From 9f88239d1f80bc34a099b9248da968b8f82394ad Mon Sep 17 00:00:00 2001
From: Chris Morgan <cmorgan@alum.wpi.edu>
Date: Fri, 5 Jan 2007 04:59:04 +0000
Subject: [PATCH] When filtering copy Xinha variables verbatim instead of
 stripping out html tags

---
 include/filter.php | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/include/filter.php b/include/filter.php
index 02e2402..11415af 100644
--- a/include/filter.php
+++ b/include/filter.php
@@ -14,10 +14,19 @@ function filter_gpc()
         // Special cases for variables that don't fit our filtering scheme
         // don't filter the AppDB session cookie and MAX_FILE_SIZE
         // and the DialogX values that xinha uses
-        if($aKeys[$i] == "whq_appdb" || ($aKeys[$i] == "MAX_FILE_SIZE") || ($aKeys[$i] == "PHPSESSID")
-           || (strpos($aKeys[$i], "Dialog") == 0) || (strpos($aKeys[$i], "pref_") == 0))
+        if(strpos($aKeys[$i], "Dialog") == 0) // Xinha variables
         {
             // copy the key over to the clean array
+            // NOTE: we do not strip html tags or trim any Xinha variables
+            //       because Xinha is a html editor and removing html tags
+            //       would break the ability to use Xinha to create or edit html
+            $aClean[$aKeys[$i]] = $_REQUEST[$aKeys[$i]];
+            continue; // go to the next entry
+        } else if($aKeys[$i] == "whq_appdb" || ($aKeys[$i] == "MAX_FILE_SIZE")
+                  || ($aKeys[$i] == "PHPSESSID")
+                  || (strpos($aKeys[$i], "pref_") == 0)) // other variables
+        {
+            // copy the key over to the clean array after stripping tags and trimming
             $aClean[$aKeys[$i]] = trim(strip_tags($_REQUEST[$aKeys[$i]]));
             continue; // go to the next entry
         }