From 674f7d2ce07612240a5fc0cd1de1a06cd1e97d13 Mon Sep 17 00:00:00 2001
From: Cerdic <cedric@yterium.com>
Date: Sun, 19 Jan 2014 11:20:00 +0000
Subject: [PATCH] =?UTF-8?q?Report=20de=20r21115=20:=20Attention=20l'echapp?=
 =?UTF-8?q?ement=20de=20HTML=20en=20retour=20peut=20=C3=AAtre=20imbriqu?=
 =?UTF-8?q?=C3=A9=20:=20un=20modele=20echapp=C3=A9=20dans=20un=20contenu?=
 =?UTF-8?q?=20=C3=A9chapp=C3=A9.=20On=20remplace=20le=20if=20par=20un=20wh?=
 =?UTF-8?q?ile=20avec=20un=20compteur=20de=20securit=C3=A9=20limit=C3=A9?=
 =?UTF-8?q?=20=C3=A0=205=20niveaux=20de=20profondeur?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ecrire/inc/texte_mini.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/ecrire/inc/texte_mini.php b/ecrire/inc/texte_mini.php
index 6a9517a751..28c19d39b2 100644
--- a/ecrire/inc/texte_mini.php
+++ b/ecrire/inc/texte_mini.php
@@ -226,9 +226,12 @@ $preg='') {
 function echappe_retour($letexte, $source='', $filtre = "") {
 	if (strpos($letexte,"base64$source")) {
 		# spip_log(spip_htmlspecialchars($letexte));  ## pour les curieux
-		if (strpos($letexte,"<")!==false AND
+		$max_prof = 5;
+		while (strpos($letexte,"<")!==false
+			AND
 		  preg_match_all(',<(span|div)\sclass=[\'"]base64'.$source.'[\'"]\s(.*)>\s*</\1>,UmsS',
-		$letexte, $regs, PREG_SET_ORDER)) {
+		$letexte, $regs, PREG_SET_ORDER)
+		  AND $max_prof--) {
 			foreach ($regs as $reg) {
 				$rempl = base64_decode(extraire_attribut($reg[0], 'title'));
 				// recherche d'attributs supplementaires
-- 
GitLab