diff options
| author | Mike Cochrane <mikec@mikenz.geek.nz> | 2008-07-20 08:28:32 -0400 |
|---|---|---|
| committer | Mike Cochrane <mikec@mikenz.geek.nz> | 2008-07-20 08:28:32 -0400 |
| commit | de81e92f0b9b45c161912c920dd395c9cb1f1177 (patch) | |
| tree | a52654241997a467f3f4dccd1abed90505f83478 /lib | |
| parent | 26f6c917a7fd3fd5a4d7daf5ebda12b80b3c6a98 (diff) | |
Strip characters that shouldn't be in xml. Fixes http://laconi.ca/PITS/00253 for future messages, or all after a regeneration of rendered messages
darcs-hash:20080720122832-533db-7fda43b257160b90788f0d860d50df995d463ee8.gz
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/util.php | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/lib/util.php b/lib/util.php index 9ebb487a1..1ec68863e 100644 --- a/lib/util.php +++ b/lib/util.php @@ -647,6 +647,8 @@ define('URL_REGEX', '^|[ \t\r\n])((ftp|http|https|gopher|mailto|news|nntp|telnet function common_render_content($text, $notice) { $r = htmlspecialchars($text); + + $r = preg_replace('/[\x{0}-\x{8}\x{b}-\x{c}\x{e}-\x{19}]/', '', $r); $id = $notice->profile_id; $r = preg_replace('@https?://[^)\]>\s]+@', '<a href="\0" class="extlink">\0</a>', $r); $r = preg_replace('/(^|\s+)@([a-z0-9]{1,64})/e', "'\\1@'.common_at_link($id, '\\2')", $r); |