Mercurial Mercurial > repos > enano-1.1 / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
includes/functions.php
changeset 817 880c4b7eb658
parent 801 eb8b23f11744
child 825 9d5c04c1414f
equal deleted inserted replaced
816:44b8446533e1 817:880c4b7eb658 
  1969   // Vulnerability from ha.ckers.org/xss.html:
 
  1969   // Vulnerability from ha.ckers.org/xss.html:
 
  1970   // <script src="http://foo.com/xss.js"
 
  1970   // <script src="http://foo.com/xss.js"
 
  1971   // <
 
  1971   // <
 
  1972   // The rule is so specific because everything else will have been filtered by now
 
  1972   // The rule is so specific because everything else will have been filtered by now
 
  1973   $html = preg_replace('/<(script|iframe)(.+?)src=([^>]*)</i', '&lt;\\1\\2src=\\3&lt;', $html);
 
  1973   $html = preg_replace('/<(script|iframe)(.+?)src=([^>]*)</i', '&lt;\\1\\2src=\\3&lt;', $html);
 
       
  1974   
       
  1975   // Vulnerability reported by fuzion from nukeit.org:
 
       
  1976   // XSS in closing HTML tag style attribute
 
       
  1977   // Fix: escape all closing tags with non-whitelisted characters
 
       
  1978   $html = preg_replace('!</((?:.*)([^a-z0-9-_:]+)(?:.*))>!', '&lt;/\\1&gt;', $html);
 
  1974 
  1979 
  1975   // Restore stripped comments
 
  1980   // Restore stripped comments
 
  1976   $i = 0;
 
  1981   $i = 0;
 
  1977   foreach ( $comment_match[0] as $comment )
 
  1982   foreach ( $comment_match[0] as $comment )
 
  1978   {
 
  1983   {
Enano CMS (1.1.x)