+ $cleaned_note = clean_note(stripslashes($note)); + $cleaned_note = preg_replace_callback( + '#<\?php(.*)\?>#', + create_function( + '$matches', + 'return highlight_php(\'<?php\'.$matches[1].\'?>\');' + ) + );
One call of highlight_php should be enough as PHP tags are found by this function - preg is useless. It will be also better to call highlight_php inside clean_note - preview is displayed on more than one place. You must call it in the place of htmlspecialchars - this will not work as <? is changed to < - highlight_string do escape for you. There is one more issue - there is no highlight_php function in php-master-web, you must implement it or use highlight_string instead.
I would be happy to commit a corrected patch :) BTW do not worry about the missing highlight_php() function, it will be implemented if needed.
Goba
