Commit 7ed34ac5 authored by Marius Burkard's avatar Marius Burkard

- fixed regex for stripping <script> tags

- no entities on wordbook entries
parent c17ea82a
......@@ -473,9 +473,8 @@ class tform_base {
if(is_array($field['value'])) {
foreach($field['value'] as $k => $v) {
$selected = ($k == $val)?' SELECTED':'';
if(isset($this->wordbook[$v]))
$v = $this->wordbook[$v];
$v = $app->functions->htmlentities($v);
if(isset($this->wordbook[$v])) $v = $this->wordbook[$v];
else $v = $app->functions->htmlentities($v);
$out .= "<option value='$k'$selected>".$this->lng($v)."</option>\r\n";
}
}
......@@ -914,7 +913,7 @@ class tform_base {
$returnval = preg_replace('/\s+/', '', $returnval);
break;
case 'STRIPTAGS':
$returnval = strip_tags(preg_replace('/<script[^>]*>/is', '', $returnval));
$returnval = strip_tags(preg_replace('/<script[^>]*?>.*?<\/script>/is', '', $returnval));
break;
case 'STRIPNL':
$returnval = str_replace(array("\n","\r"),'', $returnval);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment