Index: trunk/globals.php
===================================================================
diff -u -r693 -r717
--- trunk/globals.php (.../globals.php) (revision 693)
+++ trunk/globals.php (.../globals.php) (revision 717)
@@ -665,15 +665,15 @@
$text);
// bbcode [code]xxx[/code] processing
- $text = preg_replace('/\[code](.*)\[\/code]/Ues', 'ReplaceCodeBBCode(highlight_string(\'UndoSmileys(_unhtmlentities( stripslashes(\'$1\') ) ).\' ?>\', true));', $text);
+ $text = preg_replace('/\[code\](.*)\[\/code\]/Ues', 'ReplaceCodeBBCode(highlight_string("UndoSmileys(_unhtmlentities( stripslashes(\'$1\') ) ). "?>" , true));', $text);
return $text;
}
function ReplaceCodeBBCode($input_string)
{
if( strlen($input_string) )
{
- $input_string = str_replace(Array('<?php ','?>'),Array('',''),$input_string);
+ $input_string = str_replace(Array('<?php','?>'),Array('',''),$input_string);
}
$input_string = str_replace("
","",$input_string);
Index: trunk/kernel/parser.php
===================================================================
diff -u -r715 -r717
--- trunk/kernel/parser.php (.../parser.php) (revision 715)
+++ trunk/kernel/parser.php (.../parser.php) (revision 717)
@@ -544,22 +544,29 @@
*/
function m_form_textarea($attribs = array())
{
- global $FormValues;
- $html_attribs = ExtraAttributes($attribs);
- $field = $attribs["_field"];
- $form = $attribs["_form"];
- if(isset($_POST[$field]))
- {
- $value = stripslashes($_POST[$field]);
- }
- else
- $value = stripslashes($FormValues[$attribs["_form"]][$field]);
- $ret = "";
- if($attribs["_required"])
- $ret .= "";
- if($attribs["_custom"])
- $ret .= "";
- return $ret;
+ global $FormValues;
+ $html_attribs = ExtraAttributes($attribs);
+ $field = $attribs["_field"];
+ $form = $attribs["_form"];
+ if(isset($_POST[$field]))
+ {
+ $value = inp_htmlize($_POST[$field],1);
+ }
+ else
+ {
+ $value = inp_htmlize($FormValues[$attribs["_form"]][$field]);
+ }
+
+ $ret = "";
+ if($attribs["_required"])
+ {
+ $ret .= "";
+ }
+ if($attribs["_custom"])
+ {
+ $ret .= "";
+ }
+ return $ret;
}
/*