nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

The decodeBB did not escape <>, keep this functionality.

Browse Source
This commit is contained in:
Michal Čihař
2011-01-28 23:12:18 +01:00
parent 59f561b450
commit cc8e3849cf
2 changed files with 5 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
libraries/Message.class.php
View File

@@ -654,7 +654,7 @@ class PMA_Message
*/ */
static public function decodeBB($message) static public function decodeBB($message)
{ {
return PMA_sanitize($message, false); return PMA_sanitize($message, false, true);
} }
/** /**

7
libraries/sanitizing.lib.php
View File

@@ -27,11 +27,12 @@
* *
* @access public * @access public
*/ */
function PMA_sanitize($message, $escape = false) function PMA_sanitize($message, $escape = false, $safe = false)
{ {
if (!$safe) {
$message = strtr($message, array('<' => '&lt;', '>' => '&gt;'));
}
$replace_pairs = array( $replace_pairs = array(
'<' => '&lt;',
'>' => '&gt;',
'[i]' => '<em>', // deprecated by em '[i]' => '<em>', // deprecated by em
'[/i]' => '</em>', // deprecated by em '[/i]' => '</em>', // deprecated by em
'[em]' => '<em>', '[em]' => '<em>',