From 9fc979dcd17d3b0f67b8553a4cbd529fb7d2be38 Mon Sep 17 00:00:00 2001
From: Graham Eames <grahamje@users.sourceforge.net>
Date: Sat, 28 Jan 2006 16:47:29 +0000
Subject: [PATCH] That was not the code you were looking for....

git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@5507 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/includes/functions_post.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/phpBB/includes/functions_post.php b/phpBB/includes/functions_post.php
index 3c92edf065..351b19acc1 100644
--- a/phpBB/includes/functions_post.php
+++ b/phpBB/includes/functions_post.php
@@ -46,7 +46,7 @@ function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid
 
 	if ($html_on)
 	{
-		$message = addslashes(preg_replace_callback('/<\/?(\w+)((?:[\W]+\w+\s*=\s*(?:"[^"]*"|\'[^\']*\'|`[^`]*`|.*?))*)\s*?\/?>/', 'clean_html', stripslashes($message)));
+		$message = addslashes(preg_replace_callback('/<\/?(\w+)((?:[^\w>]+\w+(?:\s*=\s*(?:"[^"]*"|\'[^\']*\'|`[^`]*`|�[^�]*�|.*?))?)*)[\W]*?\/?>/', 'clean_html', stripslashes($message)));
 	}
 	else
 	{
@@ -813,23 +813,23 @@ function clean_html($tag)
 	$disallowed_attributes = '/^(?:style|on)/';
 
 	if (in_array(strtolower($tag[1]), $allowed_html_tags))
-	{   
+	{	
 		$attributes = '';
 		if (!empty($tag[2]))
 		{
 			// Get all the elements of a tag so that they can be checked in turn
 			$matches = array();
-			preg_match_all('/[\W]+(\w+)\s*=\s*("[^"]*"|\'[^\']*\'|`[^`]*`|[^\'"`]*)/', $tag[2], $matches);
+			preg_match_all('/[\W]+(\w+)(?:\s*=\s*("[^"]*"|\'[^\']*\'|`[^`]*`|�[^�]*�|[^\'"`�]*))?/', $tag[2], $matches);
 
 			foreach ($matches[1] as $key => $value)
 			{
 				// Remove any attributes which are not allowed
-				if (preg_match($disallowed_attributes, strtolower($value)) || (!preg_match('/([\'`"]).*\\1/', $matches[2][$key]) && preg_match('/[^0-9a-zA-Z\\x2D\\x2E\\\x3A\\x5F]+/', $matches[2][$key])))
+				if (preg_match($disallowed_attributes, strtolower($value)) || (!preg_match('/([\'�`"]).*\\1/', $matches[2][$key]) && preg_match('/[^0-9a-zA-Z\\x2D\\x2E\\\x3A\\x5F]+/', $matches[2][$key])))
 				{
 					continue;
 				}
 				// Build a string containing the allowed attributes, strip out anything that could harm the parser
-				$attributes .= ' ' . $value . '="' . htmlentities(preg_replace('/^[`"\']?(.*?)[`"\']?$/', '\1', $matches[2][$key])) . '"';
+				$attributes .= ' ' . $value . '="' . htmlentities(preg_replace('/^[�`"\']?(.*?)[�`"\']?$/', '\1', $matches[2][$key])) . '"';
 			}
 		}
 		else