From 1bb2c57842373036a63036cc834e21f5838b7bd3 Mon Sep 17 00:00:00 2001 From: Igor Scheller Date: Fri, 28 Dec 2018 22:52:00 +0100 Subject: comments: Don't strip characters closes #510 (htmlentities-like content in a comment gets removed) --- includes/pages/user_news.php | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) (limited to 'includes') diff --git a/includes/pages/user_news.php b/includes/pages/user_news.php index 34be033f..29aff5ca 100644 --- a/includes/pages/user_news.php +++ b/includes/pages/user_news.php @@ -143,11 +143,7 @@ function user_news_comments() $nid = $request->input('nid'); $news = DB::selectOne('SELECT * FROM `News` WHERE `ID`=? LIMIT 1', [$nid]); if ($request->hasPostData('submit') && $request->has('text')) { - $text = preg_replace( - "/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", - '', - strip_tags($request->input('text')) - ); + $text = $request->input('text'); DB::insert(' INSERT INTO `NewsComments` (`Refid`, `Datum`, `Text`, `UID`) VALUES (?, ?, ?, ?) @@ -159,7 +155,8 @@ function user_news_comments() $user->id, ] ); - engelsystem_log('Created news_comment: ' . $text); + + engelsystem_log('Created news_comment: ' . htmlspecialchars($text)); $html .= success(__('Entry saved.'), true); } @@ -227,6 +224,7 @@ function user_news() $isMeeting, ] ); + engelsystem_log('Created news: ' . $request->postData('betreff') . ', treffen: ' . $isMeeting); success(__('Entry saved.')); redirect(page_link_to('news')); -- cgit v1.2.3-70-g09d2