From 012d5a47227ad80753fc1178ccc85c3b15dd5c09 Mon Sep 17 00:00:00 2001
From: Igor Scheller <igor.scheller@igorshp.de>
Date: Fri, 28 Dec 2018 22:32:36 +0100
Subject: Don't strip characters from direct messages

---
 includes/sys_page.php | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'includes/sys_page.php')

diff --git a/includes/sys_page.php b/includes/sys_page.php
index a560c3ba..e94a92cc 100644
--- a/includes/sys_page.php
+++ b/includes/sys_page.php
@@ -197,6 +197,7 @@ function strip_request_item_nl($name, $default_value = null)
 {
     $request = request();
     if ($request->has($name)) {
+        // Only allow letters, symbols, punctuation, separators, numbers and newlines without html tags
         return preg_replace(
             "/([^\p{L}\p{S}\p{P}\p{Z}\p{N}+\n]{1,})/ui",
             '',
@@ -214,6 +215,7 @@ function strip_request_item_nl($name, $default_value = null)
  */
 function strip_item($item)
 {
+    // Only allow letters, symbols, punctuation, separators and numbers without html tags
     return preg_replace("/([^\p{L}\p{S}\p{P}\p{Z}\p{N}+]{1,})/ui", '', strip_tags($item));
 }
 
-- 
cgit v1.2.3-54-g00ecf