prevent absolutely useless 'exploit' (not really) while editing filters (closes #572)
This commit is contained in:
parent
26e2b18433
commit
f01c8ec4f1
|
@ -372,7 +372,7 @@ class Pref_Filters extends Handler_Protected {
|
||||||
WHERE id = ".(int)$rule["filter_type"]);
|
WHERE id = ".(int)$rule["filter_type"]);
|
||||||
$match_on = db_fetch_result($result, 0, "description");
|
$match_on = db_fetch_result($result, 0, "description");
|
||||||
|
|
||||||
return T_sprintf("%s on %s in %s", $rule["reg_exp"], $match_on, $feed);
|
return T_sprintf("%s on %s in %s", strip_tags($rule["reg_exp"]), $match_on, $feed);
|
||||||
}
|
}
|
||||||
|
|
||||||
function printRuleName() {
|
function printRuleName() {
|
||||||
|
|
|
@ -964,6 +964,8 @@ function createNewRuleElement(parentNode, replaceNode) {
|
||||||
try {
|
try {
|
||||||
var form = document.forms["filter_new_rule_form"];
|
var form = document.forms["filter_new_rule_form"];
|
||||||
|
|
||||||
|
form.reg_exp.value = form.reg_exp.value.replace(/(<([^>]+)>)/ig,"");
|
||||||
|
|
||||||
var query = "backend.php?op=pref-filters&method=printrulename&rule="+
|
var query = "backend.php?op=pref-filters&method=printrulename&rule="+
|
||||||
param_escape(dojo.formToJson(form));
|
param_escape(dojo.formToJson(form));
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue