apikeys: allow any chars in comment

No real point in restricting those, just leads to people wanting to use
special chars that don't work.

Signed-off-by: Florian Pritz <bluewind@xinu.at>

2 files changed, 3 insertions, 4 deletions

diff --git a/application/controllers/user.php b/application/controllers/user.php
index f1dbe5c31..27e027ac7 100644
--- a/application/controllers/user.php
+++ b/application/controllers/user.php
@@ -92,9 +92,8 @@ class User extends CI_Controller {
 		$comment = $this->input->post("comment");
 
 
-		if (strlen($comment) > 255 || !preg_match("/^[a-zA-Z0-9 -@,]*$/", $comment)) {
-			// display better error for
-			show_error("Comment invalid. Only 255 chars of a-zA-Z0-9, @, -, space and comma allowed");
+		if (strlen($comment) > 255) {
+			show_error("Comment may only be 255 chars long.");
 		}
 
 		$key = random_alphanum(32);
diff --git a/application/views/user/apikeys.php b/application/views/user/apikeys.php
index 14d829ffa..aa268d678 100644
--- a/application/views/user/apikeys.php
+++ b/application/views/user/apikeys.php
@@ -15,7 +15,7 @@
 			<tr>
 				<td><?php echo $i++; ?></td>
 				<td><?php echo $item["key"]; ?></td>
-				<td><?php echo $item["comment"]; ?></td>
+				<td><?php echo htmlentities($item["comment"]); ?></td>
 				<td><?php echo date("Y/m/d H:i", $item["created"]); ?></td>
 				<td>
 					<?php echo form_open("user/delete_apikey", array("style" => "margin-bottom: 0")); ?>