|Sending a preg replace replacement value to a function|
$replace = array(
'<a href="' . check_url('$1') . '">$2</a>',
'<a href="' . check_url('$1') . '">' . check_url('$1') . '</a>',
'<img src="' . check_img('$1') . '" />',
There's the relevant area of the code, can anyone help?
Since variables beginning with numbers are reserved for regular expression purposes, you can't pass them to a function and use it as a replacement string.
The ones which aren't passed to a function (i.e. <strong>$1</strong>) are working as expected, right?
EDIT: The reason "$1" is being passed to the function is because you have it quoted. Since PHP doesn't allow variables beginning with numbers, it assumes that a $ followed by a number, in quotes, should be taken literally. If you would have passed it to the function without quotes, you would have gotten an "unexpected T_LNUMBER" error.
Even if the variable were a valid one, the quotes would still be unnecessary, since the variable is already a string.
Yes, the others are working properly, and I originally had it unquoted, and got the T_LNUMBER error like you said. Is there any way to pass it into the function, or possibly a way to make sure it begins with http:// (or others) without using a function? I'm trying to make a preemptive strike against XSS on my site, so I really need to disable it in images at least.
|Assuming your bbcode works something like|
Following that, you then replace the remaining legitimate links with <a> tags.
You could do a similar thing for img tags.
Hmmm, I actually never thought of that, guess I was making it more difficult on myself than need be. Thanks for the help!
Have you tried using the e modifier [php.net]?
There's an example in the documentation [php.net].