From 154f14d01b1b307cab2231d05c407bcf31d849c0 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Thu, 3 Dec 2015 10:17:32 +0300 Subject: [PATCH] filters: do not strip_tags() on regexps --- classes/pref/filters.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/classes/pref/filters.php b/classes/pref/filters.php index d768a136f..20af6e1e2 100755 --- a/classes/pref/filters.php +++ b/classes/pref/filters.php @@ -232,7 +232,7 @@ class Pref_Filters extends Handler_Protected { $inverse = sql_bool_to_bool($line["inverse"]) ? "inverse" : ""; $rv .= "" . T_sprintf("%s on %s in %s %s", - strip_tags($line["reg_exp"]), + htmlspecialchars($line["reg_exp"]), $line["field"], $where, sql_bool_to_bool($line["inverse"]) ? __("(inverse)") : "") . ""; @@ -513,7 +513,7 @@ class Pref_Filters extends Handler_Protected { $inverse = isset($rule["inverse"]) ? "inverse" : ""; return "" . - T_sprintf("%s on %s in %s %s", strip_tags($rule["reg_exp"]), + T_sprintf("%s on %s in %s %s", htmlspecialchars($rule["reg_exp"]), $filter_type, $feed, isset($rule["inverse"]) ? __("(inverse)") : "") . ""; } @@ -618,7 +618,7 @@ class Pref_Filters extends Handler_Protected { foreach ($rules as $rule) { if ($rule) { - $reg_exp = strip_tags($this->dbh->escape_string(trim($rule["reg_exp"]))); + $reg_exp = $this->dbh->escape_string(trim($rule["reg_exp"]), false); $inverse = isset($rule["inverse"]) ? "true" : "false"; $filter_type = (int) $this->dbh->escape_string(trim($rule["filter_type"]));