function htnl_encode($text)

by default , on dolphin 6.0003 the syntax to display shoutbox text is here:

$shout_text = process_smiles( process_line_output( $shout_arr['text'], $oTemplConfig -> maxwordlength) );

if the user enter his email or his website , by default the shoutbox script just will display plain text

example  : my email is this_is_my_email@yahoo.com

but if you use this syntax:

$shout_text = process_smiles(html_encode( process_line_output( $shout_arr['text'], $oTemplConfig -> maxwordlength) ) );

the shoutbox scripts will display html format

example: my email is  <a href="mailto:this_is_my_email@yahoo.com">this_is_my_email@yahoo.com</a>

and also his website .

the problem with this syntax is

-- when my user type a website address for example http://smansakra.net.tc/andros , it will just format "http://smansakra.net"  or just format "http://smansakra.net.tc/a "

you can see my example here:

http://smansakra.jwnmedia.com/smansakra.net.tc/shoutbox.php

look, andros type his personal url but the site address look like split into tow pieces, first piece is successfully formated to rich html, but the other just plain text.

CAN ANYONE HERE HELPME TO FIX THIS?

the webaddres sometimes is split by a "whitespace"

I can just say that use HTML in shoutbox is not safe

and give exactly code that you use here (several strings or even all function)

You can use a javascript to convert those urls and emails to HTML anchors.

Regards,

Praveen

1. that function ( html_encode ) is a default function on dolphin . located on utils.inc.php, and that function just will only process user input that contain webaddress and emailadderes.

here is the code

function html_encode($text)
{
     $searcharray =  array(
    "'([-_\w\d.]+@[-_\w\d.]+)'",
    "'((?:(?!://).{3}|^.{0,2}))(www\.[-\d\w\.\/]+)'",
    "'(http[s]?:\/\/[-_~\w\d\.\/]+)'");

    $replacearray = array(
    "<a href=\"mailto:\\1\">\\1</a>",
    "\\1http://\\2",
    "<a href=\"\\1\" target=_blank>\\1</a>");

   return preg_replace($searcharray, $replacearray, stripslashes($text));
}

.

2. for security on html, i have insert clear_xss($myoutput) , so if user put untidy html code , this function will excute it

.

3. hi, wait i don't use html or allow html on my shoutbox textare.. please see the picture below:

.

4. for prevent: UNFORTUNATELY I DON'T KNOW HOW TO CONVERT IT!

FOR praveenkv1988 : unfor tunately i dont know how to conver it

HI, I HAVE FOUND solution

.

.

believe or not, the prolem is on:

$oTemplConfig -> maxwordlength

it 's on BxBaseConfig.php

yes, "maxwoedlength"  means "max number of character in a WORD", yes IN A WORD

.

By default , the number value of maxwordlength is 20.

i have increased it to 37 so it solve my problem.