Ticket #6642: bug6642.patch

File bug6642.patch, 475 bytes (added by schiller, 8 months ago)

Patch for kses, prevents adjacent hyphens in a HTML/XML comment

  • kses.php

    old new  
    429429                        $string = $newstring; 
    430430                if ( $string == '' ) 
    431431                        return ''; 
     432                // prevent multiple dashes in comments 
     433                $string = preg_replace('/--+/', '-', $string); 
     434                // prevent three dashes closing a comment 
     435                $string = preg_replace('/-$/', '', $string); 
    432436                return "<!--{$string}-->"; 
    433437        } 
    434438        # Allow HTML comments