From 7658e902fc217f832feace92e7c297b0c5da77cf Mon Sep 17 00:00:00 2001 From: Simon Welsh Date: Wed, 15 Feb 2012 07:55:52 +1300 Subject: [PATCH] BUGFIX Convert::html2raw() not correctly stripping script and style tags --- core/Convert.php | 4 ++-- tests/core/ConvertTest.php | 14 ++++++++++++++ 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/core/Convert.php b/core/Convert.php index 0be48ac7d..8501cf530 100644 --- a/core/Convert.php +++ b/core/Convert.php @@ -273,8 +273,8 @@ class Convert { /* $data = eregi_replace("][^>]*)?>.*]*>","", $data);*/ /* $data = eregi_replace("][^>]*)?>.*]*>","", $data);*/ - $data = preg_replace("/][^>]*)?>.*?<\/style[^>]*>/i","", $data); - $data = preg_replace("/][^>]*)?>.*?<\/script[^>]*>/i","", $data); + $data = preg_replace("/][^>]*)?>.*?<\/style[^>]*>/is","", $data); + $data = preg_replace("/][^>]*)?>.*?<\/script[^>]*>/is","", $data); if($config['ReplaceBoldAsterisk']) { $data = preg_replace('%<(strong|b)( [^>]*)?>|%i','*',$data); diff --git a/tests/core/ConvertTest.php b/tests/core/ConvertTest.php index bdaa60daa..b94b79cc7 100644 --- a/tests/core/ConvertTest.php +++ b/tests/core/ConvertTest.php @@ -37,6 +37,20 @@ class ConvertTest extends SapphireTest { $val2 = 'This has a strong tag with attributes.'; $this->assertEquals('This has a *strong tag with attributes*.', Convert::xml2raw($val2), 'Strong tags with attributes are replaced with asterisks'); + + $val3 = ''; + $this->assertEquals('', Convert::xml2raw($val3), 'Script tags are completely removed'); + + $val4 = ''; + $this->assertEquals('', Convert::xml2raw($val4), 'Style tags are completely removed'); + + $val5 = ''; + $this->assertEquals('', Convert::xml2raw($val5), 'Multiline script tags are completely removed'); + + $val6 = ''; + $this->assertEquals('', Convert::xml2raw($val6), 'Multiline style tags are completely removed'); } /**