From 9a5a5f858f6cb89d37233f7d9e5d1fd77048f8ac Mon Sep 17 00:00:00 2001 From: Molkobain Date: Tue, 11 Jun 2019 16:13:53 +0200 Subject: [PATCH] =?UTF-8?q?N=C2=B02235.2=20Fix=20emptied=20URLs=20on=20obj?= =?UTF-8?q?ect=20modification=20when=20URL=20starts=20with=20a=20placehold?= =?UTF-8?q?er?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- core/htmlsanitizer.class.inc.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/core/htmlsanitizer.class.inc.php b/core/htmlsanitizer.class.inc.php index 025c3a3e8..34a1747dc 100644 --- a/core/htmlsanitizer.class.inc.php +++ b/core/htmlsanitizer.class.inc.php @@ -249,7 +249,8 @@ class HTMLDOMSanitizer extends HTMLSanitizer // Notification placeholders // eg. $this->caller_id$, $this->hyperlink()$, $this->hyperlink(portal)$, $APP_URL$, $MODULES_URL$, ... - $sPlaceholderPattern = '\$[\w-]*(->[\w]*(\([\w-]*?\))?)?\$'; + // Note: Authorize both $xxx$ and %24xxx%24 as the latter one is encoded when used in HTML attributes (eg. a[href]) + $sPlaceholderPattern = '(\$|%24)[\w-]*(->[\w]*(\([\w-]*?\))?)?(\$|%24)'; $sPattern = $sUrlPattern . '|' . $sMailtoPattern . '|' . $sPlaceholderPattern; $sPattern = '/'.str_replace('/', '\/', $sPattern).'/i';