From: Tim Düsterhus Date: Thu, 8 Dec 2011 15:55:18 +0000 (+0100) Subject: Strip HTML comments as well in StringUtil::stripHTML() X-Git-Tag: 2.0.0_Beta_1~1532^2 X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=eeb82973cf7f54c3fb0d65c2ea615a79314381bc;p=GitHub%2FWoltLab%2FWCF.git Strip HTML comments as well in StringUtil::stripHTML() Fixes https://www.woltlab.com/bugtracker/index.php?page=Bug&bugID=428 --- diff --git a/wcfsetup/install/files/lib/util/StringUtil.class.php b/wcfsetup/install/files/lib/util/StringUtil.class.php index e42f7246ad..e37debe42a 100644 --- a/wcfsetup/install/files/lib/util/StringUtil.class.php +++ b/wcfsetup/install/files/lib/util/StringUtil.class.php @@ -17,6 +17,7 @@ class StringUtil { (?:\s*[a-z]+\s*=\s*(?: "[^"\\\\]*(?:\\\\.[^"\\\\]*)*"|\'[^\'\\\\]*(?:\\\\.[^\'\\\\]*)*\'|[^\s>] ))*\s*/?>~ix'; + const HTML_COMMENT_PATTERN = '~~'; /** * Returns a salted hash of the given value. @@ -493,7 +494,7 @@ class StringUtil { * @return string */ public static function stripHTML($string) { - return preg_replace(self::HTML_PATTERN, '', $string); + return preg_replace(self::HTML_PATTERN, '', preg_replace(self::HTML_COMMENT_PATTERN, '', $string)); } /**