mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-31 22:10:45 +02:00
Code Issues Releases Wiki Activity

[ticket/security-264] Ensure HTML entity state after removing formatting

Browse Source 
SECURITY-264
This commit is contained in:
Marc Alexander
2020-10-23 20:38:51 +02:00
parent 5df37895d8
commit 3957161124
2 changed files with 15 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
phpBB/phpbb/textformatter/s9e/utils.php
View File

@@ -31,7 +31,7 @@ class utils implements \phpbb\textformatter\utils_interface
// Insert a space before <s> and <e> then remove formatting
$xml = preg_replace('#<[es]>#', ' $0', $xml);
return \s9e\TextFormatter\Utils::removeFormatting($xml);
return utf8_htmlspecialchars(\s9e\TextFormatter\Utils::removeFormatting($xml));
}
/**