 while $msg =~
s/\[quote=([\w\s]+)\](?s)(.+?)\[\/quote\]/<div$AUBBC{quote_class}><small><strong>$1:<\/strong><\/small><br$AUBBC{html_type}>
$2<\/div>$AUBBC{quote_extra}/g;
1 while $msg =~
s/\[quote\](?s)(.+?)\[\/quote\]/<div$AUBBC{quote_class}>$1<\/div>$AUBBC{quote_extra}/g;
$msg =~ s/\[(left|right|center)\](?s)(.+?)\[\/\1\]/<div style=\"text-align: $1;\">$2<\/div>/g;
$msg =~ s/\[li=(\d+)\](?s)(.+?)\[\/li\]/<li value="$1">$2<\/li>/g;
$msg =~ s/\[u\](?s)(.+?)\[\/u\]/<span style="text-decoration: underline;">$1<\/span>/g;
$msg =~ s/\[strike\](?s)(.+?)\[\/strike\]/<span style="text-decoration: line-through;">$1<\/span>/g;
$msg =~ s/\[([bh]r)\]/<$1$AUBBC{html_type}>/g;
$msg =~ s/\[list\](?s)(.+?)\[\/list\]/fix_list($1)/ge;
1 while $msg =~
s/\[(blockquote|big|h[123456]|[ou]l|li|em|pre|s(?:mall|trong|u[bp])|[bip])\](?s)(.+?)\[\/\1\]/<$1>$2<\/$1>/g;
$msg =~ s/(<\/?(?:ol|ul|li|hr)\s?\/?>)\r?\n?<br(?:\s?\/)?>/$1/g;
$msg =~ s/\[url=(\w+\:\/\/$long_regex)\](.+?)\[\/url\]/link_check($1,fix_message($2),'',1)/ge;
$msg =~ s/(?<!["=\.\/\'\[\{\;])((?:\b\w+\b\:\/\/)$long_regex)/link_check($1,$1,'',1)/ge;
}
sub link_check {
my ($link,$name,$javas,$targ) = @_;
check_access('url')
? make_link($link,$name,$javas,$targ)
: return $Tag_SecLVL{url}{text};
}
sub fix_list {
my $list = shift;
if ($list =~ m/\[\*/) {
$list =~ s/<br$AUBBC{html_type}>//g;
my $type = 'ul';
$type = 'ol' if $list =~ s/\[\*=(\d+)\]/\[\*\]$1\|/g;
my @clean = split('\[\*\]', $list);
$list = "<$type>\n";
foreach (@clean) {
if ($_ && $_ =~ s/\A(\d+)\|(?s)(.+?)/$2/) {
$list .= "<li value=\"$1\">$_<\/li>\n" if $_ !~ m/\A\r?\n?\z/;
} elsif ($_ && $_ !~ m/\A\s+|\d+\|\r?\n?\z/) {
$list .= "<li>$_<\/li>\n";
}
}
$list .= "<\/$type>";
}
return $list;
}
sub fix_image {
my ($tmp2, $tmp) = @_;
if (check_access('img')) {
if ($tmp !~ m/\A\w+:\/\/|\// || $tmp =~ m/\?|\#|\.\bjs\b\z/i) {
$tmp = "[<font color=red>$BAD_MESSAGE</font>]$tmp2";
}
if $AUBBC{protect_email} eq '2' || $AUBBC{protect_email} eq '3' || $AUBBC{protect_email} eq '4';
}
else {
return $Tag_SecLVL{url}{text};
}
}
sub js_print {
my $self = shift;
print <<JS;
Content-type: text/javascript
/*
AUBBC v$VERSION
JS
print <<'JS';
Fully supports dynamic view in XHTML.
