dépôts / lhc / web / wiklou.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3dcf440) | patch
Properly escape \n and \r in IRCColourfulRCFeedFormatter
authorRyan Schmidt <skizzerz@skizzerz.net>
Wed, 20 Jan 2016 17:06:45 +0000 (11:06 -0600)
committerRyan Schmidt <skizzerz@skizzerz.net>
Wed, 20 Jan 2016 17:10:14 +0000 (11:10 -0600)
commitafcfb1d1fb6c4420f518785371262bef3e8e9b2f
tree194f32bdf1d559bc539d791018f460001204ff0atree | snapshot
parent3dcf440a82a5af6fe1d1a46752b50abb77e500d8commit | diff
Properly escape \n and \r in IRCColourfulRCFeedFormatter

Right now it is possible to emit a raw \n or \r to the UDP feed by
encoding it as an HTML entity, e.g. &#10; This could be used for
arbitrary IRC command execution in bots which do not subsequently
perform their own escaping. This commit changes it so that entities are
decoded first before \n and \r are stripped.

Change-Id: I3f7005abded3fbafb586754d763a00a4018f0954
includes/rcfeed/IRCColourfulRCFeedFormatter.php diff | blob | history
Wiklou, le Wiki du Wiklou