diff options
Diffstat (limited to 'classes/article.php')
-rwxr-xr-x | classes/article.php | 25 |
1 files changed, 23 insertions, 2 deletions
diff --git a/classes/article.php b/classes/article.php index c23a1b820..43b25f94f 100755 --- a/classes/article.php +++ b/classes/article.php @@ -306,9 +306,9 @@ class Article extends Handler_Protected { $sth->execute([$int_id, $_SESSION['uid']]); foreach ($tags as $tag) { - $tag = sanitize_tag($tag); + $tag = Article::sanitize_tag($tag); - if (!tag_is_valid($tag)) { + if (!Article::tag_is_valid($tag)) { continue; } @@ -800,4 +800,25 @@ class Article extends Handler_Protected { return $rv; } + static function sanitize_tag($tag) { + $tag = trim($tag); + + $tag = mb_strtolower($tag, 'utf-8'); + + $tag = preg_replace('/[,\'\"\+\>\<]/', "", $tag); + + if (DB_TYPE == "mysql") { + $tag = preg_replace('/[\x{10000}-\x{10FFFF}]/u', "\xEF\xBF\xBD", $tag); + } + + return $tag; + } + + static function tag_is_valid($tag) { + if (!$tag || is_numeric($tag) || mb_strlen($tag) > 250) + return false; + + return true; + } + } |