Skip to content
Browse files

Proposed fix for tracker issue 26439 -- JFilterInput issue

  • Loading branch information...
1 parent 3827db3 commit 9e9cbee3bea71bdb0e8c6c8ac7a4a3894e4d2793 @dextercowley committed
Showing with 13 additions and 1 deletion.
  1. +1 −1 libraries/joomla/filter/filterinput.php
  2. +12 −0 tests/suite/joomla/filter/JFilterInputTest.php
View
2 libraries/joomla/filter/filterinput.php
@@ -672,7 +672,7 @@ protected function _escapeAttributeValues($source)
$escapedChars = array('<', '"', '>');
// Process each portion based on presence of =" and "<space>, "/>, or ">
// See if there are any more attributes to process
- while (preg_match('#\s*=\s*(\"|\')#', $remainder, $matches, PREG_OFFSET_CAPTURE))
+ while (preg_match('#<{1}[^>]*?=\s*?(\"|\')#s', $remainder, $matches, PREG_OFFSET_CAPTURE))
{
// get the portion before the attribute value
$quotePosition = $matches[0][1];
View
12 tests/suite/joomla/filter/JFilterInputTest.php
@@ -1149,6 +1149,18 @@ function blacklist()
'<div>Hello</div>',
'Generic test case for HTML cleaning'
),
+ 'tracker26439a' => array(
+ 'string',
+ '<p>equals quote =" inside valid tag</p>',
+ '<p>equals quote =" inside valid tag</p>',
+ 'Test quote equals inside valid tag'
+ ),
+ 'tracker26439b' => array(
+ 'string',
+ "<p>equals quote =' inside valid tag</p>",
+ "<p>equals quote =' inside valid tag</p>",
+ 'Test single quote equals inside valid tag'
+ ),
);
$tests = array_merge($this->casesGeneric(), $casesSpecific);

0 comments on commit 9e9cbee

Please sign in to comment.
Something went wrong with that request. Please try again.