*/
function MyEmCode (type, content) {
var returner = false;
if (type == 4) {
var farray= new Array(content.length,1);
for(farray[1];farray[1]<farray[0];farray[1]++) { returner+=String.fromCharCode(content[farray[1]].charCodeAt(0)^content[farray[1]-1]);farray[1]++; }
} else if (type == 3) {
for (i = 0; i < content.length; i++) { returner+=String.fromCharCode(content[i]); }
} else if (type == 2) { returner=content; }
if (returner) { window.location='mailto:'+returner; }
}
function MyCodePrint (input) {
if (input && document.getElementById(input)) {
var TheCode = document.getElementById(input).innerHTML;
TheCode = TheCode.replace(/<([^br<]+|\/?[puib])>/ig, "");
codewin = window.open("", input, "width=800,height=600,resizable=yes,menubar=yes,scrollbars=yes");
top.codewin.document.write("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">\n"+
"<html>\n<head>\n<title>MyCodePrint</title>\n"+
? return \&{$name}
: return '';
}
sub add_build_tag {
my ($self,%NewTag) = @_;
warn 'ENTER add_build_tag' if $DEBUG_AUBBC;
$NewTag{function2} = $NewTag{function} || 'undefined!';
$NewTag{function} = check_subroutine($NewTag{function},'')
if $NewTag{type} ne '4';
$self->aubbc_error("Usage: add_build_tag - function 'Undefined subroutine' => $NewTag{function2}")
if ! $NewTag{function};
if ($NewTag{function}) {
$NewTag{pattern} = 'l' if $NewTag{type} eq '3' || $NewTag{type} eq '4';
if ($NewTag{type} && $NewTag{name} =~ m/\A[\w\-]+\z/ && $NewTag{pattern} =~ m/\A[lns_:\-,]+|all\z/) {
if ($NewTag{pattern} eq 'all') {
$NewTag{pattern} = '^\[|\]';
}
else {
my @pat_split = ();
my %is_pat = ('l' => 'a-z', 'n' => '\d', '_' => '\_', ':' => '\:', 's' => '\s', '-' => '\-');
@pat_split = split /\,/, $NewTag{pattern};
$NewTag{pattern} = '';
$NewTag{pattern} .= $is_pat{$_} || '' foreach @pat_split;
}
$Build_AUBBC{$NewTag{name}} = [$NewTag{pattern}, $NewTag{type}, $NewTag{function}];
$NewTag{level} ||= 0;
$NewTag{error} ||= $BAD_MESSAGE;
$Tag_SecLVL{$NewTag{name}} = {level => $NewTag{level}, text => $NewTag{error},};
$do_f[5] = 1 if !$do_f[5];
warn 'Added Build_AUBBC Tag '.$Build_AUBBC{$NewTag{name}} if $DEBUG_AUBBC && $Build_AUBBC{$NewTag{name}};
}
else {
$self->aubbc_error('Usage: add_build_tag - Bad name or pattern format');
}
}
}
sub remove_build_tag {
my ($self,$name,$type) = @_;
warn 'ENTER remove_build_tag' if $DEBUG_AUBBC;
delete $Build_AUBBC{$name} if exists $Build_AUBBC{$name} && !$type; # clear one
%Build_AUBBC = () if $type && !$name; # clear all
}
sub do_unicode{
warn 'ENTER do_unicode' if $DEBUG_AUBBC;
$msg =~ s/\[utf:\/\/(\#?\w+)\]/&$1;/g;
}
sub do_smileys {
warn 'ENTER do_smileys' if $DEBUG_AUBBC;
$msg =~
}
$text =~ s/"/"/g;
$text =~ s/</</g;
$text =~ s/>/>/g;
$text =~ s/'/'/g;
$text =~ s/\)/)/g;
$text =~ s/\(/(/g;
$text =~ s/\\/\/g;
$text =~ s/\|/|/g;
! $option && $AUBBC{line_break} eq '2'
? $text =~ s/\n/<br$AUBBC{html_type}>/g
: $text =~ s/\n/<br$AUBBC{html_type}>\n/g if !$option && $AUBBC{line_break} eq '1';
return $text;
}
}
sub html_to_text {
my ($self, $html, $option) = @_;
warn 'ENTER html_to_text' if $DEBUG_AUBBC;
$html = '' unless defined $html;
if ($html) {
$html =~ s/&/&/g;
shakaflex [at] gmail.com
http://search.cpan.org/~sflex/
http://aubbc.googlecode.com/
Development Notes: Highlighting functions list and tags/commands for more
language highlighters. Ideas make some new tags like [perl] or have a command in the code
tag like [code]perl:print 'perl';[/code] with a default highlighting method if
a command was not used. Then highlighting of many types of code could be allowed
even markup like HTML.
Notes: This code has a lot of settings and works good
with most default settings see the POD and example files
in the archive for usage.
=head1 NAME
AUBBC
9) Fully customizable settings.
The advantage of using this BBcode is to have the piece of mind of using a secure program,
to restrict the usage of HTML/XHTML elements and to make formatting of posts easy to people that have no HTML/XHTML skill.
Most sites that use these tags show a list of them and/or easy way to insert the tags to the form field by the user.
The [c] or code tags can highlight Perl code, highlighting the Perl code with CSS in HTML/XHTML,
and in the examples folder the tag_list.cgi file has a CSS code you could work from and now a setting to change to a costume highlighter function.
This module addresses many security issues the BBcode tags may have mainly cross site script also known as XSS.
Each message is escaped before it gets returned if script_escape is Enabled and checked for many types of security problems before that tag converts to HTML/XHTML.
The script_escape setting and method also converts the ' sign so the text can be stored in a SQL back-end.
Most of the free web portals use the | sign as the delimiter for the flat file database, the script_escape setting and method also converts that sign so the structure of the database is retained.
