From c8d0c2c0a38565342f0c8423417f7c93b8ffced7 Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Thu, 17 Sep 2015 11:55:51 +0900
Subject: [PATCH] Also add escape exception for menu description

---
 modules/menu/menu.admin.controller.php | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/modules/menu/menu.admin.controller.php b/modules/menu/menu.admin.controller.php
index d15a17497..8f3be28bc 100644
--- a/modules/menu/menu.admin.controller.php
+++ b/modules/menu/menu.admin.controller.php
@@ -547,7 +547,10 @@ class menuAdminController extends menu
 		{
 			$args->name = strip_tags(removeHackTag($args->name));
 		}
-		$args->desc = strip_tags(removeHackTag($args->desc));
+		if(!preg_match('/^\\$user_lang->[a-zA-Z0-9]+$/', $args->desc))
+		{
+			$args->desc = strip_tags(removeHackTag($args->desc));
+		}
 
 		if($request->module_id && strncasecmp('http', $request->module_id, 4) === 0)
 		{
@@ -739,7 +742,10 @@ debugPrint($request);
 		{
 			$args->name = strip_tags(removeHackTag($args->name));
 		}
-		$args->desc = removeHackTag($args->desc);
+		if(!preg_match('/^\\$user_lang->[a-zA-Z0-9]+$/', $args->desc))
+		{
+			$args->desc = strip_tags(removeHackTag($args->desc));
+		}
 
 		unset($args->group_srls);
 		$args->open_window = $request->menu_open_window;
@@ -823,7 +829,10 @@ debugPrint($request);
 		{
 			$itemInfo->name = removeHackTag($itemInfo->name);
 		}
-		$itemInfo->desc = removeHackTag($itemInfo->desc);
+		if(!preg_match('/^\\$user_lang->[a-zA-Z0-9]+$/', $itemInfo->desc))
+		{
+			$itemInfo->desc = removeHackTag($itemInfo->desc);
+		}
 
 		$output = executeQuery('menu.updateMenuItem', $itemInfo);