Fix for toDB() in 'no_html' mode. Admin-log now detects table in remarks.

2025-08-02 12:48:26 +02:00 · 2015-04-14 11:39:35 -07:00
parent 270c1e21a2
commit 67d62ce723
2 changed files with 22 additions and 11 deletions
--- a/e107_admin/admin_log.php
+++ b/e107_admin/admin_log.php
@@ -581,6 +581,16 @@ class admin_log_form_ui extends e_admin_form_ui
 					{
 						$val = $tp->lanVars($val, '<b>'.$match[1].'</b>');
 					}
 					else
 					{
 						preg_match("/\[!br!\]TABLE: ([\w]*)/i", $remark, $m);
 						if(!empty($m[1]))
 						{
 							$val = $tp->lanVars($val, '<b>'.$m[1].'</b>');
 						}
 					}
 				}
 				return $val;
--- a/e107_handlers/e_parse_class.php
+++ b/e107_handlers/e_parse_class.php
@@ -491,7 +491,7 @@ class e_parse extends e_parser
 	 * @return string
 	 * @todo complete the documentation of this essential method
 	 */
-	public function toDB($data, $nostrip = FALSE, $no_encode = FALSE, $mod = FALSE, $original_author = FALSE)
+	public function toDB($data, $nostrip =false, $no_encode = false, $mod = false, $original_author = false)
 	{
 		$core_pref = e107::getConfig();
 		if (is_array($data))
@@ -516,13 +516,13 @@ class e_parse extends e_parser
 			$data = $this->preFilter($data); // used by bb_xxx.php toDB() functions. bb_code.php toDB() allows us to properly bypass HTML cleaning below. 
-		//	if(strlen($data) != strlen(strip_tags($data))) // html tags present. // strip_tags doesn't look for close '>'.
+		//	if(strlen($data) != strlen(strip_tags($data))) // html tags present. // strip_tags()  doesn't function doesnt look for unclosed '>'.
-			if(strpos($data,'[html]') !== false || preg_match('#(?<=<)\w+(?=[^<]*?>)#', $data))
+			if((strpos($data,'[html]') !== false || preg_match('#(?<=<)\w+(?=[^<]*?>)#', $data)) && strpos($mod, 'no_html') === false)
 			{
 				$this->isHtml = true;
 				$data = $this->cleanHtml($data); // sanitize all html.
 				$data = urldecode($data); // symptom of cleaning the HTML - urlencodes src attributes containing { and } .eg. {e_BASE}
 			}
 			else // caused double-encoding of '&'
 			{
@@ -536,6 +536,7 @@ class e_parse extends e_parser
 				$data = str_replace(array('[html]','[/html]'),'',$data);
 			}
 			//  $data = html_entity_decode($data, ENT_QUOTES, 'utf-8');	// Prevent double-entities. Fix for [code]  - see bb_code.php toDB();
 		}
@@ -543,22 +544,22 @@ class e_parse extends e_parser
 		if (check_class($core_pref->get('post_html'))) /*$core_pref->is('post_html') && XXX preformecd by cleanHtml() */
 		{
-			$no_encode = TRUE;
+			$no_encode = true;
 		}
 		if (is_numeric($original_author) && !check_class($core_pref->get('post_html'), '', $original_author))
 		{
-			$no_encode = FALSE;
+			$no_encode = false;
 		}
-		if ($no_encode === TRUE && strpos($mod, 'no_html') === FALSE)
+		if ($no_encode === true && strpos($mod, 'no_html') === false)
 		{
 			$search = array('$', '"', "'", '\\', '<?');
 			$replace = array('&#036;', '&quot;', '&#039;', '&#092;', '&lt;?');
 			$ret = str_replace($search, $replace, $data);
 		}
-		else
+		else // add entities for everything. we want to save the code.
 		{
 			$data = htmlspecialchars($data, ENT_QUOTES, 'UTF-8');
@@ -569,7 +570,7 @@ class e_parse extends e_parser
 		}
 		// XXX - php_bbcode has been deprecated. 
-		if ((strpos($mod, 'no_php') !== FALSE) || !check_class($core_pref->get('php_bbcode')))
+		if ((strpos($mod, 'no_php') !== false) || !check_class($core_pref->get('php_bbcode')))
 		{
 			$ret = preg_replace("#\[(php)#i", "&#91;\\1", $ret);
 		}