diff options
-rw-r--r-- | framework/3rdParty/SafeHtml/TSafeHtmlParser.php | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/framework/3rdParty/SafeHtml/TSafeHtmlParser.php b/framework/3rdParty/SafeHtml/TSafeHtmlParser.php index 119988d7..f26c0ae1 100644 --- a/framework/3rdParty/SafeHtml/TSafeHtmlParser.php +++ b/framework/3rdParty/SafeHtml/TSafeHtmlParser.php @@ -364,8 +364,21 @@ class TSafeHtmlParser } } - $tempval = preg_replace('/&#(\d+);?/me', "chr('\\1')", $value); //"' - $tempval = preg_replace('/&#x([0-9a-f]+);?/mei', "chr(hexdec('\\1'))", $tempval); + $tempval = preg_replace_callback( + '/&#(\d+);?/m', + function ($matches) { + return chr($matches[0]); + }, + $value + ); //"' + + $tempval = preg_replace_callback( + '/&#x([0-9a-f]+);?/mi', + function ($matches) { + return chr(hexdec($matches[0])); + }, + $tempval + ); if ((in_array($name, $this->protocolAttributes)) && (strpos($tempval, ':') !== false)) |