--- /dev/null
+--- ./viewtopic.php.org Sun Dec 8 03:13:40 2002
++++ ./viewtopic.php Sun Dec 8 03:24:49 2002
+@@ -444,29 +444,25 @@
+ // Was a highlight request part of the URI? Yes, this idea was\r
+ // taken from vB but we did already have a highlighter in place\r
+ // in search itself ... it's just been extended a bit!\r
+-//\r
++// Fixed !!!\r
++$highlight_match = $highlight = '';\r
+ if ( isset($HTTP_GET_VARS['highlight']) )\r
+ {\r
+- $highlight_match = array();\r
+-\r
+ //\r
+ // Split words and phrases\r
+ //\r
+- $words = explode(' ', trim(urldecode($HTTP_GET_VARS['highlight'])));\r
++ $words = explode(' ', trim(htmlspecialchars(urldecode($HTTP_GET_VARS['highlight']))));\r
+ \r
+ for($i = 0; $i < count($words); $i++)\r
+ {\r
+ if ( trim($words[$i]) != '' )\r
+ {\r
+- $highlight_match[] = '#\b(' . str_replace("*", "([\w]+)?", $words[$i]) . ')\b#is';\r
++ $highlight_match .= (($highlight_match != '') ? '|' : '') . str_replace('*', '\w*', phpbb_preg_quote($words[$i], '#'));\r
+ }\r
+ }\r
++ unset($words);\r
+ \r
+- $highlight_active = ( count($highlight_match) ) ? true : false;\r
+-}\r
+-else\r
+-{\r
+- $highlight_active = false;\r
++ $highlight = urlencode($HTTP_GET_VARS['highlight']);\r
+ }\r
+ \r
+ //\r
+@@ -591,49 +587,51 @@
+ //\r
+ // If we've got a hightlight set pass it on to pagination, \r
+ // I get annoyed when I lose my highlight after the first page.\r
++// FIXED!!!\r
+ //\r
+-$pagination = ( $highlight_active ) ? generate_pagination("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id&postdays=$post_days&postorder=$post_order&highlight=" . $HTTP_GET_VARS['highlight'], $total_replies, $board_config['posts_per_page'], $start) : generate_pagination("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id&postdays=$post_days&postorder=$post_order", $total_replies, $board_config['posts_per_page'], $start);\r
++$pagination = ( $highlight_match ) ? generate_pagination("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id&postdays=$post_days&postorder=$post_order&highlight=$highlight",$total_replies, $board_config['posts_per_page'], $start) :generate_pagination("viewtopic.$phpEx?" . POST_TOPIC_URL ."=$topic_id&postdays=$post_days&postorder=$post_order", $total_replies,$board_config['posts_per_page'], $start);\r
+ \r
+ //\r
+ // Send vars to template\r
++// FIXED!!\r
+ //\r
+ $template->assign_vars(array(\r
+ 'FORUM_ID' => $forum_id,\r
+- 'FORUM_NAME' => $forum_name,\r
+- 'TOPIC_ID' => $topic_id,\r
+- 'TOPIC_TITLE' => $topic_title,\r
++ 'FORUM_NAME' => $forum_name,\r
++ 'TOPIC_ID' => $topic_id,\r
++ 'TOPIC_TITLE' => $topic_title,\r
+ 'PAGINATION' => $pagination,\r
+- 'PAGE_NUMBER' => sprintf($lang['Page_of'], ( floor( $start / $board_config['posts_per_page'] ) + 1 ), ceil( $total_replies / $board_config['posts_per_page'] )), \r
+-\r
++ 'PAGE_NUMBER' => sprintf($lang['Page_of'], ( floor( $start / $board_config['posts_per_page'] ) + 1 ),ceil( $total_replies / $board_config['posts_per_page'] )),\r
+ 'POST_IMG' => $post_img,\r
+ 'REPLY_IMG' => $reply_img,\r
+ \r
+ 'L_AUTHOR' => $lang['Author'],\r
+ 'L_MESSAGE' => $lang['Message'],\r
+- 'L_POSTED' => $lang['Posted'], \r
++ 'L_POSTED' => $lang['Posted'],\r
+ 'L_POST_SUBJECT' => $lang['Post_subject'],\r
+ 'L_VIEW_NEXT_TOPIC' => $lang['View_next_topic'],\r
+ 'L_VIEW_PREVIOUS_TOPIC' => $lang['View_previous_topic'],\r
+- 'L_POST_NEW_TOPIC' => $post_alt, \r
+- 'L_POST_REPLY_TOPIC' => $reply_alt, \r
++ 'L_POST_NEW_TOPIC' => $post_alt,\r
++ 'L_POST_REPLY_TOPIC' => $reply_alt,\r
+ 'L_BACK_TO_TOP' => $lang['Back_to_top'],\r
+ 'L_DISPLAY_POSTS' => $lang['Display_posts'],\r
+- 'L_LOCK_TOPIC' => $lang['Lock_topic'], \r
+- 'L_UNLOCK_TOPIC' => $lang['Unlock_topic'], \r
+- 'L_MOVE_TOPIC' => $lang['Move_topic'], \r
+- 'L_SPLIT_TOPIC' => $lang['Split_topic'], \r
+- 'L_DELETE_TOPIC' => $lang['Delete_topic'], \r
+- 'L_GOTO_PAGE' => $lang['Goto_page'], \r
++ 'L_LOCK_TOPIC' => $lang['Lock_topic'],\r
++ 'L_UNLOCK_TOPIC' => $lang['Unlock_topic'],\r
++ 'L_MOVE_TOPIC' => $lang['Move_topic'],\r
