do not generally strip the tags, it might be wanted to see 'em.

diff --git a/docs/NEWS b/docs/NEWS
index 2a40241c45e0e2fd9e962ec23a2e82acf8989409..a3d093cff8a9b1e097c92836331e86be42a9b4f5 100644 (file)
--- a/docs/NEWS
+++ b/docs/NEWS
@@ -3,6 +3,10 @@
 Version 0.9 ()
 ------------------------------------------------------------------------
 
+    * Admin comment panels shows comments with their content and escaped HTML
+      instead of stripping all HTML. Only summary, if longer than 200 characters
+      will have stripped HTML because of otherwise invalid markup. (garvinhicking)
+
     * Updated statistics plugin to track seperate visitor/referrer statistics.
       Patch by Fredrik Sandberg, thanks a lot! (garvinhicking)
 

diff --git a/include/admin/comments.inc.php b/include/admin/comments.inc.php
index 2777df7b8bba70891dfae7a1ff06986b3a6469d8..0e012f52a6d2b203a1ce9240bfe49486fb1d339f 100644 (file)
--- a/include/admin/comments.inc.php
+++ b/include/admin/comments.inc.php
@@ -285,13 +285,22 @@ foreach ($sql as $rs) {
         $rs['author'] = ANONYMOUS;
     }
 
-    $fullBody = nl2br(strip_tags($rs['body']));
-    $summary = serendipity_mb('substr', $fullBody, 0, $summaryLength);
+    $fullBody = $rs['body'];
+    $summary = serendipity_mb('substr', $rs['body'], 0, $summaryLength);
 
     if (strlen($fullBody) > strlen($summary) ) {
         $summary .= ' ...';
-    }
+        $excerpt = true;
+
+        // When summary is not the full body, strip HTML tags from summary, as it might break and leave unclosed HTML.
+        $fullBody = nl2br(htmlspecialchars($fullBody));
+        $summary  = nl2br(strip_tags($summary));
+    } else {
+        $excerpt = false;
 
+        $fullBody = $summary = nl2br(htmlspecialchars($fullBody));
+    }
+    
     $class = 'serendipity_admin_list_item_' . (($i % 2 == 0 ) ? 'even' : 'uneven');
     $header_class = ($rs['status'] == 'pending' ? 'serendipityAdminMsgNote' : '');
 ?>
@@ -353,7 +362,7 @@ foreach ($sql as $rs) {
 <?php if ($rs['status'] == 'pending') { ?>
           <a href="?serendipity[action]=admin&amp;serendipity[adminModule]=comments&amp;serendipity[adminAction]=approve&amp;serendipity[id]=<?php echo $rs['id'] ?>" class="serendipityIconLink" title="<?php echo APPROVE; ?>"><img src="<?php echo serendipity_getTemplateFile('admin/img/accept.png'); ?>" alt="<?php echo APPROVE ?>" /><?php echo APPROVE ?></a>
 <?php } ?>
-<?php if (strlen($fullBody) > strlen($summary) ) { ?>
+<?php if ($excerpt) { ?>
           <a href="#c<?php echo $rs['id'] ?>" onclick="toggle(<?php echo $rs['id'] ?>); return false;" title="<?php echo VIEW; ?>" class="serendipityIconLink"><img src="<?php echo serendipity_getTemplateFile('admin/img/zoom.png'); ?>" alt="<?php echo VIEW; ?>" /><span id="<?php echo $rs['id'] ?>_text"><?php echo VIEW ?></span></a>
 <?php } ?>
           <a href="?serendipity[action]=admin&amp;serendipity[adminModule]=comments&amp;serendipity[adminAction]=edit&amp;serendipity[id]=<?php echo $rs['id'] ?>&amp;serendipity[entry_id]=<?php echo $rs['entry_id'] ?>" title="<?php echo EDIT; ?>" class="serendipityIconLink"><img src="<?php echo serendipity_getTemplateFile('admin/img/edit.png'); ?>" alt="<?php echo EDIT; ?>" /><?php echo EDIT ?></a>