Allows easy conversion to HTML and XHTML, existing tags will convert to the HTML type set.
If there isn't a popular tag available this module provides a method to "Build your own tags" custom tags can help link to parts of the current web page, other web pages and add other HTML elements.
=cut
9) Fully customizable settings.
The advantage of using this BBcode is to have the piece of mind of using a secure program,
to restrict the usage of HTML/XHTML elements and to make formatting of posts easy to people that have no HTML/XHTML skill.
Most sites that use these tags show a list of them and/or easy way to insert the tags to the form field by the user.
The [c] or code tags can highlight Perl code, highlighting the Perl code with CSS in HTML/XHTML,
and in the examples folder the tag_list.cgi file has a CSS code you could work from and now a setting to change to a costume highlighter function.
This module addresses many security issues the BBcode tags may have mainly cross site script also known as XSS.
Each message is escaped before it gets returned if script_escape is Enabled and checked for many types of security problems before that tag converts to HTML/XHTML.
The script_escape setting and method also converts the ' sign so the text can be stored in a SQL back-end.
Most of the free web portals use the | sign as the delimiter for the flat file database, the script_escape setting and method also converts that sign so the structure of the database is retained.
Allows easy conversion to HTML and XHTML, existing tags will convert to the HTML type set.
If there isn't a popular tag available this module provides a method to "Build your own tags" custom tags can help link to parts of the current web page, other web pages and add other HTML elements.
=head1 Security
Security advice to ensure the proper usage of this module.
=head2 Database Manipulation
The default settings of AUBBC.pm is not good for most forums, blogs, wiki's and bulletin boards
because by default AUBBC should work and be secure. The other reason is these programs will want some
of the user input editable and portable.
For editing and portability purposes you would want to retain the tags or user input as they typed it,
but always use the script_escape before saving to a back-end. This will allow you to change the settings
of AUBBC on the fly so the tags remain portable to setting changes.
The script_escape filter is vital to security for many reasons and provides a standard format for other
methods of AUBBC. There is a file in the examples folder called Database_Manipulation.pm that try's to explain what settings
to change and how to stay safe.
=head2 Mixing HTML and BBcode
Since the script_escape method will disable HTML and JavaScript, I came up with a way
to mix the two. The recommended use of mixing is for Administrator's of the program only,
level - the array number of the security level
text - the text or HTML to show if user has no access
Build your own tags has 2 new variables now:
$aubbc->add_build_tag(
name => 'ok',
pattern => 'l,s',
type => 1,
function => 'My_Message::check_ok_tag',
level => 3,
error => 'register to see this',
);
level - the array number of the security level
error - the text or HTML to show if user has no access
For the build tags leaving the variables blank will default level to 0 and
This is the link to your images folder and is only used for Smilies.
For the smileis to work you must provide a URL.
example:
smilies must be in /smilies folder
the images_url link must have the /smilies folder in it and not point directly to /smilies.
=head2 html_type
Default is 'html' and the only other support is 'xhtml'
=head2 fix_amp
Default is 1 Enabled and the only other setting is 0 to Disable.
This setting finds all the & that need to covert to the amp; html code name
so the w3c xhtml validation checks ok.
=head2 line_break
=head2 protect_email
Default is 1 and other possible values are (0, 2, 3, 4).
Can add a protection to hide emails in the [email] tag from email harvesters.
Not 100% fool proof.
0 - has no type of protection.
1 - uses unicode type protection.
2 - Javascript and unicode type protection.
3 - Javascript and unicode type protection.
4 - Javascript encryption
The settings 2, 3 and 4 require the JavaScript function in the js_print method of
this module. js_print can be used directly and it will print out the proper file
headers for a browser to know its a JavaScript file.
=head2 email_message
The way you use this smiley is [lol]
Must have the images_url set to the proper location.
images_url/smilies/lol.gif
=head1 Build your own tags
These are the settings and methods for using custom tags.
=head2 $aubbc->add_build_tag(name=>'stuff', pattern=>'stuff' , type=>'stuff', function=>'stuff',...);
name - will be the tags name and is limited to a-z 0-9 - _
pattern - limited to 'all' or 'l,n,-,:,_,s'
'all' = anything but [ or ]
'l' = 'a-z'
'n' = '0-9'
's' = ' '
'-' = '-'
':' = ':'
'_' = '_'
type - 1 is style [name://pattern], 2 is style [name]pattern[/name], 3 is style [name],
the next setting for type the function will not be used to run Perl subroutines and
will replace the text with what text is defined in the function setting, the setting is
type 4 this will use style [name] but will work different then the other built settings
see function below on how type 4 works
function - a pre-defined subroutine that receives the matched pattern, tag name and returns what you want,
unless type is set to 4 then it will replace the tag with what text is in the function.
