From 7950265732332a336bddd86e15140ba4dd01d280 Mon Sep 17 00:00:00 2001
From: Eric Rasmussen <erasmussen2@unl.edu>
Date: Tue, 16 Feb 2010 22:00:28 +0000
Subject: [PATCH] removed patch that altered the sanitise_string function. 
 replaced with patch that does strip_tags to the name field when it is altered

---
 patches/database_strip_html.diff   | 15 ---------------
 patches/strip_tags_name_field.diff | 13 +++++++++++++
 setup.sh                           |  8 ++++----
 3 files changed, 17 insertions(+), 19 deletions(-)
 delete mode 100644 patches/database_strip_html.diff
 create mode 100644 patches/strip_tags_name_field.diff

diff --git a/patches/database_strip_html.diff b/patches/database_strip_html.diff
deleted file mode 100644
index b56865f0..00000000
--- a/patches/database_strip_html.diff
+++ /dev/null
@@ -1,15 +0,0 @@
-Index: database.php
-===================================================================
---- database.php	(revision 3939)
-+++ database.php	(working copy)
-@@ -612,6 +612,10 @@
- 	 * @return string Sanitised string
- 	 */
-         function sanitise_string($string) {
-+            while($string != html_entity_decode($string)) {
-+                $string = html_entity_decode($string);
-+            }
-+            $string = strip_tags($string);
-         	return mysql_real_escape_string(trim($string));
-         }
-         
diff --git a/patches/strip_tags_name_field.diff b/patches/strip_tags_name_field.diff
new file mode 100644
index 00000000..5510fe30
--- /dev/null
+++ b/patches/strip_tags_name_field.diff
@@ -0,0 +1,13 @@
+Index: name.php
+===================================================================
+--- name.php	(revision 3940)
++++ name.php	(working copy)
+@@ -13,7 +13,7 @@
+ 
+ 	gatekeeper();
+ 	
+-	$name = get_input('name');
++	$name = strip_tags(get_input('name'));
+ 	$user_id = get_input('guid');
+ 	$user = "";
+ 	
diff --git a/setup.sh b/setup.sh
index 873d3b56..2ecb86f5 100755
--- a/setup.sh
+++ b/setup.sh
@@ -4,10 +4,10 @@ mkdir elgg_data &> /dev/null
  
 
 #Do patches
-patch -p0 -s -N  -r tmp.rej                   < patches/relationship_get_set_public.diff > /dev/null
-patch -p0 -s -N -d elgg -r tmp.rej            < patches/lowercase_post.diff              > /dev/null
-patch -p0 -s -N -d elgg/engine/lib -r tmp.rej < patches/database_strip_html.diff         > /dev/null
-patch -p0 -s -N -d elgg/mod/groups -r tmp.rej < patches/add_closing_labels.diff          > /dev/null
+patch -p0 -s -N  -r tmp.rej                   	< patches/relationship_get_set_public.diff > /dev/null
+patch -p0 -s -N -d elgg -r tmp.rej            	< patches/lowercase_post.diff              > /dev/null
+patch -p0 -s -N -d elgg/actions/user -r tmp.rej < patches/strip_tags_name_field.diff	   > /dev/null
+patch -p0 -s -N -d elgg/mod/groups -r tmp.rej 	< patches/add_closing_labels.diff          > /dev/null
 rm tmp.rej &> /dev/null
 
 echo 'Setup successful'
-- 
GitLab