Strip characters that shouldn't be in xml. Fixes http://laconi.ca/PITS/00253 for...

author Mike Cochrane <mikec@mikenz.geek.nz>

Sun, 20 Jul 2008 12:28:32 +0000 (08:28 -0400)

committer Mike Cochrane <mikec@mikenz.geek.nz>

Sun, 20 Jul 2008 12:28:32 +0000 (08:28 -0400)
author Mike Cochrane <mikec@mikenz.geek.nz>
Sun, 20 Jul 2008 12:28:32 +0000 (08:28 -0400)
committer Mike Cochrane <mikec@mikenz.geek.nz>
Sun, 20 Jul 2008 12:28:32 +0000 (08:28 -0400)
diff --git a/lib/util.php b/lib/util.php

index 9ebb487a13026040f2624fb7ca75ee7b514d939e..1ec68863e7e2fd0e62f18bd590a960b01f5157ec 100644 (file)
--- a/lib/util.php
+++ b/lib/util.php
@@ -647,6 +647,8 @@ define('URL_REGEX', '^|[ \t\r\n])((ftp|http|https|gopher|mailto|news|nntp|telnet
  
  function common_render_content($text, $notice) {
         $r = htmlspecialchars($text);
+
+       $r = preg_replace('/[\x{0}-\x{8}\x{b}-\x{c}\x{e}-\x{19}]/', '', $r);
         $id = $notice->profile_id;
         $r = preg_replace('@https?://[^)\]>\s]+@', '<a href="\0" class="extlink">\0</a>', $r);
         $r = preg_replace('/(^|\s+)@([a-z0-9]{1,64})/e', "'\\1@'.common_at_link($id, '\\2')", $r);
author	Mike Cochrane <mikec@mikenz.geek.nz>
	Sun, 20 Jul 2008 12:28:32 +0000 (08:28 -0400)
committer	Mike Cochrane <mikec@mikenz.geek.nz>
	Sun, 20 Jul 2008 12:28:32 +0000 (08:28 -0400)