Need help with regex

[DPyro]

I got the following code I need to modify:

function htmlize($var){
$var = htmlspecialchars($var);
while(ereg('\^([0-9])', $var)) {
foreach(array('black', 'red', 'darkgreen', 'yellow', 'blue', 'cyan', 'deeppink', 'white', 'blue-night', 'red-night') as $num_color => $name_color) {
if (ereg('\^([0-9])(.*)\^([0-9])', $var)){
$var = preg_replace("#\^".$num_color."(.*)\^([0-9])#Usi", "<font color=\"".$name_color."\">$1</font>^$2", $var);
} else {
$var = preg_replace("#\^".$num_color."(.*)$#Usi", "<font color=\"".$name_color."\">$1</font>", $var);
}
}
}
$end = removefunchars($var);
return $end;
}[/CODE]

It is used with quake 3 which uses ^ and a number to change the colour of characters. The code above works, but I need to add funny characters such as *{}

Right now those characters are not colour coded and it skips over other characters that follow.

EDIT: It actually seems to be a bug and now I'm not sure what to do...

It seems the one guy is using letters instead of numbers to change the colours.

Here is the array:

[CODE]
[6] => Array
(
[frags] => 0
[ping] => 61
[nick] => ^p*^a{^pC^aH^pS^a}^p*^aU^pnb^aR
[gq_name] => ^p*^a{^pC^aH^pS^a}^p*^aU^pnb^aR
[gq_score] => 0
[gq_ping] => 61
)
[13] => Array
(
[frags] => 117
[ping] => 51
[nick] => ^2*{^8CHS^2}*^8^2!^8<^2!^8N^2
[gq_name] => ^2*{^8CHS^2}*^8^2!^8<^2!^8N^2
[gq_score] => 117
[gq_ping] => 51
)
[/CODE]

[DPyro]

I found another code that does the same thing but is a bit more thorough and need to add $ to it.

