From 8439477201cd59a6c0dba84ddf48eb86a6154199 Mon Sep 17 00:00:00 2001 From: Adrian Lang Date: Wed, 15 Apr 2009 13:29:52 +0200 Subject: [PATCH] Add escaping of /. --- actions/noticesearch.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/actions/noticesearch.php b/actions/noticesearch.php index 0828e47d77..d996998fc6 100644 --- a/actions/noticesearch.php +++ b/actions/noticesearch.php @@ -184,11 +184,13 @@ class SearchNoticeListItem extends NoticeListItem { function highlight($text, $terms) { /* Highligh search terms */ - $pattern = '/('.implode('|', array_map('preg_quote', array_map('htmlspecialchars', $terms))).')/i'; + $options = implode('|', array_map('preg_quote', array_map('htmlspecialchars', $terms), + array_fill(0, sizeof($terms), '/'))); + $pattern = "/($options)/i"; $result = preg_replace($pattern, '\\1', $text); /* Remove highlighting from inside links, loop incase multiple highlights in links */ - $pattern = '/(href="[^"]*)('.implode('|', array_map('preg_quote', array_map('htmlspecialchars', $terms))).')<\/strong>([^"]*")/iU'; + $pattern = '/(href="[^"]*)('.$options.')<\/strong>([^"]*")/iU'; do { $result = preg_replace($pattern, '\\1\\2\\3', $result, -1, $count); } while ($count);