From 1e68a7feb7d9012eac4e833026bf57faf2ce1c8a Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Sun, 4 Jun 2006 19:58:33 +0200
Subject: [PATCH] fix for serious security bug #823

darcs-hash:20060604175833-7ad00-cd96ba6a7db7211082ff82e189828e2e11a6f566.gz
---
 lib/exe/spellcheck.php | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/lib/exe/spellcheck.php b/lib/exe/spellcheck.php
index 5b4c44eda..2dea15465 100644
--- a/lib/exe/spellcheck.php
+++ b/lib/exe/spellcheck.php
@@ -80,12 +80,14 @@ if(function_exists($call)){
  * the result string and will be checked for
  * spelling errors again.
  *
+ * callback for preg_replace_callback
+ *
  * @author Matthias Grimm <matthiasgrimm@users.sourceforge.net>
  * @author Andreas Gohr <andi@splitbrain.org>
  */
-function spaceslink($string, $check=""){
-  $string  = unslash($string);
-  $check   = unslash($check);
+function spaceslink($matches){
+  $string  = unslash($matches[1]);
+  $check   = unslash($matches[2]);
   $result  = '  '; //opening [[
   $result .= str_pad('',utf8_strlen($string),' ');
   $result .= $check;
@@ -122,8 +124,8 @@ function spell_check() {
   $data = explode("\n",$string);
 
   // don't check links and medialinks for spelling errors
-  $string = preg_replace('/\{\{(.*?)(\|(.*?))?(\}\})/e','spaceslink("\\1","\\2")',$string);
-  $string = preg_replace('/\[\[(.*?)(\|(.*?))?(\]\])/e','spaceslink("\\1","\\2")',$string);
+  $string = preg_replace_callback('/\{\{(.*?)(\|(.*?))?(\}\})/','spaceslink',$string);
+  $string = preg_replace_callback('/\[\[(.*?)(\|(.*?))?(\]\])/','spaceslink',$string);
 
   // run aspell in terse sgml mode, ignore nbsp as correct word
   if(!$spell->runAspell($string,$out,$err,array('!','+html','@nbsp'))){
-- 
GitLab