diff options
author | Andrew Dolgov <[email protected]> | 2015-12-03 10:17:32 +0300 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2015-12-03 10:17:32 +0300 |
commit | 154f14d01b1b307cab2231d05c407bcf31d849c0 (patch) | |
tree | 61ae2fc396bc552e6ef82adf75138f66f2378900 /classes | |
parent | 01bf7f8887d2dced6816c726ca0864796f6a8f1d (diff) |
filters: do not strip_tags() on regexps
Diffstat (limited to 'classes')
-rwxr-xr-x | classes/pref/filters.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/classes/pref/filters.php b/classes/pref/filters.php index d768a136f..20af6e1e2 100755 --- a/classes/pref/filters.php +++ b/classes/pref/filters.php @@ -232,7 +232,7 @@ class Pref_Filters extends Handler_Protected { $inverse = sql_bool_to_bool($line["inverse"]) ? "inverse" : ""; $rv .= "<span class='$inverse'>" . T_sprintf("%s on %s in %s %s", - strip_tags($line["reg_exp"]), + htmlspecialchars($line["reg_exp"]), $line["field"], $where, sql_bool_to_bool($line["inverse"]) ? __("(inverse)") : "") . "</span>"; @@ -513,7 +513,7 @@ class Pref_Filters extends Handler_Protected { $inverse = isset($rule["inverse"]) ? "inverse" : ""; return "<span class='filterRule $inverse'>" . - T_sprintf("%s on %s in %s %s", strip_tags($rule["reg_exp"]), + T_sprintf("%s on %s in %s %s", htmlspecialchars($rule["reg_exp"]), $filter_type, $feed, isset($rule["inverse"]) ? __("(inverse)") : "") . "</span>"; } @@ -618,7 +618,7 @@ class Pref_Filters extends Handler_Protected { foreach ($rules as $rule) { if ($rule) { - $reg_exp = strip_tags($this->dbh->escape_string(trim($rule["reg_exp"]))); + $reg_exp = $this->dbh->escape_string(trim($rule["reg_exp"]), false); $inverse = isset($rule["inverse"]) ? "true" : "false"; $filter_type = (int) $this->dbh->escape_string(trim($rule["filter_type"])); |