Question for Phineus -URGENT-

[dseduwsegcd]

I would have registered to pm you, but it seems that there is a problem with your code (or it could be my incompetence).

Here's my question:

You posted on phpbb.com http://www.phpbb.com/phpBB/viewtopic.ph ... characters
with a question that never got resolved. Have you since figured it out? I have the EXACT same problem, and I really want to know why the conversion from < to < happens some of the time and not other times.

Thanks

[Phineus]

Posting here is okay. However, I have not tracked down this problem. Unfortunately, I have not yet found, or even looked for, the functions that control html. As of this moment, my working theory is that nested tags such as 'javascript' or 'style' are not recognized and so the effort to convert to html is rejected. If or when I ever do get to this, I will post a follow up in that thread. Sorry I don't have more.

[Guest]

Well thanks at least for your working theory. I'm going to hunt down whatever I can find (looking through posting.php first). I'll get back to you if I figure out anything conclusively

[Guest]

I didn't even think it would be in the code [:P]

It turns out that posting.php calls to a function called message_prepare() which happens to be located in functions_post.php in the includes folder. After some snooping in there I found the function that bands all the style parameters and onclick, onmousemove, onload stuff:

Code: Select all

$tagallowed = (preg_match('#^<\/?' . $match_tag . ' .*?(style[ ]*?=|on[\w]+[ ]*?=)#i', $hold_string)) ? false : true;

I guess that is pretty smart of them, eh? You can delete this post or move it if you want to. I'm done

Thanks or heading me down the right path!

[Phineus]

Glad to help. Now I'll have to begin looking into this all over again ;-)