From eeb82973cf7f54c3fb0d65c2ea615a79314381bc Mon Sep 17 00:00:00 2001
From: =?utf8?q?Tim=20D=C3=BCsterhus?= <timwolla@arcor.de>
Date: Thu, 8 Dec 2011 16:55:18 +0100
Subject: [PATCH] Strip HTML comments as well in StringUtil::stripHTML()

Fixes https://www.woltlab.com/bugtracker/index.php?page=Bug&bugID=428
---
 wcfsetup/install/files/lib/util/StringUtil.class.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/wcfsetup/install/files/lib/util/StringUtil.class.php b/wcfsetup/install/files/lib/util/StringUtil.class.php
index e42f7246ad..e37debe42a 100644
--- a/wcfsetup/install/files/lib/util/StringUtil.class.php
+++ b/wcfsetup/install/files/lib/util/StringUtil.class.php
@@ -17,6 +17,7 @@ class StringUtil {
 			(?:\s*[a-z]+\s*=\s*(?:
 			"[^"\\\\]*(?:\\\\.[^"\\\\]*)*"|\'[^\'\\\\]*(?:\\\\.[^\'\\\\]*)*\'|[^\s>]
 			))*\s*/?>~ix';
+	const HTML_COMMENT_PATTERN = '~<!--(.*?)-->~';
 	
 	/**
 	 * Returns a salted hash of the given value.
@@ -493,7 +494,7 @@ class StringUtil {
 	 * @return	string
 	 */
 	public static function stripHTML($string) {
-		return preg_replace(self::HTML_PATTERN, '', $string);
+		return preg_replace(self::HTML_PATTERN, '', preg_replace(self::HTML_COMMENT_PATTERN, '', $string));
 	}
 	
 	/**
-- 
2.20.1