From: Andrew Dolgov <noreply@fakecake.org>
Date: Thu, 3 Dec 2015 07:17:32 +0000 (+0300)
Subject: filters: do not strip_tags() on regexps
X-Git-Tag: 16.3~86
X-Git-Url: https://git.wh0rd.org/?a=commitdiff_plain;h=154f14d01b1b307cab2231d05c407bcf31d849c0;p=tt-rss.git

filters: do not strip_tags() on regexps
---

diff --git a/classes/pref/filters.php b/classes/pref/filters.php
index d768a136..20af6e1e 100755
--- a/classes/pref/filters.php
+++ b/classes/pref/filters.php
@@ -232,7 +232,7 @@ class Pref_Filters extends Handler_Protected {
 			$inverse = sql_bool_to_bool($line["inverse"]) ? "inverse" : "";
 
 			$rv .= "<span class='$inverse'>" . T_sprintf("%s on %s in %s %s",
-				strip_tags($line["reg_exp"]),
+				htmlspecialchars($line["reg_exp"]),
 				$line["field"],
 				$where,
 				sql_bool_to_bool($line["inverse"]) ? __("(inverse)") : "") . "</span>";
@@ -513,7 +513,7 @@ class Pref_Filters extends Handler_Protected {
 		$inverse = isset($rule["inverse"]) ? "inverse" : "";
 
 		return "<span class='filterRule $inverse'>" .
-			T_sprintf("%s on %s in %s %s", strip_tags($rule["reg_exp"]),
+			T_sprintf("%s on %s in %s %s", htmlspecialchars($rule["reg_exp"]),
 			$filter_type, $feed, isset($rule["inverse"]) ? __("(inverse)") : "") . "</span>";
 	}
 
@@ -618,7 +618,7 @@ class Pref_Filters extends Handler_Protected {
 			foreach ($rules as $rule) {
 				if ($rule) {
 
-					$reg_exp = strip_tags($this->dbh->escape_string(trim($rule["reg_exp"])));
+					$reg_exp = $this->dbh->escape_string(trim($rule["reg_exp"]), false);
 					$inverse = isset($rule["inverse"]) ? "true" : "false";
 
 					$filter_type = (int) $this->dbh->escape_string(trim($rule["filter_type"]));