Note: if the function returns undefined, '' or 0 the tag will not be changed.
level - the array number of the security level
error - the text or HTML to show if user has no access
Note: For the build tags leaving the variables blank will default level to 0 and
error to the $AUBBC::BAD_MESSAGE string.
Usage:
package My_Message;
use AUBBC;
my $aubbc = AUBBC->new();
$aubbc->add_build_tag(
name => 'ok',
pattern => 'l,s',
type => 1,
function => 'My_Message::check_ok_tag',
);
$aubbc->add_build_tag(
name => 'ip',
pattern => '',
type => 3,
function => 'My_Message::get_some_tag',
);
$aubbc->add_build_tag(
name => 'agent',
pattern => '',
type => 3,
function => 'My_Message::get_some_tag',
);
$aubbc->add_build_tag(
name => 'hello',
pattern => '',
type => 4,
function => 'Hello World!',
);
my $message = '[ok://test me] [ok://test other] [ok://n0 w00rk] [ip] [agent] [hello]';
$message = $aubbc->do_all_ubbc($message);
print $message;
sub check_ok_tag {
my ($tag_name, $text_from_AUBBC) = @_;
Fixed - The element ID for the code download started at 1 for every instance this
will force the browser to take priority to load the first ID it reads. The fix
starts the counter at 'time.$$.000' to try to produce a more unique ID for each
instance.
Fixed - under the code tag in do_ubbc line " $do_f[8] = '' if $do_f[8]; "
should have been $do_f[9] = '' if $do_f[9];
v4.01 - 11/08/2010
Fixed - Bug that converts the true text typed to the HTML code name.
All parts of the module where effected by this bug, in the code tag if the
author ment & #59 ; it would show ; . This also caused a long standing bug with
typing any HTML code name and saving it to a backend.
this fix removes the HTML code name regex in do_unicode and had to add/move two
filters in "script_escape to conver the & to an amp and ; to #59;" and
"html_to_text to conver amp to & and #59 to ;". This fix also helped in allowing
the regex's for highlighting subroutines to be made.
Fixed - had to add a null byte marker to escape_aubbc so the code tag's
highlighter can detect the escaped character and change it back. In do_all_ubbc
of all the Perl BBcode modules. BBCode::Parser Parse::BBCode HTML::BBCode HTML::BBReverse
Fixed - fixed a line break and new line sandbox bug
Improvement - Massive speed improvement to the hole module and no features lost.
changed new for faster loading, the module uses vars for some variables,
re-spaced the hole code.
v2.10 - 08/31/2010 11:17:13
Addition - adding type 4 to add_build_tag this will use style 3 but will work
different then the other built functions. Type 4 will print the text defined in
function and not point to a defined Perl subroutine.
Addition - added line_break setting to have control over the script_escape and
html_to_text methods converting html line break <br> and new line \n
Addition - added fix_amp this setting finds all the & that need to covert to the amp; html code name
so the w3c xhtml validation checks ok.
Addition - added no_img this setting will allow some control for using [img] tags
for security reasons
Fixed - bug in settings_prep when a setting gets changed html_type could change
Fixed - Better support for XHTML 1.0 Strict for some tags having issues in do_ubbc
Fixed - in do_ubbc the [url] tag produces a bug if a link is used as a name
the fix converts the period and/or colon of the name so its not seen as a new
link.
Improvement - in do_unicode removed then changed the two regexs to do a 3 in 1 filter.
Improvement - in html_to_text added a code to fix a <br> bug if ppl use html or xhtml line break.
All tags in %AUBBC_TAGS will only convert if lowercase.
"new" now uses the most standard referenced object method.
Removed DOS_prevent() method, since the script has been tested more and was causing a timing problem.
Removed [cd]#code[/cd] code tag, which had no code_class or code_extra.
Commented bad_pattern check for [email] tags, this security check is not needed because the next line will take care of all email tag security.
Added missing $AUBBC{image_border}, $AUBBC{html_type} and $AUBBC{image_wrap} to the none icon image.
Changed names of left and right align images to [left_img]..[/img] and [right_img]..[/img], also updated examples to show tags.
Added missing $AUBBC{html_type} to quote, code tags and code_highlight function.
v1.0 01/20/2008 08:46:08
Released.
=head1 COPYLEFT
AUBBC.pm, v4.06 - 04/12/2011 By: N.K.A.
Advanced Universal Bulletin Board Code a Perl BBcode API
shakaflex [at] gmail.com
http://search.cpan.org/~sflex/
http://aubbc.googlecode.com/
Development Notes: Highlighting functions list and tags/commands for more
language highlighters. Ideas make some new tags like [perl] or have a command in the code
tag like [code]perl:$some ='perl';[/code] with a default highlighting method if
a command was not used. Then highlighting of many types of code could be allowed
even markup like HTML.
