Check for disallowed BB codes in the content

diff --git a/wcfsetup/install/files/acp/templates/articleAdd.tpl b/wcfsetup/install/files/acp/templates/articleAdd.tpl
index a718b08174638221e57d07094f22962131e2b6aa..859988e75c324dd026a3ae973126a6eacfbdf032 100644 (file)
--- a/wcfsetup/install/files/acp/templates/articleAdd.tpl
+++ b/wcfsetup/install/files/acp/templates/articleAdd.tpl
@@ -582,6 +582,8 @@
                                                                        <small class="innerError">
                                                                                {if $errorType == 'empty'}
                                                                                        {lang}wcf.global.form.error.empty{/lang}
+                                                                               {elseif $errorType == 'disallowedBBCodes'}
+                                                                                       {lang}wcf.message.error.disallowedBBCodes{/lang}
                                                                                {else}
                                                                                        {lang}wcf.acp.article.content.error.{@$errorType}{/lang}
                                                                                {/if}

diff --git a/wcfsetup/install/files/lib/acp/form/ArticleAddForm.class.php b/wcfsetup/install/files/lib/acp/form/ArticleAddForm.class.php
index 5f46149f40911e0b504f771fc7bb55b1d4b2ce79..2a33ea849c7ed9596a4be98ae3b39defa450a02f 100644 (file)
--- a/wcfsetup/install/files/lib/acp/form/ArticleAddForm.class.php
+++ b/wcfsetup/install/files/lib/acp/form/ArticleAddForm.class.php
@@ -14,6 +14,7 @@ use wcf\data\smiley\SmileyCache;
 use wcf\data\user\User;
 use wcf\form\AbstractForm;
 use wcf\system\attachment\AttachmentHandler;
+use wcf\system\bbcode\BBCodeHandler;
 use wcf\system\cache\builder\ArticleCategoryLabelCacheBuilder;
 use wcf\system\exception\UserInputException;
 use wcf\system\html\input\HtmlInputProcessor;
@@ -424,6 +425,8 @@ class ArticleAddForm extends AbstractForm
             }
         }
 
+        $this->setDisallowedBBCodes();
+
         if ($this->isMultilingual) {
             foreach (LanguageFactory::getInstance()->getLanguages() as $language) {
                 // title
@@ -441,6 +444,12 @@ class ArticleAddForm extends AbstractForm
                     'com.woltlab.wcf.article.content',
                     0
                 );
+
+                $disallowedBBCodes = $this->htmlInputProcessors[$language->languageID]->validate();
+                if (!empty($disallowedBBCodes)) {
+                    WCF::getTPL()->assign('disallowedBBCodes', $disallowedBBCodes);
+                    throw new UserInputException('content', 'disallowedBBCodes');
+                }
             }
         } else {
             // title
@@ -454,6 +463,12 @@ class ArticleAddForm extends AbstractForm
 
             $this->htmlInputProcessors[0] = new HtmlInputProcessor();
             $this->htmlInputProcessors[0]->process($this->content[0], 'com.woltlab.wcf.article.content', 0);
+
+            $disallowedBBCodes = $this->htmlInputProcessors[0]->validate();
+            if (!empty($disallowedBBCodes)) {
+                WCF::getTPL()->assign('disallowedBBCodes', $disallowedBBCodes);
+                throw new UserInputException('content', 'disallowedBBCodes');
+            }
         }
 
         $this->validateLabelIDs();
@@ -616,6 +631,8 @@ class ArticleAddForm extends AbstractForm
                 }
             }
         }
+
+        $this->setDisallowedBBCodes();
     }
 
     /**
@@ -677,4 +694,14 @@ class ArticleAddForm extends AbstractForm
             'tmpHash' => $this->tmpHash,
         ]);
     }
+
+    protected function setDisallowedBBCodes(): void
+    {
+        BBCodeHandler::getInstance()->setDisallowedBBCodes(
+            \explode(
+                ',',
+                WCF::getSession()->getPermission('user.message.disallowedBBCodes')
+            )
+        );
+    }
 }