diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2006-06-04 19:58:33 +0200 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2006-06-04 19:58:33 +0200 |
| commit | 1e68a7feb7d9012eac4e833026bf57faf2ce1c8a (patch) | |
| tree | f031307959e296cea52e12f842b0592dece0b308 | |
| parent | 3b97c5ec44702052661770859b3f2c7a3d32b538 (diff) | |
| download | rpg-1e68a7feb7d9012eac4e833026bf57faf2ce1c8a.tar.gz rpg-1e68a7feb7d9012eac4e833026bf57faf2ce1c8a.tar.bz2 | |
fix for serious security bug #823
darcs-hash:20060604175833-7ad00-cd96ba6a7db7211082ff82e189828e2e11a6f566.gz
| -rw-r--r-- | lib/exe/spellcheck.php | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/lib/exe/spellcheck.php b/lib/exe/spellcheck.php index 5b4c44eda..2dea15465 100644 --- a/lib/exe/spellcheck.php +++ b/lib/exe/spellcheck.php @@ -80,12 +80,14 @@ if(function_exists($call)){ * the result string and will be checked for * spelling errors again. * + * callback for preg_replace_callback + * * @author Matthias Grimm <matthiasgrimm@users.sourceforge.net> * @author Andreas Gohr <andi@splitbrain.org> */ -function spaceslink($string, $check=""){ - $string = unslash($string); - $check = unslash($check); +function spaceslink($matches){ + $string = unslash($matches[1]); + $check = unslash($matches[2]); $result = ' '; //opening [[ $result .= str_pad('',utf8_strlen($string),' '); $result .= $check; @@ -122,8 +124,8 @@ function spell_check() { $data = explode("\n",$string); // don't check links and medialinks for spelling errors - $string = preg_replace('/\{\{(.*?)(\|(.*?))?(\}\})/e','spaceslink("\\1","\\2")',$string); - $string = preg_replace('/\[\[(.*?)(\|(.*?))?(\]\])/e','spaceslink("\\1","\\2")',$string); + $string = preg_replace_callback('/\{\{(.*?)(\|(.*?))?(\}\})/','spaceslink',$string); + $string = preg_replace_callback('/\[\[(.*?)(\|(.*?))?(\]\])/','spaceslink',$string); // run aspell in terse sgml mode, ignore nbsp as correct word if(!$spell->runAspell($string,$out,$err,array('!','+html','@nbsp'))){ |