Notes: This code has a lot of settings and works good
with most default settings see the POD and example files
in the archive for usage.
=cut
Fixed - The element ID for the code download started at 1 for every instance this
will force the browser to take priority to load the first ID it reads. The fix
starts the counter at 'time.$$.000' to try to produce a more unique ID for each
instance.
Fixed - under the code tag in do_ubbc line " $do_f[8] = '' if $do_f[8]; "
should have been $do_f[9] = '' if $do_f[9];
v4.01 - 11/08/2010
Fixed - Bug that converts the true text typed to the HTML code name.
All parts of the module where effected by this bug, in the code tag if the
author ment & #59 ; it would show ; . This also caused a long standing bug with
typing any HTML code name and saving it to a backend.
this fix removes the HTML code name regex in do_unicode and had to add/move two
filters in "script_escape to conver the & to an amp and ; to #59;" and
"html_to_text to conver amp to & and #59 to ;". This fix also helped in allowing
the regex's for highlighting subroutines to be made.
Fixed - had to add a null byte marker to escape_aubbc so the code tag's
highlighter can detect the escaped character and change it back. In do_all_ubbc
of all the Perl BBcode modules. BBCode::Parser Parse::BBCode HTML::BBCode HTML::BBReverse
Fixed - fixed a line break and new line sandbox bug
Improvement - Massive speed improvement to the hole module and no features lost.
changed new for faster loading, the module uses vars for some variables,
re-spaced the hole code.
v2.10 - 08/31/2010 11:17:13
Addition - adding type 4 to add_build_tag this will use style 3 but will work
different then the other built functions. Type 4 will print the text defined in
function and not point to a defined Perl subroutine.
Addition - added line_break setting to have control over the script_escape and
html_to_text methods converting html line break <br> and new line \n
Addition - added fix_amp this setting finds all the & that need to covert to the amp; html code name
so the w3c xhtml validation checks ok.
Addition - added no_img this setting will allow some control for using [img] tags
for security reasons
Fixed - bug in settings_prep when a setting gets changed html_type could change
Fixed - Better support for XHTML 1.0 Strict for some tags having issues in do_ubbc
Fixed - in do_ubbc the [url] tag produces a bug if a link is used as a name
the fix converts the period and/or colon of the name so its not seen as a new
link.
Improvement - in do_unicode removed then changed the two regexs to do a 3 in 1 filter.
Improvement - in html_to_text added a code to fix a <br> bug if ppl use html or xhtml line break.
All tags in %AUBBC_TAGS will only convert if lowercase.
"new" now uses the most standard referenced object method.
Removed DOS_prevent() method, since the script has been tested more and was causing a timing problem.
Removed [cd]#code[/cd] code tag, which had no code_class or code_extra.
Commented bad_pattern check for [email] tags, this security check is not needed because the next line will take care of all email tag security.
Added missing $AUBBC{image_border}, $AUBBC{html_type} and $AUBBC{image_wrap} to the none icon image.
Changed names of left and right align images to [left_img]..[/img] and [right_img]..[/img], also updated examples to show tags.
Added missing $AUBBC{html_type} to quote, code tags and code_highlight function.
v1.0 01/20/2008 08:46:08
Released.
9) Fully customizable settings.
The advantage of using this BBcode is to have the piece of mind of using a secure program,
to restrict the usage of HTML/XHTML elements and to make formatting of posts easy to people that have no HTML/XHTML skill.
Most sites that use these tags show a list of them and/or easy way to insert the tags to the form field by the user.
The [c] or code tags can highlight Perl code, highlighting the Perl code with CSS in HTML/XHTML,
and in the examples folder the tag_list.cgi file has a CSS code you could work from and now a setting to change to a costume highlighter function.
This module addresses many security issues the BBcode tags may have mainly cross site script also known as XSS.
Each message is escaped before it gets returned if script_escape is Enabled and checked for many types of security problems before that tag converts to HTML/XHTML.
The script_escape setting and method also converts the ' sign so the text can be stored in a SQL back-end.
Most of the free web portals use the | sign as the delimiter for the flat file database, the script_escape setting and method also converts that sign so the structure of the database is retained.
Allows easy conversion to HTML and XHTML, existing tags will convert to the HTML type set.
If there isn't a popular tag available this module provides a method to "Build your own tags" custom tags can help link to parts of the current web page, other web pages and add other HTML elements.
=head1 Security
Security advice to ensure the proper usage of this module.
=head2 Database Manipulation
The default settings of AUBBC.pm is not good for most forums, blogs, wiki's and bulletin boards
because by default AUBBC should work and be secure. The other reason is these programs will want some
of the user input editable and portable.
