Index: branches/2.6.x/wb/search/search.php
===================================================================
--- branches/2.6.x/wb/search/search.php (revision 490)
+++ branches/2.6.x/wb/search/search.php (revision 491)
@@ -53,13 +53,14 @@
} else {
$string=$_REQUEST['string'];
}
+ $string = $wb->add_slashes($string);
// remove some bad chars like _single_ '"', '&'. '!", ...
$string = preg_replace("/(^|\s+)([-=+_&!;#]|\\\\\"|\\\\')+(?=\s+|$)/", "", $string);
- $string = my_htmlspecialchars($string);
+ $string = strtr(my_htmlspecialchars($string), array('\"'=>'"'));
// reverse potential magic_quotes action
$original_string=$wb->strip_slashes($string);
// Double backslashes (mySQL needs doubly escaped backslashes in LIKE comparisons)
- $string = addslashes($wb->escape_backslashes($original_string));
+ $string = $wb->escape_backslashes($original_string);
// convert a copy of $string to HTML-ENTITIES
$string_entities = umlauts_to_entities($string);
// and do some convertion to both
Index: branches/2.6.x/wb/search/search_convert.php
===================================================================
--- branches/2.6.x/wb/search/search_convert.php (revision 490)
+++ branches/2.6.x/wb/search/search_convert.php (revision 491)
@@ -1,6 +1,6 @@
"<", ">"=>">", "&"=>"&", """=>"\"", "'"=>"\'"
+ "<"=>"<", ">"=>">", "&"=>"&", """=>"\"", "'"=>"\'"
);
//htmlspecialchars_decode
$string_htmlspecialchars_encode=array(
- "<"=>"<", ">"=>">", "&"=>"&", "\""=>""", "\'"=>"'"
+ "<"=>"<", ">"=>">", "&"=>"&", "\""=>""", "\'"=>"'"
);
//convert some bad characters
Index: branches/2.6.x/wb/framework/convert.php
===================================================================
--- branches/2.6.x/wb/framework/convert.php (revision 490)
+++ branches/2.6.x/wb/framework/convert.php (revision 491)
@@ -50,7 +50,7 @@
'š'=>'s',
'Ÿ'=>'Y',
'©'=>'(c)','®'=>'(r)','Ð'=>'D','×'=>'x','Ø'=>'O','Þ'=>'TH','ð'=>'d','ø'=>'o','þ'=>'th',
-'''=>'-','"'=>'-',
+'''=>'-','''=>'-','"'=>'-',
// latin extended-A
'Ā'=>'A','ā'=>'a','Ă'=>'A','ă'=>'a','Ą'=>'A','ą'=>'a',
'Ć'=>'C','ć'=>'c','Ĉ'=>'C','ĉ'=>'c','č'=>'c','Č'=>'C','ċ'=>'c','Ċ'=>'C',
Index: branches/2.6.x/wb/framework/frontend.functions.php
===================================================================
--- branches/2.6.x/wb/framework/frontend.functions.php (revision 490)
+++ branches/2.6.x/wb/framework/frontend.functions.php (revision 491)
@@ -76,14 +76,14 @@
$string = entities_to_umlauts($search_string, 'UTF-8');
$string = strtr($string, $string_ul_umlauts);
// do some magic to prevent < > ... from being highlighted
- $foo = strtr($foo, array("<"=>"!,,!", ">"=>"!,,,!", "&"=>"!,,,,!", """=>"!,,,,,!", "'"=>"!,,,,,,!"));
- $string = strtr($string, array("<"=>"!,,!", ">"=>"!,,,!", "&"=>"!,,,,!", """=>"!,,,,,!", "'"=>"!,,,,,,!"));
+ $foo = strtr($foo, array("<"=>"!,,!", ">"=>"!,,,!", "&"=>"!,,,,!", """=>"!,,,,,!", "'"=>"!,,,,,,!"));
+ $string = strtr($string, array("<"=>"!,,!", ">"=>"!,,,!", "&"=>"!,,,,!", """=>"!,,,,,!", "'"=>"!,,,,,,!"));
$foo = preg_replace('/('.$string.')(?=[^>]*<)/iUS', '$1',$foo);
$pos = strpos($foo, '<');
if ($pos === false) { // "===" means identicaly
$foo = preg_replace('/('.$string.')/i', '$1',$foo);
}
- $foo = strtr($foo, array("!,,!"=>"<", "!,,,!"=>">", "!,,,,!"=>"&", "!,,,,,!"=>""", "!,,,,,,!"=>"'"));
+ $foo = strtr($foo, array("!,,!"=>"<", "!,,,!"=>">", "!,,,,!"=>"&", "!,,,,,!"=>""", "!,,,,,,!"=>"'"));
if(DEFAULT_CHARSET != 'utf-8') {
$foo = umlauts_to_defcharset($foo, 'UTF-8');
}
Index: branches/2.6.x/wb/framework/functions.php
===================================================================
--- branches/2.6.x/wb/framework/functions.php (revision 490)
+++ branches/2.6.x/wb/framework/functions.php (revision 491)
@@ -341,7 +341,7 @@
// Function as replecement for php's htmlspecialchars()
function my_htmlspecialchars($string) {
$string = preg_replace("/&(?=[#a-z0-9]+;)/i", "_x_", $string);
- $string = strtr($string, array("<"=>"<", ">"=>">", "&"=>"&", "\""=>""", "\'"=>"'"));
+ $string = strtr($string, array("<"=>"<", ">"=>">", "&"=>"&", "\""=>""", "\'"=>"'"));
$string = preg_replace("/_x_(?=[#a-z0-9]+;)/i", "&", $string);
return($string);
}
@@ -431,9 +431,9 @@
}
}
} else {
- $string = strtr($string, array("<"=>"&_lt;", ">"=>"&_gt;", "&"=>"&_amp;", """=>"&_quot;", "'"=>"&_#039;"));
+ $string = strtr($string, array("<"=>"&_lt;", ">"=>"&_gt;", "&"=>"&_amp;", """=>"&_quot;", "'"=>"&_#39;"));
$string=mb_convert_encoding($string, $charset_out, $charset_in);
- $string = strtr($string, array("&_lt;"=>"<", "&_gt;"=>">", "&_amp;"=>"&", "&_quot;"=>""", "&_#039;"=>"'"));
+ $string = strtr($string, array("&_lt;"=>"<", "&_gt;"=>">", "&_amp;"=>"&", "&_quot;"=>""", "&_#39;"=>"'"));
}
return $string;
}
@@ -613,6 +613,7 @@
);
if ($in == 'HTML-ENTITIES') {
+ $string = strtr($string, array('''=>''')); // fix a broken entity
$string = strtr($string, $named_to_numbered_entities);
$string = preg_replace("/&#([0-9]+);/e", "code_to_utf8($1)", $string);
}