jBBCode icon indicating copy to clipboard operation
jBBCode copied to clipboard

Published 20 hours ago verified publisher icon jbowens

Tags with setOptionValidator do not run uppercase tags through the validator.

Open BenFenner opened this issue 7 months ago • 3 comments

Steps to reproduce:

  1. Have these code definitions set in DefaultCodeDefinitionSet.php:
    // [color] color tag
    $builder = new CodeDefinitionBuilder('color', '<span style="color:{option}">{param}</span>');
    $builder->setUseOption(TRUE)->setOptionValidator(new \JBBCode\validators\CssColorValidator());
    array_push($this->definitions, $builder->build());

    // [size=3] font size tag
    $builder = new CodeDefinitionBuilder('size', '<font size="{option}">{param}</font>');
    $builder->setUseOption(TRUE)->setParseContent(TRUE)->setOptionValidator(new \JBBCode\validators\FontSizeValidator());
    array_push($this->definitions, $builder->build());
  1. Have these validators: CssColorValidator.php
<?php

namespace JBBCode\validators;

require_once dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR . 'InputValidator.php';

/**
 * An InputValidator for CSS color values. This is a very rudimentary
 * validator. It will allow a lot of color values that are invalid. However,
 * it shouldn't allow any invalid color values that are also a security
 * concern.
 *
 * @author jbowens
 * @since May 2013
 */
class CssColorValidator implements \JBBCode\InputValidator
{

  /**
   * Returns true if $input uses only valid CSS color value
   * characters.
   *
   * @param $input  the string to validate
   */
  public function validate($input) {
    return (bool) preg_match('/^[A-z0-9\-#., ()%]+$/', $input);
  }
}

FontSizeValidator.php

<?php

  namespace JBBCode\validators;

  require_once dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR . 'InputValidator.php';

  /**
   * An InputValidator for font size values.
   */
  class FontSizeValidator implements \JBBCode\InputValidator {

    /**
     * Returns true if $input uses a valid font size value.
     *
     * @param $input  the string to validate
     */
    public function validate($input) {
      return (bool) in_array($input, array(1, 2, 3, 4, 5, 6, 7));
    }
  }
  1. Place text like this in an appropriate test input:
[SIZE="8"]Uppercase SIZE "8"[/SIZE]
[size="8"]Lowercase SIZE "8"[/size]

[COLOR="!@$%^"]Uppercase COLOR !@$%^[/COLOR]
[color="!@$%^"]Lowercase COLOR !@$%^[/color]
  1. Notice this inconsistent output:
<font size="8">Uppercase SIZE "8"</font><br>
[size=8]Lowercase SIZE "8"[/size]<br>
<br>
<span style="color:!@$%^">Uppercase COLOR !@$%^</span><br>
[color=!@$%^]Lowercase COLOR !@$%^[/color]

BenFenner avatar Mar 19 '25 16:03 BenFenner