For editing and portability purposes you would want to retain the tags or user input as they typed it,
but always use the script_escape before saving to a back-end. This will allow you to change the settings
of AUBBC on the fly so the tags remain portable to setting changes.
The script_escape filter is vital to security for many reasons and provides a standard format for other
methods of AUBBC. There is a file in the examples folder called Database_Manipulation.pm that try's to explain what settings
to change and how to stay safe.
=head2 Mixing HTML and BBcode
Since the script_escape method will disable HTML and JavaScript, I came up with a way
to mix the two. The recommended use of mixing is for Administrator's of the program only,
level - the array number of the security level
text - the text or HTML to show if user has no access
Build your own tags has 2 new variables now:
$aubbc->add_build_tag(
name => 'ok',
pattern => 'l,s',
type => 1,
function => 'My_Message::check_ok_tag',
level => 3,
error => 'register to see this',
);
level - the array number of the security level
error - the text or HTML to show if user has no access
For the build tags leaving the variables blank will default level to 0 and
This is the link to your images folder and is only used for Smilies.
For the smileis to work you must provide a URL.
example:
smilies must be in /smilies folder
the images_url link must have the /smilies folder in it and not point directly to /smilies.
=head2 html_type
Default is 'html' and the only other support is 'xhtml'
=head2 fix_amp
Default is 1 Enabled and the only other setting is 0 to Disable.
This setting finds all the & that need to covert to the amp; html code name
so the w3c xhtml validation checks ok.
=head2 line_break
=head2 protect_email
Default is 1 and other possible values are (0, 2, 3, 4).
Can add a protection to hide emails in the [email] tag from email harvesters.
Not 100% fool proof.
0 - has no type of protection.
1 - uses unicode type protection.
2 - Javascript and unicode type protection.
3 - Javascript and unicode type protection.
4 - Javascript encryption
The settings 2, 3 and 4 require the JavaScript function in the js_print method of
this module. js_print can be used directly and it will print out the proper file
headers for a browser to know its a JavaScript file.
=head2 email_message
The way you use this smiley is [lol]
Must have the images_url set to the proper location.
images_url/smilies/lol.gif
=head1 Build your own tags
These are the settings and methods for using custom tags.
=head2 $aubbc->add_build_tag(name=>'stuff', pattern=>'stuff' , type=>'stuff', function=>'stuff',...);
name - will be the tags name and is limited to a-z 0-9 - _
pattern - limited to 'all' or 'l,n,-,:,_,s'
'all' = anything but [ or ]
'l' = 'a-z'
'n' = '0-9'
's' = ' '
'-' = '-'
':' = ':'
'_' = '_'
type - 1 is style [name://pattern], 2 is style [name]pattern[/name], 3 is style [name],
the next setting for type the function will not be used to run Perl subroutines and
will replace the text with what text is defined in the function setting, the setting is
type 4 this will use style [name] but will work different then the other built settings
see function below on how type 4 works
function - a pre-defined subroutine that receives the matched pattern, tag name and returns what you want,
unless type is set to 4 then it will replace the tag with what text is in the function.
Note: if the function returns undefined, '' or 0 the tag will not be changed.
level - the array number of the security level
error - the text or HTML to show if user has no access
Note: For the build tags leaving the variables blank will default level to 0 and
error to the $AUBBC::BAD_MESSAGE string.
Usage:
package My_Message;
use AUBBC;
my $aubbc = AUBBC->new();
$aubbc->add_build_tag(
name => 'ok',
pattern => 'l,s',
type => 1,
function => 'My_Message::check_ok_tag',
);
$aubbc->add_build_tag(
name => 'ip',
pattern => '',
type => 3,
function => 'My_Message::get_some_tag',
);
$aubbc->add_build_tag(
name => 'agent',
pattern => '',
type => 3,
function => 'My_Message::get_some_tag',
);
$aubbc->add_build_tag(
name => 'hello',
pattern => '',
type => 4,
function => 'Hello World!',
);
my $message = '[ok://test me] [ok://test other] [ok://n0 w00rk] [ip] [agent] [hello]';
$message = $aubbc->do_all_ubbc($message);
print $message;
sub check_ok_tag {
my ($tag_name, $text_from_AUBBC) = @_;
Fixed - The element ID for the code download started at 1 for every instance this
will force the browser to take priority to load the first ID it reads. The fix
starts the counter at 'time.$$.000' to try to produce a more unique ID for each
instance.
Fixed - under the code tag in do_ubbc line " $do_f[8] = '' if $do_f[8]; "
should have been $do_f[9] = '' if $do_f[9];
v4.01 - 11/08/2010
Fixed - Bug that converts the true text typed to the HTML code name.
