MDL-20981 admin/lang.php escapes all variables but $a placeholders

diff --git a/admin/lang.php b/admin/lang.php
index 25f6312c61dd44f7c6897986937984377f78af07..1bb3f04d92fe4df9608e751907d8bf9fe2cc8d89 100644 (file)
--- a/admin/lang.php
+++ b/admin/lang.php
@@ -1024,6 +1024,10 @@ function lang_fix_value_before_save($value='') {
     if (ini_get_bool('magic_quotes_sybase')) {          // Unescape escaped sybase quotes
         $value = str_replace("''", "'", $value);
     }
+    // escape all embedded variables
+    $value = str_replace('$', '\$', $value);            // Add slashes for $
+    // unescape placeholders: only $a and $a->something are allowed. All other $variables are left escaped
+    $value = preg_replace('/\\\\\$a($|[^_a-zA-Z0-9\-]|\->[a-zA-Z0-9_]+)/', '$a\\1', $value);
     $value = str_replace("'", "\\'", $value);           // Add slashes for '
     $value = str_replace('"', "\\\"", $value);          // Add slashes for "
     $value = str_replace("%","%%",$value);              // Escape % characters