From: Ævar Arnfjörð Bjarmason <avar@users.mediawiki.org>
Date: Sat, 7 Jan 2006 04:57:38 +0000 (+0000)
Subject: * (bug 4373) Escape < and > in input like "foo</td></tr></table>" (only escaped the... 
X-Git-Tag: 1.6.0~734
X-Git-Url: http://git.cyclocoop.org/data/Luca_Pacioli_%28Gemaelde%29.jpeg?a=commitdiff_plain;h=9f11f8558221210a25e9edb0773fba9c5d9a370b;p=lhc%2Fweb%2Fwiklou.git

* (bug 4373) Escape < and > in input like "foo</td></tr></table>" (only escaped the last two previously)
---

diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php
index c4f6a70bb4..127ea3b8a4 100644
--- a/includes/Sanitizer.php
+++ b/includes/Sanitizer.php
@@ -384,8 +384,7 @@ class Sanitizer {
 						# Closing a tag...
 						if( in_array( $t, $htmlsingleonly ) ) {
 							$badtag = 1;
-						} elseif( !in_array( $t, $htmlsingle ) &&
-						( $ot = @array_pop( $tagstack ) ) != $t ) {
+						} elseif ( ( $ot = @array_pop( $tagstack ) ) != $t ) {
 							@array_push( $tagstack, $ot );
 							$badtag = 1;
 						} else {
@@ -405,7 +404,7 @@ class Sanitizer {
 						} elseif( in_array( $t, $htmlsingleonly ) ) {
 							# Hack to force empty tag for uncloseable elements
 							$brace = '/>';
-						} else if ( ! in_array( $t, $htmlsingle ) ) {
+						} else {
 							if ( $t == 'table' ) {
 								array_push( $tablestack, $tagstack );
 								$tagstack = array();