From ce10c85367d7f3d46094d4193c9a44a2119a0a42 Mon Sep 17 00:00:00 2001 From: Mark Story Date: Mon, 3 May 2010 22:31:55 -0400 Subject: [PATCH] Making Sanitize::stripScripts() to remove multi-line script and style blocks. Fixes #657 --- cake/libs/sanitize.php | 2 +- cake/tests/cases/libs/sanitize.test.php | 26 +++++++++++++++++++++++++ 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/cake/libs/sanitize.php b/cake/libs/sanitize.php index 4c2da5e4f..5bec53391 100644 --- a/cake/libs/sanitize.php +++ b/cake/libs/sanitize.php @@ -156,7 +156,7 @@ class Sanitize { * @static */ function stripScripts($str) { - return preg_replace('/(]+rel="[^"]*stylesheet"[^>]*>|]*>|style="[^"]*")|]*>.*?<\/script>|]*>.*?<\/style>|/i', '', $str); + return preg_replace('/(]+rel="[^"]*stylesheet"[^>]*>|]*>|style="[^"]*")|]*>.*?<\/script>|]*>.*?<\/style>|/is', '', $str); } /** diff --git a/cake/tests/cases/libs/sanitize.test.php b/cake/tests/cases/libs/sanitize.test.php index b3f472c5b..a67a699be 100644 --- a/cake/tests/cases/libs/sanitize.test.php +++ b/cake/tests/cases/libs/sanitize.test.php @@ -346,6 +346,32 @@ class SanitizeTest extends CakeTestCase { $expected = ''; $result = Sanitize::stripScripts($string); $this->assertEqual($result, $expected); + + $string = << + + +text +HTML; + $expected = "text\n\ntext"; + $result = Sanitize::stripScripts($string); + $this->assertEqual($result, $expected); + + $string = << + + +text +HTML; + $expected = "text\n\ntext"; + $result = Sanitize::stripScripts($string); + $this->assertEqual($result, $expected); } /**