Strip HTML comments as well in StringUtil::stripHTML()
authorTim Düsterhus <timwolla@arcor.de>
Thu, 8 Dec 2011 15:55:18 +0000 (16:55 +0100)
committerTim Düsterhus <timwolla@arcor.de>
Thu, 8 Dec 2011 15:55:18 +0000 (16:55 +0100)
Fixes https://www.woltlab.com/bugtracker/index.php?page=Bug&bugID=428

wcfsetup/install/files/lib/util/StringUtil.class.php

index e42f7246ad5a8cc91a7f2e3e2af942c5a05f2c0f..e37debe42ac3ce685be60646dc9736ca4d3d1a27 100644 (file)
@@ -17,6 +17,7 @@ class StringUtil {
                        (?:\s*[a-z]+\s*=\s*(?:
                        "[^"\\\\]*(?:\\\\.[^"\\\\]*)*"|\'[^\'\\\\]*(?:\\\\.[^\'\\\\]*)*\'|[^\s>]
                        ))*\s*/?>~ix';
+       const HTML_COMMENT_PATTERN = '~<!--(.*?)-->~';
        
        /**
         * Returns a salted hash of the given value.
@@ -493,7 +494,7 @@ class StringUtil {
         * @return      string
         */
        public static function stripHTML($string) {
-               return preg_replace(self::HTML_PATTERN, '', $string);
+               return preg_replace(self::HTML_PATTERN, '', preg_replace(self::HTML_COMMENT_PATTERN, '', $string));
        }
        
        /**