From cf11f57a5b4f4ede0c743b074603e831985d9497 Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Sat, 22 Jun 2019 18:20:43 -0400 Subject: [PATCH] Escape HTML pre-formatted blocks before converting smilies --- src/Content/Smilies.php | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/Content/Smilies.php b/src/Content/Smilies.php index 9fbfd2d629..57d14633ac 100644 --- a/src/Content/Smilies.php +++ b/src/Content/Smilies.php @@ -213,7 +213,8 @@ class Smilies return $text; } - $text = preg_replace_callback('/(.*?)<\/code>/ism', 'self::encode', $text); + $text = preg_replace_callback('/<(pre)>(.*?)<\/pre>/ism', 'self::encode', $text); + $text = preg_replace_callback('/<(code)>(.*?)<\/code>/ism', 'self::encode', $text); if ($no_images) { $cleaned = ['texts' => [], 'icons' => []]; @@ -230,7 +231,8 @@ class Smilies $text = preg_replace_callback('/<(3+)/', 'self::pregHeart', $text); $text = self::strOrigReplace($smilies['texts'], $smilies['icons'], $text); - $text = preg_replace_callback('/(.*?)<\/code>/ism', 'self::decode', $text); + $text = preg_replace_callback('/<(code)>(.*?)<\/code>/ism', 'self::decode', $text); + $text = preg_replace_callback('/<(pre)>(.*?)<\/pre>/ism', 'self::decode', $text); return $text; } @@ -242,7 +244,7 @@ class Smilies */ private static function encode($m) { - return '' . Strings::base64UrlEncode($m[1]) . ''; + return '<' . $m[1] . '>' . Strings::base64UrlEncode($m[2]) . ''; } /** @@ -253,7 +255,7 @@ class Smilies */ private static function decode($m) { - return '' . Strings::base64UrlDecode($m[1]) . ''; + return '<' . $m[1] . '>' . Strings::base64UrlDecode($m[2]) . ''; }