diff options
| author | Dries Buytaert <dries@buytaert.net> | 2009-07-03 18:26:35 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2009-07-03 18:26:35 +0000 |
| commit | c90e16721a0660dc2dedbd31a9df428e03b7ff13 (patch) | |
| tree | 1d3165032f3cf2c735edfb0f6d1ff3eb412fd1a1 /includes | |
| parent | bea411e11467dbed592f560ac4eedb26b7bd36b6 (diff) | |
| download | brdo-c90e16721a0660dc2dedbd31a9df428e03b7ff13.tar.gz brdo-c90e16721a0660dc2dedbd31a9df428e03b7ff13.tar.bz2 | |
- Patch #359276 by Freso, Heine, lyricnz: avoid double encoding/decoding of HTML entities.
Diffstat (limited to 'includes')
| -rw-r--r-- | includes/common.inc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/includes/common.inc b/includes/common.inc index fb4aff11d..0d95442a8 100644 --- a/includes/common.inc +++ b/includes/common.inc @@ -1359,12 +1359,12 @@ function filter_xss($string, $allowed_tags = array('a', 'em', 'strong', 'cite', // Defuse all HTML entities $string = str_replace('&', '&', $string); // Change back only well-formed entities in our whitelist - // Named entities - $string = preg_replace('/&([A-Za-z][A-Za-z0-9]*;)/', '&\1', $string); // Decimal numeric entities $string = preg_replace('/&#([0-9]+;)/', '&#\1', $string); // Hexadecimal numeric entities $string = preg_replace('/&#[Xx]0*((?:[0-9A-Fa-f]{2})+;)/', '&#x\1', $string); + // Named entities + $string = preg_replace('/&([A-Za-z][A-Za-z0-9]*;)/', '&\1', $string); return preg_replace_callback('% ( |