function check_color($text, $switch)
	{
		$clr = array ( // colors
		"\"#000000\"", "\"#FF0000\"", "\"#008800\"", "\"#E6FF00\"", //  1
		"\"#0B00DB\"", "\"#2EFCFF\"", "\"#FF00F7\"", "\"#FFFFFF\"", //  2
		"\"#000000\"", "\"#757575\"", "\"#FF0000\"", "\"#006E55\"", //  3
		"\"#970080\"", "\"#005AFF\"", "\"#00FFFF\"", "\"#63C6FF\"", //  4
		"\"#00DA2F\"", "\"#003820\"", "\"#7C0015\"", "\"#940123\"", //  5
		"\"#752700\"", "\"#A7905E\"", "\"#555C26\"", "\"#B0B0B0\"", //  6
		"\"#FFFFFF\"", "\"#000000\"", "\"#FF0000\"", "\"#00B906\"", //  7
		"\"#FFFF00\"", "\"#0B00DF\"", "\"#00FCFF\"", "\"#FF00F7\"", //  8
		"\"#FFFFFF\"", "\"#00FFFF\"", "\"#757575\"", "\"#FF8000\"", //  9
		"\"#F7FF00\"", "\"#BBBBBB\"", "\"#747228\"", "\"#FF5500\"", // 10
		"\"#670504\"", "\"#0000FF\""								// 11
		);
		if ($switch == 1)
		{ // colored string
			$search  = array (
			"/\^0/", "/\^1/", "/\^2/", "/\^3/",		//  1
			"/\^4/", "/\^5/", "/\^6/", "/\^7/",		//  2
			"/\^8/", "/\^9/", "/\^a/", "/\^b/",		//  3
			"/\^c/", "/\^d/", "/\^e/", "/\^f/",		//  4
			"/\^g/", "/\^h/", "/\^i/", "/\^j/",		//  5
			"/\^k/", "/\^l/", "/\^m/", "/\^n/",		//  6
			"/\^o/", "/\^p/", "/\^q/", "/\^r/",		//  7
			"/\^s/", "/\^t/", "/\^u/", "/\^v/",		//  8
			"/\^w/", "/\^x/", "/\^y/", "/\^z/",		//  9
			"/\^\//", "/\^\*/", "/\^\-/", "/\^\+/",	// 10
			"/\^\?/", "/\^\@/", "/\^</", "/\^>/",	  // 11
			"/\^\&/", "/\^\)/", "/\^\(/", "/\^[A-Z]/", // 12
			"/\^\_/",								  // 14
			"/&</", "/^(.*?)<\/font>/"				 // 15
			);
			$replace = array (
			"&<font color=$clr[0]>", "&<font color=$clr[1]>",   //  1
			"&<font color=$clr[2]>", "&<font color=$clr[3]>",   //  2
			"&<font color=$clr[4]>", "&<font color=$clr[5]>",   //  3
			"&<font color=$clr[6]>", "&<font color=$clr[7]>",   //  4
			"&<font color=$clr[8]>", "&<font color=$clr[9]>",   //  5
			"&<font color=$clr[10]>", "&<font color=$clr[11]>", //  6
			"&<font color=$clr[12]>", "&<font color=$clr[13]>", //  7
			"&<font color=$clr[14]>", "&<font color=$clr[15]>", //  8
			"&<font color=$clr[16]>", "&<font color=$clr[17]>", //  9
			"&<font color=$clr[18]>", "&<font color=$clr[19]>", // 10
			"&<font color=$clr[20]>", "&<font color=$clr[21]>", // 11
			"&<font color=$clr[22]>", "&<font color=$clr[23]>", // 12
			"&<font color=$clr[24]>", "&<font color=$clr[25]>", // 13
			"&<font color=$clr[26]>", "&<font color=$clr[27]>", // 14
			"&<font color=$clr[28]>", "&<font color=$clr[29]>", // 15
			"&<font color=$clr[30]>", "&<font color=$clr[31]>", // 16
			"&<font color=$clr[32]>", "&<font color=$clr[33]>", // 17
			"&<font color=$clr[34]>", "&<font color=$clr[35]>", // 18
			"&<font color=$clr[36]>", "&<font color=$clr[37]>", // 19
			"&<font color=$clr[38]>", "&<font color=$clr[39]>", // 20
			"&<font color=$clr[40]>", "&<font color=$clr[41]>", // 21
			"", "", "", "", "", "",							 // 22
			"", "</font><", "\$1"							   // 23
			);
			$ctext = preg_replace($search, $replace, $text);
			if ($ctext != $text)
			{
				$ctext = preg_replace("/$/", "</font>", $ctext);
			}
			return $ctext;
		}
		elseif ($switch == 2)
		{ // colored numbers
			if ($text <= 39)
			{
				$ctext = "<font color=$clr[7]>$text</font>";
			}
			elseif ($text <= 69)
			{
				$ctext = "<font color=$clr[5]>$text</font>";
			}
			elseif ($text <= 129)
			{
				$ctext = "<font color=$clr[8]>$text</font>";
			}
			elseif ($text <= 399)
			{
				$ctext = "<font color=$clr[9]>$text</font>";
			}
			else
			{
				$ctext = "<font color=$clr[1]>$text</font>";
			}
			return $ctext;
		}
	}
[/CODE]

EDIT: It's actually only one person I'm having trouble with now

^@^@^$iq>^@50gr

[Karl L.]

So... I have read over both of your posts several times and I am having a little trouble figuring out exactly what you are trying to accomplish. I will explain the situation as best I can understand it, and you can correct me where I'm wrong.

You are creating a leader board, or possibly post-game score board, in PHP to display stats from your Quake 3 server. You are accepting an array of data directly from Quake 3 and trying to parse it in PHP. The problem is, some of your players have figured out exactly what you're doing and are trying to color their in-game player names, which you don't want to happen. They are doing this by logging into your Quake 3 server with user names that include HTML tags, such as <font color> (the HTML font color tag is depreciated in favor of the functionally identical CSS color property according to MDN, which is why I linked to the CSS color article), which your PHP code sending directly to the web browser to be interpreted and displayed on screen.

