From d983d7117f00e017a83b6f70a8def0404dfc4b16 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gr=C3=A9gory=20Mage?= <gregory.mage@gmail.com>
Date: Thu, 13 Jun 2024 19:12:19 +0200
Subject: [PATCH 1/2] Update module.textsanitizer.php

Fix: https://github.com/XOOPS/XoopsCore25/issues/1470
---
 htdocs/class/module.textsanitizer.php | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/htdocs/class/module.textsanitizer.php b/htdocs/class/module.textsanitizer.php
index 0c22ead89..fbbbef4fe 100644
--- a/htdocs/class/module.textsanitizer.php
+++ b/htdocs/class/module.textsanitizer.php
@@ -337,9 +337,6 @@ function ($matches) {
             $text
         );
 
-        // Ensure consistent handling of newlines by converting them to <br /> tags
-        $text = nl2br($text);
-
         // Clean up extra newlines
         $text = preg_replace('/(<br \/>|<br>)[\n\s]*/', '$1', $text);
 

From 9705f8fdbbaaac6fd3dc313fdbfdda951682946c Mon Sep 17 00:00:00 2001
From: Lucio Rota <lucio.rota@gmail.com>
Date: Sat, 15 Jun 2024 09:27:00 +0200
Subject: [PATCH 2/2] Fixed function redirect_header() when jGrowl redirect is
 set

Fixed error when $url contains 'user.php' and $addredirect is true
---
 htdocs/modules/system/preloads/core.php | 25 +++++++++++++++++++++----
 1 file changed, 21 insertions(+), 4 deletions(-)

diff --git a/htdocs/modules/system/preloads/core.php b/htdocs/modules/system/preloads/core.php
index 6357eee83..6c8242bef 100644
--- a/htdocs/modules/system/preloads/core.php
+++ b/htdocs/modules/system/preloads/core.php
@@ -29,14 +29,31 @@ public static function eventCoreIncludeFunctionsRedirectheader($args)
     {
         global $xoopsConfig;
         $url = $args[0];
-        if (preg_match("/[\\0-\\31]|about:|script:/i", (string) $url)) {
-            if (!preg_match('/^\b(java)?script:([\s]*)history\.go\(-\d*\)([\s]*[;]*[\s]*)$/si', (string) $url)) {
+        $time = $args[1];
+        $message = $args[2];
+        $addRedirect = $args[3];
+        $allowExternalLink = $args[4];
+        if (preg_match("/[\\0-\\31]|about:|script:/i", $url)) {
+            if (!preg_match('/^\b(java)?script:([\s]*)history\.go\(-\d*\)([\s]*[;]*[\s]*)$/si', $url)) {
                 $url = XOOPS_URL;
             }
         }
+        if (!$allowExternalLink && $pos = strpos($url, '://')) {
+            $xoopsLocation = substr(XOOPS_URL, strpos(XOOPS_URL, '://') + 3);
+            if (strcasecmp(substr($url, $pos + 3, strlen($xoopsLocation)), $xoopsLocation)) {
+                $url = XOOPS_URL;
+            }
+        }
+        if (!empty($_SERVER['REQUEST_URI']) && $addRedirect && false !== strpos($url, 'user.php')) {
+            if (false === strpos($url, '?')) {
+                $url .= '?xoops_redirect=' . urlencode($_SERVER['REQUEST_URI']);
+            } else {
+                $url .= '&amp;xoops_redirect=' . urlencode($_SERVER['REQUEST_URI']);
+            }
+        }
         if (!headers_sent() && isset($xoopsConfig['redirect_message_ajax']) && $xoopsConfig['redirect_message_ajax']) {
-            $_SESSION['redirect_message'] = $args[2];
-            header('Location: ' . preg_replace('/[&]amp;/i', '&', (string) $url));
+            $_SESSION['redirect_message'] = $message;
+            header('Location: ' . preg_replace('/[&]amp;/i', '&', $url));
             exit();
         }
     }