natto1784/aslichan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Bugfix: HTML injection in post editing (introduces and fixes yet another bug)

Browse Source
This commit is contained in:
Michael Foster
2013-07-31 21:24:17 -04:00
parent a5312ebe89
commit ea2b8cce07
3 changed files with 9 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
inc/functions.php
View File

@@ -1420,7 +1420,7 @@ function markup(&$body, $track_cites = false) {
$body = str_replace("\r", '', $body);
$body = utf8tohtml($body);
if (preg_match_all('@<tinyboard ([\w\s]+)>(.+)</tinyboard>@um', $body, $modifiers, PREG_SET_ORDER | PREG_OFFSET_CAPTURE)) {
if (preg_match_all('@<tinyboard ([\w\s]+)>(.+?)</tinyboard>@um', $body, $modifiers, PREG_SET_ORDER | PREG_OFFSET_CAPTURE)) {
$skip_chars = 0;
$body_tmp = $body;
$end_markup = false;
@@ -1436,7 +1436,7 @@ function markup(&$body, $track_cites = false) {
if ($modifier['type'] == 'ban message') {
// Public ban message
$replacement = sprintf($config['mod']['ban_message'], $modifier['content']);
$replacement = sprintf($config['mod']['ban_message'], html_entity_decode($modifier['content']));
if ($end_markup) {
$body .= $replacement;
}