From adedfb00e31c474edae5547bee5523c6470bcce1 Mon Sep 17 00:00:00 2001
From: renato <renato@rezo.net>
Date: Fri, 18 May 2007 18:27:14 +0000
Subject: [PATCH] yet a better regex to avoid javascript injection inside the
 keys option of SearchHighlight tested with
 var_recherche='\'\\'\\\'\\\\'\\\\\'

---
 ecrire/inc/surligne.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/ecrire/inc/surligne.php b/ecrire/inc/surligne.php
index 1e47848e7f..d84205287f 100644
--- a/ecrire/inc/surligne.php
+++ b/ecrire/inc/surligne.php
@@ -41,9 +41,13 @@ function surligner_mots($page) {
     
   $ref = $_SERVER['HTTP_REFERER'];
   //avoid a js injection
-  $surcharge_surligne = preg_replace(",(?:\\\\{2})*(?:\\\\)',","\'",$_GET["var_recherche"]);
+  if($surcharge_surligne=_request("var_recherche")) {
+    $surcharge_surligne = preg_replace(",(?<!\\\\)((?:(?>\\\\){2})*)('),","$1\\\\$2",$surcharge_surligne);
+    $surcharge_surligne = str_replace("\\","\\\\",$surcharge_surligne);
+  }
   foreach($surlignejs_engines as $engine) 
     if($surcharge_surligne || (preg_match($engine[0],$ref) && preg_match($engine[1],$ref))) { 
+      
       //good referrer found or var_recherche is not null
       $script = "<script src='".find_in_path("javascript/SearchHighlight.js")."'></script>
       <script type='text/javascript'>
-- 
GitLab