Revert "Don't escape single quotes in alert templates so that we can …

…compare strings in if statements" This reverts commit 124afc2.
digitalwm · Mar 7, 2016 · 94a182a · 94a182a
1 parent a3c4076
commit 94a182a
Showing 1 changed file with 1 addition and 13 deletions.
diff --git a/alerts.php b/alerts.php
@@ -359,26 +359,14 @@ function ExtTransports($obj) {
 }//end ExtTransports()
 
 
-/**
- * Escape certain characters in template string
- * @param string $tpl Template
- * @return string
- */
-function TplEscape($tpl) {
-    // theoretically like addslashes(), but don't escape single quote (') and do escape $
-    // FIXME: is there still a way to break out of the double-quoted string, maybe with a unicode char?
-    return preg_replace('(["\\\\$\\0])','\\0',$tpl);
-}
-
-
 /**
  * Format Alert
  * @param array  $obj Alert-Array
  * @return string
  */
 function FormatAlertTpl($obj) {
     $tpl    = $obj["template"];
-    $msg    = '$ret .= "'.str_replace(array('{else}', '{/if}', '{/foreach}'), array('"; } else { $ret .= "', '"; } $ret .= "', '"; } $ret .= "'), TplEscape($tpl)).'";';
+    $msg    = '$ret .= "'.str_replace(array('{else}', '{/if}', '{/foreach}'), array('"; } else { $ret .= "', '"; } $ret .= "', '"; } $ret .= "'), addslashes($tpl)).'";';
     $parsed = $msg;
     $s      = strlen($msg);
     $x      = $pos = -1;