All parts of the module where effected by this bug, in the code tag if the
author ment & #59 ; it would show ; . This also caused a long standing bug with
typing any HTML code name and saving it to a backend.
this fix removes the HTML code name regex in do_unicode and had to add/move two
filters in "script_escape to conver the & to an amp and ; to #59;" and
"html_to_text to conver amp to & and #59 to ;". This fix also helped in allowing
the regex's for highlighting subroutines to be made.
Fixed - had to add a null byte marker to escape_aubbc so the code tag's
highlighter can detect the escaped character and change it back. In do_all_ubbc
of all the Perl BBcode modules. BBCode::Parser Parse::BBCode HTML::BBCode HTML::BBReverse
Fixed - fixed a line break and new line sandbox bug
Improvement - Massive speed improvement to the hole module and no features lost.
changed new for faster loading, the module uses vars for some variables,
re-spaced the hole code.
v2.10 - 08/31/2010 11:17:13
Addition - adding type 4 to add_build_tag this will use style 3 but will work
different then the other built functions. Type 4 will print the text defined in
function and not point to a defined Perl subroutine.
Addition - added line_break setting to have control over the script_escape and
html_to_text methods converting html line break <br> and new line \n
Addition - added fix_amp this setting finds all the & that need to covert to the amp; html code name
so the w3c xhtml validation checks ok.
Addition - added no_img this setting will allow some control for using [img] tags
for security reasons
Fixed - bug in settings_prep when a setting gets changed html_type could change
Fixed - Better support for XHTML 1.0 Strict for some tags having issues in do_ubbc
Fixed - in do_ubbc the [url] tag produces a bug if a link is used as a name
the fix converts the period and/or colon of the name so its not seen as a new
link.
Improvement - in do_unicode removed then changed the two regexs to do a 3 in 1 filter.
Improvement - in html_to_text added a code to fix a <br> bug if ppl use html or xhtml line break.
All tags in %AUBBC_TAGS will only convert if lowercase.
"new" now uses the most standard referenced object method.
Removed DOS_prevent() method, since the script has been tested more and was causing a timing problem.
Removed [cd]#code[/cd] code tag, which had no code_class or code_extra.
Commented bad_pattern check for [email] tags, this security check is not needed because the next line will take care of all email tag security.
Added missing $AUBBC{image_border}, $AUBBC{html_type} and $AUBBC{image_wrap} to the none icon image.
Changed names of left and right align images to [left_img]..[/img] and [right_img]..[/img], also updated examples to show tags.
Added missing $AUBBC{html_type} to quote, code tags and code_highlight function.
v1.0 01/20/2008 08:46:08
Released.
=head1 COPYLEFT
AUBBC.pm, v4.06 - 04/12/2011 By: N.K.A.
Advanced Universal Bulletin Board Code a Perl BBcode API
shakaflex [at] gmail.com
http://search.cpan.org/~sflex/
http://aubbc.googlecode.com/
Development Notes: Highlighting functions list and tags/commands for more
language highlighters. Ideas make some new tags like [perl] or have a command in the code
tag like [code]perl:$some ='perl';[/code] with a default highlighting method if
a command was not used. Then highlighting of many types of code could be allowed
even markup like HTML.
Notes: This code has a lot of settings and works good
with most default settings see the POD and example files
in the archive for usage.
=cut
examples/Database_Manipulation.cgi view on Meta::CPAN
sub saving_data {
# This is to show how to save the user input safely to your backend
# you will need to use a module like CGI or what ever is out there
# to recive the HTML form data lets say the data is in $message
# Befor the data can be saved you will have to use the script_escape method on $message
$message = $aubbc->script_escape($message);
# Then save $message to your database, extra security methods maybe required or desired
# depending on the type of backend used.......
}
sub editing_data {
# This will be a two part subroutine. This first one will get the message from
# the backend and display the data in a HTML form to be edited lets say its
# in variable $form_data
# Since this gets into sandboxing the html_to_text method you may want
# to play with settings for other view's or can skip the form feilds sandboxing
examples/Database_Manipulation.cgi view on Meta::CPAN
sub editing_data2 {
# Part 2 of editing data, you will need to use a module like CGI or what ever is out there
# to recive the HTML form data
# Before the HTML form data can be saved you will have to use the script_escape
# method on the variable that holds the HTML form data lets say its $message2
$message2 = $aubbc->script_escape($message2);
