mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-06 14:46:56 +02:00
Code Issues Releases Wiki Activity

Issue #1547 - Corrected rendering of <script> tags from database.

Browse Source
This commit is contained in:
Cameron
2016-04-17 12:49:15 -07:00
parent 7e7833cbda
commit a3fb19d59a
1 changed files with 3 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
e107_handlers/e_parse_class.php
View File

@@ -1637,7 +1637,7 @@ class e_parse extends e_parser
case 'html' : // This overrides and deprecates html.bb case 'html' : // This overrides and deprecates html.bb
$proc_funcs = TRUE; $proc_funcs = TRUE;
$noBreak = TRUE;
// $code_text = str_replace("\r\n", " ", $code_text); // $code_text = str_replace("\r\n", " ", $code_text);
// $code_text = html_entity_decode($code_text, ENT_QUOTES, CHARSET); // $code_text = html_entity_decode($code_text, ENT_QUOTES, CHARSET);
// $code_text = str_replace('&','&amp;',$code_text); // validation safe. // $code_text = str_replace('&','&amp;',$code_text); // validation safe.
@@ -1697,17 +1697,15 @@ class e_parse extends e_parser
// Do the 'normal' processing - in principle, as previously - but think about the order. // Do the 'normal' processing - in principle, as previously - but think about the order.
if ($proc_funcs && !empty($full_text)) // some more speed if ($proc_funcs && !empty($full_text)) // some more speed
{ {
// Split out and ignore any scripts and style blocks. With just two choices we can match the closing tag in the regex // Split out and ignore any scripts and style blocks. With just two choices we can match the closing tag in the regex
$subcon = preg_split('#((?:<s)(?:cript[^>]+>.*?</script>|tyle[^>]+>.*?</style>))#mis', $full_text, -1, PREG_SPLIT_NO_EMPTY | PREG_SPLIT_DELIM_CAPTURE ); $subcon = preg_split('#((?:<s)(?:cript[^>]+>.*?</script>|tyle[^>]+>.*?</style>))#mis', $full_text, -1, PREG_SPLIT_NO_EMPTY | PREG_SPLIT_DELIM_CAPTURE );
foreach ($subcon as $sub_blk) foreach ($subcon as $sub_blk)
{ {
if(substr($sub_blk, 0, 7) == '<script') if(substr($sub_blk, 0, 7) == '<script') // Strip scripts unless permitted
{ {
if($opts['scripts']) if($opts['scripts'])
{ {
// Strip scripts unless permitted $ret_parser .= html_entity_decode($sub_blk, ENT_QUOTES);
$ret_parser .= $sub_blk;
} }
} }
elseif(substr($sub_blk, 0, 6) == '<style') elseif(substr($sub_blk, 0, 6) == '<style')