[Phpmyadmin-git] [SCM] phpMyAdmin branch, master, updated. RELEASE_3_4_0BETA2-1485-gcc8e384

Fri, 28 Jan 2011 14:12:42 -0800 

The branch, master has been updated
       via  cc8e3849cf88f90218df6c5b6c42b1c4393d8ec3 (commit)
      from  59f561b4502f59a6b3387992074c6db4b17f1c15 (commit)


- Log -----------------------------------------------------------------
commit cc8e3849cf88f90218df6c5b6c42b1c4393d8ec3
Author: Michal Čihař <[email protected]>
Date:   Fri Jan 28 23:12:18 2011 +0100

    The decodeBB did not escape <>, keep this functionality.

-----------------------------------------------------------------------

Summary of changes:
 libraries/Message.class.php  |    2 +-
 libraries/sanitizing.lib.php |    7 ++++---
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/libraries/Message.class.php b/libraries/Message.class.php
index 6a4df5b..a985393 100644
--- a/libraries/Message.class.php
+++ b/libraries/Message.class.php
@@ -654,7 +654,7 @@ class PMA_Message
      */
     static public function decodeBB($message)
     {
-        return PMA_sanitize($message, false);
+        return PMA_sanitize($message, false, true);
     }
 
     /**
diff --git a/libraries/sanitizing.lib.php b/libraries/sanitizing.lib.php
index 606c730..adb8df2 100644
--- a/libraries/sanitizing.lib.php
+++ b/libraries/sanitizing.lib.php
@@ -27,11 +27,12 @@
  *
  * @access  public
  */
-function PMA_sanitize($message, $escape = false)
+function PMA_sanitize($message, $escape = false, $safe = false)
 {
+    if (!$safe) {
+        $message = strtr($message, array('<' => '&lt;', '>' => '&gt;'));
+    }
     $replace_pairs = array(
-        '<'         => '&lt;',
-        '>'         => '&gt;',
         '[i]'       => '<em>',      // deprecated by em
         '[/i]'      => '</em>',     // deprecated by em
         '[em]'      => '<em>',


hooks/post-receive
-- 
phpMyAdmin

------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires 
February 28th, so secure your free ArcSight Logger TODAY! 
http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________
Phpmyadmin-git mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/phpmyadmin-git

Reply via email to