From 7fd1e4dc7d0282d2de3ee1b2f84a40a7d636b24d Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Thu, 17 Sep 2015 11:31:31 +0900
Subject: [PATCH] Fix #1752 user_lang escaping in menu

---
 modules/menu/menu.admin.controller.php | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/modules/menu/menu.admin.controller.php b/modules/menu/menu.admin.controller.php
index 12b5ebf79..d15a17497 100644
--- a/modules/menu/menu.admin.controller.php
+++ b/modules/menu/menu.admin.controller.php
@@ -543,9 +543,12 @@ class menuAdminController extends menu
 		if($request->menu_desc) $args->desc = $request->menu_desc;
 		else $args->desc = '';
 
-		$args->name = strip_tags(removeHackTag($args->name));
+		if(!preg_match('/^\\$user_lang->[a-zA-Z0-9]+$/', $args->name))
+		{
+			$args->name = strip_tags(removeHackTag($args->name));
+		}
 		$args->desc = strip_tags(removeHackTag($args->desc));
-debugPrint($args);
+
 		if($request->module_id && strncasecmp('http', $request->module_id, 4) === 0)
 		{
 			return new Object(-1, 'msg_invalid_request');
@@ -732,7 +735,10 @@ debugPrint($request);
 		if($request->menu_desc) $args->desc = $request->menu_desc;
 		else $args->desc = '';
 
-		$args->name = removeHackTag($args->name);
+		if(!preg_match('/^\\$user_lang->[a-zA-Z0-9]+$/', $args->name))
+		{
+			$args->name = strip_tags(removeHackTag($args->name));
+		}
 		$args->desc = removeHackTag($args->desc);
 
 		unset($args->group_srls);
@@ -813,7 +819,10 @@ debugPrint($request);
 
 	public function _updateMenuItem($itemInfo)
 	{
-		$itemInfo->name = removeHackTag($itemInfo->name);
+		if(!preg_match('/^\\$user_lang->[a-zA-Z0-9]+$/', $itemInfo->name))
+		{
+			$itemInfo->name = removeHackTag($itemInfo->name);
+		}
 		$itemInfo->desc = removeHackTag($itemInfo->desc);
 
 		$output = executeQuery('menu.updateMenuItem', $itemInfo);