Check for disallowed BB codes in the content

diff --git a/wcfsetup/install/files/acp/templates/articleAdd.tpl b/wcfsetup/install/files/acp/templates/articleAdd.tpl
index aeccb5ccf6f5e1d23bbf114aac21e0172eec7d4c..437d15ff08609d77e28ef00781f3cfd7712d0650 100644 (file)
--- a/wcfsetup/install/files/acp/templates/articleAdd.tpl
+++ b/wcfsetup/install/files/acp/templates/articleAdd.tpl
@@ -531,6 +531,8 @@
                                                                        <small class="innerError">
                                                                                {if $errorType == 'empty'}
                                                                                        {lang}wcf.global.form.error.empty{/lang}
+                                                                               {elseif $errorType == 'disallowedBBCodes'}
+                                                                                       {lang}wcf.message.error.disallowedBBCodes{/lang}
                                                                                {else}
                                                                                        {lang}wcf.acp.article.content.error.{@$errorType}{/lang}
                                                                                {/if}

diff --git a/wcfsetup/install/files/lib/acp/form/ArticleAddForm.class.php b/wcfsetup/install/files/lib/acp/form/ArticleAddForm.class.php
index cba609b822a669d69439b9d429ad6ca26c2ffd68..f67271a278f3b4dd4d671a20c23568c65b64127f 100644 (file)
--- a/wcfsetup/install/files/lib/acp/form/ArticleAddForm.class.php
+++ b/wcfsetup/install/files/lib/acp/form/ArticleAddForm.class.php
@@ -13,6 +13,7 @@ use wcf\data\media\ViewableMediaList;
 use wcf\data\smiley\SmileyCache;
 use wcf\data\user\User;
 use wcf\form\AbstractForm;
+use wcf\system\bbcode\BBCodeHandler;
 use wcf\system\cache\builder\ArticleCategoryLabelCacheBuilder;
 use wcf\system\exception\UserInputException;
 use wcf\system\html\input\HtmlInputProcessor;
@@ -390,6 +391,8 @@ class ArticleAddForm extends AbstractForm
             }
         }
 
+        $this->setDisallowedBBCodes();
+
         if ($this->isMultilingual) {
             foreach (LanguageFactory::getInstance()->getLanguages() as $language) {
                 // title
@@ -407,6 +410,12 @@ class ArticleAddForm extends AbstractForm
                     'com.woltlab.wcf.article.content',
                     0
                 );
+
+                $disallowedBBCodes = $this->htmlInputProcessors[$language->languageID]->validate();
+                if (!empty($disallowedBBCodes)) {
+                    WCF::getTPL()->assign('disallowedBBCodes', $disallowedBBCodes);
+                    throw new UserInputException('content', 'disallowedBBCodes');
+                }
             }
         } else {
             // title
@@ -420,6 +429,12 @@ class ArticleAddForm extends AbstractForm
 
             $this->htmlInputProcessors[0] = new HtmlInputProcessor();
             $this->htmlInputProcessors[0]->process($this->content[0], 'com.woltlab.wcf.article.content', 0);
+
+            $disallowedBBCodes = $this->htmlInputProcessors[0]->validate();
+            if (!empty($disallowedBBCodes)) {
+                WCF::getTPL()->assign('disallowedBBCodes', $disallowedBBCodes);
+                throw new UserInputException('content', 'disallowedBBCodes');
+            }
         }
 
         $this->validateLabelIDs();
@@ -564,6 +579,8 @@ class ArticleAddForm extends AbstractForm
                 }
             }
         }
+
+        $this->setDisallowedBBCodes();
     }
 
     /**
@@ -617,4 +634,14 @@ class ArticleAddForm extends AbstractForm
             'labelGroupsToCategories' => $this->labelGroupsToCategories,
         ]);
     }
+
+    protected function setDisallowedBBCodes(): void
+    {
+        BBCodeHandler::getInstance()->setDisallowedBBCodes(
+            \explode(
+                ',',
+                WCF::getSession()->getPermission('user.message.disallowedBBCodes')
+            )
+        );
+    }
 }