From: <rob...@us...> - 2012-05-14 01:59:14
|
Revision: 41446 http://tikiwiki.svn.sourceforge.net/tikiwiki/?rev=41446&view=rev Author: robertplummer Date: 2012-05-14 01:59:07 +0000 (Mon, 14 May 2012) Log Message: ----------- [FIX] Ensure we only use htmlspecialentities_decode and get the fingerprint finder for pre 9 to match up to a sort of partial decoded state, everything decoded with the exception of < and > Modified Paths: -------------- branches/9.x/lib/wiki/wikilib.php Modified: branches/9.x/lib/wiki/wikilib.php =================================================================== --- branches/9.x/lib/wiki/wikilib.php 2012-05-13 23:55:45 UTC (rev 41445) +++ branches/9.x/lib/wiki/wikilib.php 2012-05-14 01:59:07 UTC (rev 41446) @@ -1435,8 +1435,11 @@ $name = $match->getName(); $meta = $this->parserlib->plugin_info($name); $args = $this->argumentParser->parse($match->getArguments()); + + //RobertPlummer - pre 9, latest findings from v8 is that the < and > chars are THE ONLY ones converted to < and > everything else seems to be decoded $body = $match->getBody(); - + $body = htmlspecialchars_decode($body); + $body = str_replace(array('<', '>'), array('<', '>'), $body); $fingerPrintsOld[] = $this->parserlib->plugin_fingerprint($name, $meta, $body, $args); } @@ -1448,7 +1451,7 @@ //Here we detect if a plugin was double encoded and this is the second decode if (preg_match("/&&/i", $argsRaw) || preg_match("/"/i", $argsRaw) || preg_match("/>/i", $argsRaw)) { //try to detect double encoding - $argsRaw = html_entity_decode($argsRaw); // decode entities in the plugin args (usually ") + $argsRaw = htmlspecialchars_decode($argsRaw); // decode entities in the plugin args (usually ") } $args = $this->argumentParser->parse($argsRaw); This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |