FIX Escape dollar signs in UserForm contents before inserting them with regex (#723)

code/model/UserDefinedForm.php

@@ -370,7 +370,9 @@ class UserDefinedForm_Controller extends Page_Controller {
 		if($this->Content && $form = $this->Form()) {
 			$hasLocation = stristr($this->Content, '$UserDefinedForm');
 			if($hasLocation) {
-				$content = preg_replace('/(<p[^>]*>)?\\$UserDefinedForm(<\\/p>)?/i', $form->forTemplate(), $this->Content);
+				/** @see Requirements_Backend::escapeReplacement */
+				$formEscapedForRegex = addcslashes($form->forTemplate(), '\\$');
+				$content = preg_replace('/(<p[^>]*>)?\\$UserDefinedForm(<\\/p>)?/i', $formEscapedForRegex, $this->Content);
 				return array(
 					'Content' => DBField::create_field('HTMLText', $content),
 					'Form' => ""