b2evolution dev team,
I am currently one of the crazy souls using the CVS version in a production environment. I know I deserve no pity... but I wanted to alert you to a problem in _misc.funcs.php,v 1.78 2005/08/09 15:22:40.
The function format_to_edit() makes use of htmlspecialchars(). This appears to be totally unnecessary and it breaks any links in the post when the post is edited.
The only thing that would need to be escaped is </textarea> which could be done with something like $result = preg_replace ("\</textarea>\i", "&lt;/textarea&gt;", $content); but even this is unnecessary because it appears code elsewhere always sanitizes $content properly.
Even with no sanitization in format_to_edit() something like </textarea> in the DB is properly escaped.
Keep up the good work!
- Matt
General Support
b2evolution CMS Support Forums
Thanks for pointing to this.
I got rid of format_to_edit() completely. This functionnality is actually being taken care of by the Form class.
It should be fixed in CVS now.