Commit ae0407ab authored by Dries's avatar Dries
Browse files

- Patch #101775 by Steven: don't cut off posts at a lone <

parent cc2cb795
...@@ -1253,9 +1253,11 @@ function filter_xss($string, $allowed_tags = array('a', 'em', 'strong', 'cite', ...@@ -1253,9 +1253,11 @@ function filter_xss($string, $allowed_tags = array('a', 'em', 'strong', 'cite',
return preg_replace_callback('% return preg_replace_callback('%
( (
<[^>]*.(>|$) # a string that starts with a <, up until the > or the end of the string <(?=[^a-zA-Z/]) # a lone <
| # or | # or
> # just a > <[^>]*.(>|$) # a string that starts with a <, up until the > or the end of the string
| # or
> # just a >
)%x', '_filter_xss_split', $string); )%x', '_filter_xss_split', $string);
} }
...@@ -1286,6 +1288,10 @@ function _filter_xss_split($m, $store = FALSE) { ...@@ -1286,6 +1288,10 @@ function _filter_xss_split($m, $store = FALSE) {
// We matched a lone ">" character // We matched a lone ">" character
return '&gt;'; return '&gt;';
} }
else if (strlen($string) == 1) {
// We matched a lone "<" character
return '&lt;';
}
if (!preg_match('%^<\s*(/\s*)?([a-zA-Z0-9]+)([^>]*)>?$%', $string, $matches)) { if (!preg_match('%^<\s*(/\s*)?([a-zA-Z0-9]+)([^>]*)>?$%', $string, $matches)) {
// Seriously malformed // Seriously malformed
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment