Security fix for hmtl_hilight() #616

darcs-hash:20051030212242-7ad00-e21dc88d3f6abc87b3e9691006d6b9b21a8683d6.gz

inc/html.php

@@ -285,16 +285,31 @@ function html_show($txt=''){
  * Highlights searchqueries in HTML code
  *
  * @author Andreas Gohr <andi@splitbrain.org>
+ * @author Harry Fuecks <hfuecks@gmail.com>
  */
 function html_hilight($html,$query){
-  $queries = preg_split ("/\s/",$query,-1,PREG_SPLIT_NO_EMPTY);
+  //split at common delimiters
+  $queries = preg_split ('/[\s\'"\\\\`()\]\[?:!\.{};,#+*<>]+/',$query,-1,PREG_SPLIT_NO_EMPTY);
   foreach ($queries as $q){
-    $q = preg_quote($q,'/');
-    $html = preg_replace("/((<[^>]*)|$q)/ie", '"\2"=="\1"? unslash("\1"):"<span class=\"search_hit\">".unslash("\1")."</span>"', $html);
+     $q = preg_quote($q,'/');
+     $html = preg_replace_callback("/((<[^>]*)|$q)/i",'html_hilight_callback',$html);
   }
   return $html;
 }
 
+/** 
+ * Callback used by html_hilight()
+ *
+ * @author Harry Fuecks <hfuecks@gmail.com>
+ */     
+function html_hilight_callback($m) {
+  $hlight = unslash($m[0]);
+  if ( !isset($m[2])) {
+    $hlight = '<span class="search_hit">'.$hlight.'</span>';
+  }
+  return $hlight;
+}
+
 /**
  * Run a search and display the result
  *
@@ -1163,4 +1178,4 @@ function html_resendpwd() {
 <?php
 }
 
-//Setup VIM: ex: et ts=2 enc=utf-8 :
+//Setup VIM: ex: et ts=2 enc=utf-8 :
\ No newline at end of file