From dc7960090a498b5b2a251b8b853bf9683170a3f8 Mon Sep 17 00:00:00 2001
From: Elmar Ludwig <elmar.ludwig@uni-osnabrueck.de>
Date: Mon, 21 Nov 2022 15:25:24 +0000
Subject: [PATCH] remove bogus strip_tags() and always do br2space() after
 killFormat(), fixes #1801

Closes #1801

Merge request studip/studip!1184
---
 lib/classes/ForumEntry.php | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/lib/classes/ForumEntry.php b/lib/classes/ForumEntry.php
index 95721d75c2f..c96a3ac7c2e 100644
--- a/lib/classes/ForumEntry.php
+++ b/lib/classes/ForumEntry.php
@@ -400,7 +400,7 @@ class ForumEntry  implements PrivacyObject
         // retrieve the postings
         foreach ($postings as $data) {
             // we throw away all formatting stuff, tags, etc, leaving the important bit of information
-            $desc_short = ForumEntry::br2space(ForumEntry::killFormat(strip_tags($data['content'])));
+            $desc_short = ForumEntry::br2space(ForumEntry::killFormat($data['content']));
             if (mb_strlen($desc_short) > (ForumEntry::THREAD_PREVIEW_LENGTH + 2)) {
                 $desc_short = mb_substr($desc_short, 0, ForumEntry::THREAD_PREVIEW_LENGTH) . '...';
             } else {
@@ -563,9 +563,8 @@ class ForumEntry  implements PrivacyObject
                 $last_posting['anonymous']     = $data['anonymous'];
 
                 // we throw away all formatting stuff, tags, etc, so we have just the important bit of information
-                $text = strip_tags($data['name']);
-                $text = ForumEntry::br2space($text);
-                $text = ForumEntry::killFormat(ForumEntry::removeQuotes($text));
+                $text = ForumEntry::removeQuotes($data['name']);
+                $text = ForumEntry::br2space(ForumEntry::killFormat($text));
 
                 if (mb_strlen($text) > 42) {
                     $text = mb_substr($text, 0, 40) . '...';
@@ -712,7 +711,7 @@ class ForumEntry  implements PrivacyObject
                 // speed up things a bit by leaving out the formatReady fields
                 foreach ($stmt->fetchAll(PDO::FETCH_ASSOC) as $data) {
                     // we throw away all formatting stuff, tags, etc, leaving the important bit of information
-                    $desc_short = ForumEntry::br2space(ForumEntry::killFormat(strip_tags($data['content'])));
+                    $desc_short = ForumEntry::br2space(ForumEntry::killFormat($data['content']));
                     if (mb_strlen($desc_short) > (ForumEntry::THREAD_PREVIEW_LENGTH + 2)) {
                         $desc_short = mb_substr($desc_short, 0, ForumEntry::THREAD_PREVIEW_LENGTH) . '...';
                     } else {
-- 
GitLab