novabbs
/
rocksolid-light
3
0
Fork 1
Code Issues 25 Pull Requests Releases Wiki Activity

Use htmlspecialchars properly.

This commit is contained in:
Retro_Guy 2023-08-19 07:45:07 -07:00
parent b2412a8cbf
commit 500023723e
1 changed files with 17 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
Rocksolid_Light/rocksolid/lib/message.inc.php
View File

@ -594,6 +594,22 @@ function text2html($text) {
return $text;
}
function nl2p($string, $line_breaks = true, $xml = true) {
$string = str_replace(array('<p>', '</p>', '<br>', '<br />'), '', $string);
// It is conceivable that people might still want single line-breaks
// without breaking into a new paragraph.
if ($line_breaks == true)
return '<p>'.preg_replace(array("/([\n]{2,})/i", "/([^>])\n([^<])/i"), array("</p>\n<p>", '$1<br'.($xml == true ? ' /' : '').'>$2'), trim($string)).'</p>';
else
return '<p>'.preg_replace(
array("/([\n]{2,})/i", "/([\r\n]{3,})/i","/([^>])\n([^<])/i"),
array("</p>\n<p>", "</p>\n<p>", '$1<br'.($xml == true ? ' /' : '').'>$2'),
trim($string)).'</p>';
}
/*
* print an article to the webpage
*
@ -628,7 +644,6 @@ function message_show($group,$id,$attachment=0,$article_data=false,$maxlen=false
show_header($head,$group,$local_poster);
// X-Face
if ($face = display_full_headers($head->number,$group,$head->name,$head->from,true)) {
// $pngfile = '../tmp/face-'.preg_replace("/[^A-Za-z0-9 ]/", '', $head->id);
$pngfile = '../tmp/face-'.hash('ripemd160', $face);
if(file_exists($pngfile)) {
echo '<img align="right" src="'.$pngfile.'">';
@ -660,6 +675,7 @@ function message_show($group,$id,$attachment=0,$article_data=false,$maxlen=false
$encrypted=true;
}
if($encrypted === false) {
$body = nl2p(htmlspecialchars($body));
$body=decode_textbody($body,
$article_data->header->content_type_format[$attachment]);
}