From e8be2ff8daff6c0acae69dff5138d1edc6ef87bb Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Sun, 19 Oct 2014 15:54:20 -0700
Subject: wall-e random signature failures

---
 include/html2bbcode.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'include/html2bbcode.php')

diff --git a/include/html2bbcode.php b/include/html2bbcode.php
index df430e6c7..6d6e6333b 100644
--- a/include/html2bbcode.php
+++ b/include/html2bbcode.php
@@ -283,8 +283,9 @@ function html2bbcode($message)
 		array('[b]', '[/b]', '[i]', '[/i]'), $message);
 
 	// Handling Yahoo style of mails
-	$message = str_replace('[hr][b]From:[/b]', '[quote][b]From:[/b]', $message);
+	//	$message = str_replace('[hr][b]From:[/b]', '[quote][b]From:[/b]', $message);
 
+	$message = htmlspecialchars($message,ENT_COMPAT,'UTF-8',false);
 	return(trim($message));
 }
 
-- 
cgit v1.2.3


From 34781433c1fabd7a4992497da5ee475db0ada3a8 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Thu, 23 Oct 2014 21:20:12 -0700
Subject: I'm speechless. This is just reckless. Set a context flag in text
 using a context trigger character which is likely to be present in that text
 already. Without escaping any previous instances of that character. Grrr.

---
 include/html2bbcode.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'include/html2bbcode.php')

diff --git a/include/html2bbcode.php b/include/html2bbcode.php
index 6d6e6333b..9ffc85a82 100644
--- a/include/html2bbcode.php
+++ b/include/html2bbcode.php
@@ -16,7 +16,7 @@ function node2bbcode(&$doc, $oldnode, $attributes, $startbb, $endbb)
 
 function node2bbcodesub(&$doc, $oldnode, $attributes, $startbb, $endbb)
 {
-	$savestart = str_replace('$', '%', $startbb);
+	$savestart = str_replace('$', '\x01', $startbb);
 	$replace = false;
 
 	$xpath = new DomXPath($doc);
@@ -37,7 +37,7 @@ function node2bbcodesub(&$doc, $oldnode, $attributes, $startbb, $endbb)
 
 		foreach ($attributes as $attribute => $value) {
 
-			$startbb = str_replace('%'.++$i, '$1', $startbb);
+			$startbb = str_replace('\x01'.++$i, '$1', $startbb);
 
 			if (strpos('*'.$startbb, '$1') > 0) {
 
-- 
cgit v1.2.3