diff options
Diffstat (limited to 'phpBB/includes')
| -rw-r--r-- | phpBB/includes/template.php | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/phpBB/includes/template.php b/phpBB/includes/template.php index bcdb2e00f7..4ca701ff9f 100644 --- a/phpBB/includes/template.php +++ b/phpBB/includes/template.php @@ -273,8 +273,11 @@ class Template // Remove any "loose" php ... we want to give admins the ability // to switch on/off PHP for a given template. Allowing unchecked - // php is a no-no - $code = preg_replace('#\<\?php(.*?)\?\>#is', '', $code); + // php is a no-no. There is a potential issue here in that non-php + // content may be removed ... however designers should use entities + // if they wish to display < and > + $match_php_tags = array('#\<\?php .*?\?\>#is', '#\<\script language="php"\>.*?\<\/script\>#is', '#\<\?.*?\?\>#s', '#\<%.*?%\>#s'); + $code = preg_replace($match_php_tags, '', $code); // Pull out all block/statement level elements and seperate // plain text |