From: garvinhicking <garvinhicking>
Date: Mon, 22 Aug 2005 13:23:36 +0000 (+0000)
Subject: do not generally strip the tags, it might be wanted to see 'em.
X-Git-Tag: 0.9~189
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=407ebc3264e3b360d59dfc6bb47f0b2d8a96364b;p=s9y.git

do not generally strip the tags, it might be wanted to see 'em.
---

diff --git a/docs/NEWS b/docs/NEWS
index 2a40241..a3d093c 100644
--- a/docs/NEWS
+++ b/docs/NEWS
@@ -3,6 +3,10 @@
 Version 0.9 ()
 ------------------------------------------------------------------------
 
+    * Admin comment panels shows comments with their content and escaped HTML
+      instead of stripping all HTML. Only summary, if longer than 200 characters
+      will have stripped HTML because of otherwise invalid markup. (garvinhicking)
+
     * Updated statistics plugin to track seperate visitor/referrer statistics.
       Patch by Fredrik Sandberg, thanks a lot! (garvinhicking)
 
diff --git a/include/admin/comments.inc.php b/include/admin/comments.inc.php
index 2777df7..0e012f5 100644
--- a/include/admin/comments.inc.php
+++ b/include/admin/comments.inc.php
@@ -285,13 +285,22 @@ foreach ($sql as $rs) {
         $rs['author'] = ANONYMOUS;
     }
 
-    $fullBody = nl2br(strip_tags($rs['body']));
-    $summary = serendipity_mb('substr', $fullBody, 0, $summaryLength);
+    $fullBody = $rs['body'];
+    $summary = serendipity_mb('substr', $rs['body'], 0, $summaryLength);
 
     if (strlen($fullBody) > strlen($summary) ) {
         $summary .= ' ...';
-    }
+        $excerpt = true;
+
+        // When summary is not the full body, strip HTML tags from summary, as it might break and leave unclosed HTML.
+        $fullBody = nl2br(htmlspecialchars($fullBody));
+        $summary  = nl2br(strip_tags($summary));
+    } else {
+        $excerpt = false;
 
+        $fullBody = $summary = nl2br(htmlspecialchars($fullBody));
+    }
+    
     $class = 'serendipity_admin_list_item_' . (($i % 2 == 0 ) ? 'even' : 'uneven');
     $header_class = ($rs['status'] == 'pending' ? 'serendipityAdminMsgNote' : '');
 ?>
@@ -353,7 +362,7 @@ foreach ($sql as $rs) {
 <?php if ($rs['status'] == 'pending') { ?>
           <a href="?serendipity[action]=admin&amp;serendipity[adminModule]=comments&amp;serendipity[adminAction]=approve&amp;serendipity[id]=<?php echo $rs['id'] ?>" class="serendipityIconLink" title="<?php echo APPROVE; ?>"><img src="<?php echo serendipity_getTemplateFile('admin/img/accept.png'); ?>" alt="<?php echo APPROVE ?>" /><?php echo APPROVE ?></a>
 <?php } ?>
-<?php if (strlen($fullBody) > strlen($summary) ) { ?>
+<?php if ($excerpt) { ?>
           <a href="#c<?php echo $rs['id'] ?>" onclick="toggle(<?php echo $rs['id'] ?>); return false;" title="<?php echo VIEW; ?>" class="serendipityIconLink"><img src="<?php echo serendipity_getTemplateFile('admin/img/zoom.png'); ?>" alt="<?php echo VIEW; ?>" /><span id="<?php echo $rs['id'] ?>_text"><?php echo VIEW ?></span></a>
 <?php } ?>
           <a href="?serendipity[action]=admin&amp;serendipity[adminModule]=comments&amp;serendipity[adminAction]=edit&amp;serendipity[id]=<?php echo $rs['id'] ?>&amp;serendipity[entry_id]=<?php echo $rs['entry_id'] ?>" title="<?php echo EDIT; ?>" class="serendipityIconLink"><img src="<?php echo serendipity_getTemplateFile('admin/img/edit.png'); ?>" alt="<?php echo EDIT; ?>" /><?php echo EDIT ?></a>