diff options
| author | Paul S. Owen <psotfx@users.sourceforge.net> | 2003-04-28 15:06:34 +0000 |
|---|---|---|
| committer | Paul S. Owen <psotfx@users.sourceforge.net> | 2003-04-28 15:06:34 +0000 |
| commit | 7ea6b9d8fb367db324a67fb8230832b8fc500c3b (patch) | |
| tree | b60442afcf86d8558c41b9752f6d4ba0d6857fbd | |
| parent | 9206fc8d125dd2dc061e68de52f23309268e7275 (diff) | |
| download | forums-7ea6b9d8fb367db324a67fb8230832b8fc500c3b.tar forums-7ea6b9d8fb367db324a67fb8230832b8fc500c3b.tar.gz forums-7ea6b9d8fb367db324a67fb8230832b8fc500c3b.tar.bz2 forums-7ea6b9d8fb367db324a67fb8230832b8fc500c3b.tar.xz forums-7ea6b9d8fb367db324a67fb8230832b8fc500c3b.zip | |
Check for and remove other possible PHP execution tags
git-svn-id: file:///svn/phpbb/trunk@3957 89ea8834-ac86-4346-8a33-228a782c2dd0
| -rw-r--r-- | phpBB/includes/template.php | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/phpBB/includes/template.php b/phpBB/includes/template.php index bcdb2e00f7..4ca701ff9f 100644 --- a/phpBB/includes/template.php +++ b/phpBB/includes/template.php @@ -273,8 +273,11 @@ class Template // Remove any "loose" php ... we want to give admins the ability // to switch on/off PHP for a given template. Allowing unchecked - // php is a no-no - $code = preg_replace('#\<\?php(.*?)\?\>#is', '', $code); + // php is a no-no. There is a potential issue here in that non-php + // content may be removed ... however designers should use entities + // if they wish to display < and > + $match_php_tags = array('#\<\?php .*?\?\>#is', '#\<\script language="php"\>.*?\<\/script\>#is', '#\<\?.*?\?\>#s', '#\<%.*?%\>#s'); + $code = preg_replace($match_php_tags, '', $code); // Pull out all block/statement level elements and seperate // plain text |