--- inc/global.php 2001/10/02 16:18:09 1.15 +++ inc/global.php 2001/10/05 15:10:52 1.16 @@ -45,12 +45,18 @@ return $str; } - function MyEscape($str, $full = true) { + function MyEscape($str, $full = false) { + if ($full) { + $str = str_replace("&", "&", $str); + $str = str_replace("<", "<", $str); + $str = str_replace(">", ">", $str); + } $allowed = array("", "A", "B", "I", "U", "UL", "OL", "LI", "TABLE", "TR", "TH", "TD", "HR", "SUP", "SUB"); $str = preg_replace('/(^[ ]+|[ ]+$)/m', '', $str); $str = preg_replace('/(\<\/?\s*(\w+)\\b[^\>]*\>)/e', 'array_search(MyUpper("\2"),'. '\$allowed,false)?"\1":HTMLSpecialChars("\1")', $str); $str = preg_replace('/(\<\s*A\b)/i', '\\1 target=_blank class=more', $str); + $str = preg_replace('/(target=_blank class=[^ ]+)( target=_blank class=[^ ]+)+/', '\\1', $str); $str = preg_replace('/(\<\s*TABLE\b)/i', '\\1 class=normal', $str); $str = preg_replace('/(class=[^ ]+)( class=[^ ]+)+/', '\\1', $str); $str = my_replace($str, "");