++ 'L_SPLIT_TOPIC' => $lang['Split_topic'],\r
++ 'L_DELETE_TOPIC' => $lang['Delete_topic'],\r
++ 'L_GOTO_PAGE' => $lang['Goto_page'],\r
+ \r
+- 'S_TOPIC_LINK' => POST_TOPIC_URL, \r
++ 'S_TOPIC_LINK' => POST_TOPIC_URL,\r
+ 'S_SELECT_POST_DAYS' => $select_post_days,\r
+ 'S_SELECT_POST_ORDER' => $select_post_order,\r
+- 'S_POST_DAYS_ACTION' => append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . '=' . $topic_id . "&start=$start"), \r
++ 'S_POST_DAYS_ACTION' => append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . '=' . $topic_id ."&start=$start"),\r
+ 'S_AUTH_LIST' => $s_auth_can,\r
+ 'S_TOPIC_ADMIN' => $topic_mod,\r
+ 'S_WATCH_TOPIC' => $s_watching_topic,\r
+ \r
+- 'U_VIEW_TOPIC' => append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id&start=$start&postdays=$post_days&postorder=$post_order&highlight=" . $HTTP_GET_VARS['highlight']), \r
++ 'U_VIEW_TOPIC' => append_sid("viewtopic.$phpEx?" . POST_TOPIC_URL .\r
++ "=$topic_id&start=$start&postdays=$post_days&postorder=$post_order&highlight=$highlight"),\r
+ 'U_VIEW_FORUM' => $view_forum_url,\r
+ 'U_VIEW_OLDER_TOPIC' => $view_prev_topic_url,\r
+ 'U_VIEW_NEWER_TOPIC' => $view_next_topic_url,\r
+@@ -1052,82 +1050,15 @@
+ \r
+ //\r
+ // Highlight active words (primarily for search)\r
++ // FIXED!!\r
+ //\r
+- if ( $highlight_active )\r
++ if ($highlight_match)\r
+ {\r
+- if ( preg_match('/<.*>/', $message) )\r
+- {\r
+- $message = preg_replace($highlight_match, '<!-- #sh -->\1<!-- #eh -->', $message);\r
+-\r
+- $end_html = 0;\r
+- $start_html = 1;\r
+- $temp_message = '';\r
+- $message = ' ' . $message . ' ';\r
+-\r
+- while( $start_html = strpos($message, '<', $start_html) )\r
+- {\r
+- $grab_length = $start_html - $end_html - 1;\r
+- $temp_message .= substr($message, $end_html + 1, $grab_length);\r
+-\r
+- if ( $end_html = strpos($message, '>', $start_html) )\r
+- {\r
+- $length = $end_html - $start_html + 1;\r
+- $hold_string = substr($message, $start_html, $length);\r
+-\r
+- if ( strrpos(' ' . $hold_string, '<') != 1 )\r
+- {\r
+- $end_html = $start_html + 1;\r
+- $end_counter = 1;\r
+-\r
+- while ( $end_counter && $end_html < strlen($message) )\r
+- {\r
+- if ( substr($message, $end_html, 1) == '>' )\r
+- {\r
+- $end_counter--;\r
+- }\r
+- else if ( substr($message, $end_html, 1) == '<' )\r
+- {\r
+- $end_counter++;\r
+- }\r
+-\r
+- $end_html++;\r
+- }\r
+-\r
+- $length = $end_html - $start_html + 1;\r
+- $hold_string = substr($message, $start_html, $length);\r
+- $hold_string = str_replace('<!-- #sh -->', '', $hold_string);\r
+- $hold_string = str_replace('<!-- #eh -->', '', $hold_string);\r
+- }\r
+- else if ( $hold_string == '<!-- #sh -->' )\r
+- {\r
+- $hold_string = str_replace('<!-- #sh -->', '<span style="color:#' . $theme['fontcolor3'] . '"><b>', $hold_string);\r
+- }\r
+- else if ( $hold_string == '<!-- #eh -->' )\r
+- {\r
+- $hold_string = str_replace('<!-- #eh -->', '</b></span>', $hold_string);\r
+- }\r
+-\r
+- $temp_message .= $hold_string;\r
+-\r
+- $start_html += $length;\r
+- }\r
+- else\r
+- {\r
+- $start_html = strlen($message);\r
+- }\r
+- }\r
+-\r
+- $grab_length = strlen($message) - $end_html - 1;\r
+- $temp_message .= substr($message, $end_html + 1, $grab_length);\r
+-\r
+- $message = trim($temp_message);\r
+- }\r
+- else\r
+- {\r
+- $message = preg_replace($highlight_match, '<span style="color:#' . $theme['fontcolor3'] . '"><b>\1</b></span>', $message);\r
+- }\r
++ // This was shamelessly 'borrowed' from volker at multiartstudio dot de\r
++ // via php.net's annotated manual\r
++ $message = str_replace('\"', '"', substr(preg_replace('#(\>(((?>([^><]+|(?R)))*)\<))#se',"preg_replace('#\b(" . $highlight_match . ")\b#i', '<span style=\"color:#" . $theme['fontcolor3']. "\"><b>\\\\1</b></span>', '\\0')", '>' . $message . '<'), 1, -1));\r
+ }\r
+-\r
++ \r
+ //\r
+ // Replace naughty words\r
+ //\r
+@@ -1246,4 +1177,4 @@
+ \r
+ include($phpbb_root_path . 'includes/page_tail.'.$phpEx);\r
+ \r
+-?>
+\ No newline at end of file
++?>\r