From e8fc34e75c4c9684b8c7e03d471a905e08446618 Mon Sep 17 00:00:00 2001
From: Fil <fil@rezo.net>
Date: Wed, 15 Apr 2009 10:35:15 +0200
Subject: Use preg_quote to fix http://laconi.ca/trac/ticket/1342

---
 actions/noticesearch.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'actions/noticesearch.php')

diff --git a/actions/noticesearch.php b/actions/noticesearch.php
index 095d0a454..0828e47d7 100644
--- a/actions/noticesearch.php
+++ b/actions/noticesearch.php
@@ -184,11 +184,11 @@ class SearchNoticeListItem extends NoticeListItem {
     function highlight($text, $terms)
     {
         /* Highligh search terms */
-        $pattern = '/('.implode('|', array_map('htmlspecialchars', $terms)).')/i';
+        $pattern = '/('.implode('|', array_map('preg_quote', array_map('htmlspecialchars', $terms))).')/i';
         $result  = preg_replace($pattern, '<strong>\\1</strong>', $text);
 
         /* Remove highlighting from inside links, loop incase multiple highlights in links */
-        $pattern = '/(href="[^"]*)<strong>('.implode('|', array_map('htmlspecialchars', $terms)).')<\/strong>([^"]*")/iU';
+        $pattern = '/(href="[^"]*)<strong>('.implode('|', array_map('preg_quote', array_map('htmlspecialchars', $terms))).')<\/strong>([^"]*")/iU';
         do {
             $result = preg_replace($pattern, '\\1\\2\\3', $result, -1, $count);
         } while ($count);
-- 
cgit v1.2.3


From 8439477201cd59a6c0dba84ddf48eb86a6154199 Mon Sep 17 00:00:00 2001
From: Adrian Lang <mail@adrianlang.de>
Date: Wed, 15 Apr 2009 13:29:52 +0200
Subject: Add escaping of /.

---
 actions/noticesearch.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'actions/noticesearch.php')

diff --git a/actions/noticesearch.php b/actions/noticesearch.php
index 0828e47d7..d996998fc 100644
--- a/actions/noticesearch.php
+++ b/actions/noticesearch.php
@@ -184,11 +184,13 @@ class SearchNoticeListItem extends NoticeListItem {
     function highlight($text, $terms)
     {
         /* Highligh search terms */
-        $pattern = '/('.implode('|', array_map('preg_quote', array_map('htmlspecialchars', $terms))).')/i';
+        $options = implode('|', array_map('preg_quote', array_map('htmlspecialchars', $terms),
+                                                            array_fill(0, sizeof($terms), '/')));
+        $pattern = "/($options)/i";
         $result  = preg_replace($pattern, '<strong>\\1</strong>', $text);
 
         /* Remove highlighting from inside links, loop incase multiple highlights in links */
-        $pattern = '/(href="[^"]*)<strong>('.implode('|', array_map('preg_quote', array_map('htmlspecialchars', $terms))).')<\/strong>([^"]*")/iU';
+        $pattern = '/(href="[^"]*)<strong>('.$options.')<\/strong>([^"]*")/iU';
         do {
             $result = preg_replace($pattern, '\\1\\2\\3', $result, -1, $count);
         } while ($count);
-- 
cgit v1.2.3