From a9a1a7ccb83be98b8922273c6b1a0937815cd002 Mon Sep 17 00:00:00 2001 From: Jose Gonzalez Date: Tue, 6 Apr 2021 10:36:43 +0200 Subject: [PATCH] Added function for safe html symbols tag --- pandora_console/include/functions_io.php | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/pandora_console/include/functions_io.php b/pandora_console/include/functions_io.php index 7e3d2660b2..d22641d4c7 100755 --- a/pandora_console/include/functions_io.php +++ b/pandora_console/include/functions_io.php @@ -593,22 +593,25 @@ function io_output_password($password) /** - * Prevents html tags if exists + * Clean html tags symbols for prevent use JS + * + * @param string $string String for safe. + * + * @return string */ function io_safe_html_tags(string $string) { - $init = strpos($string, '<'); - $output = ''; - - if ($init !== false) { + // Must have safe output for work properly. + $string = io_safe_output($string); + if (strpos($string, '<') !== false && strpos($string, '>') !== false) { $output = strstr($string, '<', true); $tmpOutput = strstr($string, '<'); $output .= strstr(substr($tmpOutput, 1), '>', true); $tmpOutput = strstr($string, '>'); $output .= substr($tmpOutput, 1); - $init = strpos($output, '<'); - if ($init !== false) { - $output .= io_safe_html_tags($output); + // If the string still contains tags symbols. + if (strpos($string, '<') !== false && strpos($string, '>') !== false) { + $output = io_safe_html_tags($output); } } else { $output = $string;