If my interpretation of the problem is correct, it sounds like you are failing to sanitize your input correctly. The two functions you posted above are your attempts at mitigating the issue, but each one fails to take into account some specific cases, despite the verbosity of the second function (which is not necessarily indicative of better coverage or quality). Based on this interpretation, you probably have even bigger security holes lurking in your code. This bug is annoying but fairly harmless, however, others could be worse. I recommend that you check out this article on sanitizing your inputs in PHP.

Additionally, make sure that you know what all of your code is doing! Don't just copy/paste code from the Internet without fully understanding it. That is not to say that you shouldn't use external libraries; that would be foolish. However, make sure that you understand what your library does before you use it. For example, I don't know all of the implementation details of SQLite, and I probably couldn't have written a library that high-quality or complex by myself, but I have read its documentation and understand the interface, best practices, relevant performance characteristics, and caveats. It is not just a black box that performs magic someone told me would solve my problem.

Finally, in addition to a better title and more thorough description in your initial post, please follow the forum guidelines about tagging your post.

Please use the following format when starting a new topic that relates to a single programming language

[Programming Language] Name of your topic

While it wasn't too difficult to figure out which language you are using based on the code you posted, it would have saved me a little trouble. (I looked in the tags too, which also don't exist.) Especially when you are asking for free help, it is best to make it as easy for others to help you as possible; you will probably get more responses that way. When I see poorly formatted posts with missing details, I am far less likely to take the time to respond (and I'm probably not the only one).

EDIT: This post is mostly the same as the one above it. My last post was fine immediately after I posted it. When I checked again just a couple of minutes ago, most of the post was missing. Will a mod please remove my post above this one?

[Descartes]

You probably shouldn't parse HTML with RegEx.

Doesn't PHP have a dedicated DOM parser?

[DPyro]

Regex isn't parsing html, the code I posted adds <font color> to the page translating the various q3 font modifiers. For instance ^1 = <font color="#FF0000">

I added htmlspecialchars to fix some issues with the php. Basically, the code is not able to parse ^$ and translate that to <font color=...>

Edited September 19, 2012 by DPyro

[Karl L.]

Regex isn't parsing html, the code I posted adds <font color> to the page translating the various q3 font modifiers. For instance ^1 = <font color="#FF0000">

I added htmlspecialchars to fix some issues with the php. Basically, the code is not able to parse ^$ and translate that to <font color=...>

In that case, can you post a table of the codes you need to translate? The HTML color codes are standard, but I can't help you very much if I don't know the codes you are translating from.

[DPyro]

In that case, can you post a table of the codes you need to translate? The HTML color codes are standard, but I can't help you very much if I don't know the codes you are translating from.

See the regex in the previous post

if ($switch == 1)
			    { // colored string
					    $search  = array (
					    "/\^0/", "/\^1/", "/\^2/", "/\^3/",			 //  1
					    "/\^4/", "/\^5/", "/\^6/", "/\^7/",			 //  2
					    "/\^8/", "/\^9/", "/\^a/", "/\^b/",			 //  3
					    "/\^c/", "/\^d/", "/\^e/", "/\^f/",			 //  4
					    "/\^g/", "/\^h/", "/\^i/", "/\^j/",			 //  5
					    "/\^k/", "/\^l/", "/\^m/", "/\^n/",			 //  6
					    "/\^o/", "/\^p/", "/\^q/", "/\^r/",			 //  7
					    "/\^s/", "/\^t/", "/\^u/", "/\^v/",			 //  8
					    "/\^w/", "/\^x/", "/\^y/", "/\^z/",			 //  9
					    "/\^\//", "/\^\*/", "/\^\-/", "/\^\+/", // 10
					    "/\^\?/", "/\^\@/", "/\^</", "/\^>/",	 // 11
					    "/\^\&/", "/\^\)/", "/\^\(/", "/\^[A-Z]/", // 12
					    "/\^\_/",																 // 14
					    "/&</", "/^(.*?)<\/font>/" 
[/CODE]

So if the name of someone in q3 was ^1D^2P^3y^4r^5o it would look like [b][color=#ff0000]D[/color][color=#00ff00]P[/color][color=#ffff00]y[/color][color=#0000ff]r[/color][color=#00ffff]o[/color][/b]

The problem shows up with a name like ^@^@^$iq>^@50gr where he is using special characters to modify the colour.