Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Incompatible with HTMLPurifier (bad HTML generated?)

ShmizzleShmizzle New
edited October 2010 in Vanilla 2.0 - 2.8
If this plugin is enabled, along with the HTMLPurifier plugin, and you use a "regular" blockquote (<blockquote>foo</blockquote>), then HMTLPurifier strips out everything below that blockquote.

So if you made the following post:

<blockquote>foo</blockquote> Testing, testing, 123.

"Testing, testing, 123" would not be displayed. Insert the "rel=blah" and it will be.

I believe the problem is line 100 of the file class.quotes.plugin.php. </blockquote> is being replaced even if there is no "rel", whereas it should only be replaced if there is a "rel".


  • Options
    Note that above the </p></div> was added by the Quotes plugin, not me.

    I was able to fix it by commenting out the str_replace() call on line 100 of class.quotes.plugins.php, replacing the preg_replace_callback() call on line 99 with:

    $Data->Body = preg_replace_callback('/(<blockquote rel="([\d\w_ ]{3,30})">)(.*)(<\/blockquote>)/u', array($this, 'QuoteAuthorCallback'), $Data->Body);

    and replacing the return call on line 119 with return <<<BLOCKQUOTE
    <blockquote class="UserQuote"><div class="QuoteAuthor">{$Attribution}</div><div class="QuoteText"><p>{$Matches[3]}</p></div></blockquote>

    It works for me and now will only replace </blockquote> with </p></div></blockquote> if there is a "rel" in the blockquote.

    I'm not too skilled in the regex department by the way so if anyone sees a flaw in my regex please let me know.
  • Options
    Dangit, my solution works unless there are nested blockquotes. Any ideas?
  • Options
    Okay, I've found a solution that has been working (even with nested blockquotes) so far: all <blockquote>'s, even ones without the "rel", are converted to <blockquote><div><p>.

    Here's the modified class.quotes.plugin.php file that works for me:

    Note I didn't make any changes to the BBCode part of the file, since my board doesn't use BBCode.
Sign In or Register to comment.