r2774 - getCellFilter(): multiline argument processing was broken, fix
authorDenis Ovsienko <infrastation@yandex.ru>
Tue, 19 May 2009 14:16:59 +0000 (14:16 +0000)
committerDenis Ovsienko <infrastation@yandex.ru>
Tue, 19 May 2009 14:16:59 +0000 (14:16 +0000)
inc/functions.php

index 0f8b70a578db73791c20432cb6bb5921809532a1..c4470e831cdfae9f71796a9577ce48e559995199 100644 (file)
@@ -1181,6 +1181,7 @@ function mergeTagChains ($chainA, $chainB)
 
 function getCellFilter ()
 {
+       global $sic;
        if (isset ($_REQUEST['tagfilter']) and is_array ($_REQUEST['tagfilter']))
        {
                $_REQUEST['cft'] = $_REQUEST['tagfilter'];
@@ -1239,10 +1240,16 @@ function getCellFilter ()
                                $ret['urlextra'] .= '&cfp[]=' . $req_name;
                        }
        }
-       if (isset ($_REQUEST['cfe']))
+       // Extra text comes from TEXTAREA and is easily screwed by standard escaping function.
+       if (isset ($sic['cfe']))
        {
-               $ret['extratext'] = trim ($_REQUEST['cfe']);
-               $ret['urlextra'] .= '&cfe=' . $ret['extratext'];
+               // Only consider extra text, when it is a correct RackCode expression.
+               $parse = spotPayload ($sic['cfe'], 'SYNT_EXPR');
+               if ($parse['result'] == 'ACK')
+               {
+                       $ret['extratext'] = trim ($sic['cfe']);
+                       $ret['urlextra'] .= '&cfe=' . $ret['extratext'];
+               }
        }
        $finaltext = array();
        if (strlen ($ret['text']))