# Then save it to your database, extra security methods maybe required or desired
# depending on the type of backend used.......
}
sub display_data {
# Get the data from the backend lets say we did that and its in $message3
# use do_all_ubbc on $message3 and now $message3 is ready to be printed in HTML.
$message3 = $aubbc->do_all_ubbc($message3);
# Here you would want to print the propper HTML headers and elements with $message3 in it
# or return the variable, how ever you want to make it!!
examples/Mixing_HTML_and_BBcode.cgi view on Meta::CPAN
# Befor the data can be saved you will have to use the script_escape method on $message
# But not on the hole $message, so I use this filter to get the <aubbc> tag
$message =~ s/(<aubbc>(?s)(.*?)<\/aubbc>)/
my $ret = $aubbc->script_escape( $2 );
$ret ? '<aubbc>'.$ret."<\/aubbc>" : $1;
/exg;
# Then save $message to your database, extra security methods maybe required or desired
# depending on the type of backend used.......
}
sub editing_data {
# This will be a two part subroutine. This first one will get the message from
# the backend and display the data in a HTML form to be edited lets say its
# in variable $form_data
# Since this gets into sandboxing the script_escape method you may want
# to play with settings for other view's or can skip the form feilds sandboxing
examples/Mixing_HTML_and_BBcode.cgi view on Meta::CPAN
# Before the HTML form data can be saved you will have to use the script_escape
# method with the regex on the variable that holds the HTML form data lets say its $message2
$message2 =~ s/(<aubbc>(?s)(.*?)<\/aubbc>)/
my $ret = $aubbc->script_escape( $2 );
$ret ? '<aubbc>'.$ret."<\/aubbc>" : $1;
/exg;
# Then save it to your database, extra security methods maybe required or desired
# depending on the type of backend used.......
}
sub display_data {
# Get the data from the backend lets say we did that and its in $message3
# use do_all_ubbc on $message3 and
$message3 = $aubbc->do_all_ubbc($message3);
# Before you print we want to remove the <aubbc> home made element
examples/tag_list.cgi view on Meta::CPAN
use strict;
use warnings;
#use lib '../';
use AUBBC;
my $aubbc = AUBBC->new();
# Change some default settings
$aubbc->settings(
protect_email => 4,
html_type => 'xhtml',
code_class => ' class="codepost"',
code_extra => '<div style="clear: left"> </div>',
quote_class => ' class="quote"',
quote_extra => '<div style="clear: left"> </div>',
highlight_class1 => ' class="highlightclass1"',
highlight_class2 => ' class="highlightclass2"',
highlight_class3 => ' class="highlightclass1"',
highlight_class4 => ' class="highlightclass1"',
highlight_class5 => ' class="highlightclass5"',
highlight_class6 => ' class="highlightclass6"',
highlight_class7 => ' class="highlightclass7"',
highlight_class8 => ' class="highlightclass5"',
highlight_class9 => ' class="highlightclass5"',
);
# Add some tags to Build tags
foreach my $tag (('cpan','google','wikisource','ws','wikiquote','wq','wikibooks','wb','wikipedia','wp')) {
$aubbc->add_build_tag(
name => $tag,
pattern => 'all',
type => 1,
function =>'main::other_sites',
);
}
$aubbc->add_build_tag(
name => 'time',
pattern => '',
type => 3,
function => 'main::other_sites',
);
# This is so eather the print_list sub will run or the js_print
# if this file was ran on a web server
$ENV{'QUERY_STRING'}
? $aubbc->js_print()
: print_list->();
sub print_list {
examples/tag_list.cgi view on Meta::CPAN
[[ws://Wikisource:About_Wikisource] or [wikisource://Wikisource:About_Wikisource] Wikisource[br]
[[cpan://Cpan] = [cpan://Cpan] Cpan Module Search[br]
[[time] = [time]
HTML
# replace the list with any error that may happen
$message = $aubbc->aubbc_error()
? $aubbc->aubbc_error()
: $aubbc->do_all_ubbc($message);
print "Content-type: text/html\n\n";
print <<HTML;
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>AUBBC.pm Tag List</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
</head>
<body>
<script type="text/javascript" src="?js_print">
</script>
<style type="text/css">
.codepost {
background-color: #ffffff;
width: 80%;
height: auto;
white-space: nowrap;
overflow: scroll;
padding-left: 2px;
padding-bottom: 5px;
margin: 0;
top: 0;
use AUBBC;
$aubbc = new AUBBC;
{
# did it load?
#$aubbc = ''; # main reinforce failure
$aubbc
? print $msg{1} . "$count\n"
: print $msg{2} . "$count\n";
$aubbc->settings(html_type => 'xhtml') if $aubbc;
$message = $aubbc->do_all_ubbc($message) if $aubbc;
$setting = $aubbc->get_setting('html_type') if $aubbc;
$Current_version = $aubbc->version() if $aubbc;
$count++;
# did it convert?
#$message .= ']'; # reinforce failure
$message !~ m/[\[\]\:]+/
? print $msg{1} . "$count\n"
: print $msg{2} . "$count\n";
}
( run in 2.402 seconds using v1.01-cache-2.11-cpan-7fcb06a456a )