perdedora/leftypol
1
0
Fork 0
forked from leftypol/leftypol
Code Pull requests Activity

Bugfix: HTML injection in post editing (introduces and fixes yet another bug)

Browse source
This commit is contained in:
Michael Foster 2013-07-31 21:24:17 -04:00
parent a5312ebe89
commit ea2b8cce07
3 changed files with 9 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

4
inc/functions.php
View file

@ -1420,7 +1420,7 @@ function markup(&$body, $track_cites = false) {
$body = str_replace("\r", '', $body);
$body = utf8tohtml($body);
if (preg_match_all('@<tinyboard ([\w\s]+)>(.+)</tinyboard>@um', $body, $modifiers, PREG_SET_ORDER | PREG_OFFSET_CAPTURE)) {
if (preg_match_all('@<tinyboard ([\w\s]+)>(.+?)</tinyboard>@um', $body, $modifiers, PREG_SET_ORDER | PREG_OFFSET_CAPTURE)) {
$skip_chars = 0;
$body_tmp = $body;
$end_markup = false;
@ -1436,7 +1436,7 @@ function markup(&$body, $track_cites = false) {
if ($modifier['type'] == 'ban message') {
// Public ban message
$replacement = sprintf($config['mod']['ban_message'], $modifier['content']);
$replacement = sprintf($config['mod']['ban_message'], html_entity_decode($modifier['content']));
if ($end_markup) {
$body .= $replacement;
}