includes/functions.php
changeset 1115 b3c249d06990
parent 1110 1a3f374310ca
child 1123 777f32ac6b7c
equal deleted inserted replaced
1114:4f4d63a281cd 1115:b3c249d06990
  1976     $html = str_replace_once($comment, "{HTMLCOMMENT:$i:$rand_seed}", $html);
  1976     $html = str_replace_once($comment, "{HTMLCOMMENT:$i:$rand_seed}", $html);
  1977     $i++;
  1977     $i++;
  1978   }
  1978   }
  1979   
  1979   
  1980   // Strip out code sections that will be postprocessed by Text_Wiki
  1980   // Strip out code sections that will be postprocessed by Text_Wiki
  1981   preg_match_all(';^<code(\s[^>]*)?>((?:(?R)|.)*?)\n</code>(\s|$);msi', $html, $code_match);
  1981   preg_match_all(';^<code(\s[^>]*)?>((?:(?R)|.)*?)</code>(\s|$);msi', $html, $code_match);
  1982   $i = 0;
  1982   $i = 0;
  1983   foreach ( $code_match[0] as $code )
  1983   foreach ( $code_match[0] as $code )
  1984   {
  1984   {
  1985     $html = str_replace_once($code, "{TW_CODE:$i:$rand_seed}", $html);
  1985     $html = str_replace_once($code, "{TW_CODE:$i:$rand_seed}", $html);
  1986     $i++;
  1986     $i++;
  2101   $html = preg_replace('/<(script|iframe)(.+?)src=([^>]*)</i', '&lt;\\1\\2src=\\3&lt;', $html);
  2101   $html = preg_replace('/<(script|iframe)(.+?)src=([^>]*)</i', '&lt;\\1\\2src=\\3&lt;', $html);
  2102   
  2102   
  2103   // Vulnerability reported by fuzion from nukeit.org:
  2103   // Vulnerability reported by fuzion from nukeit.org:
  2104   // XSS in closing HTML tag style attribute
  2104   // XSS in closing HTML tag style attribute
  2105   // Fix: escape all closing tags with non-whitelisted characters
  2105   // Fix: escape all closing tags with non-whitelisted characters
  2106   $html = preg_replace('!</((?:.*)([^a-z0-9-_:]+)(?:.*))>!', '&lt;/\\1&gt;', $html);
  2106   $html = preg_replace('!</((?:.*)([^a-z0-9-_:]+)(?:.*))>!i', '&lt;/\\1&gt;', $html);
  2107 
  2107 
  2108   // Restore stripped comments
  2108   // Restore stripped comments
  2109   $i = 0;
  2109   $i = 0;
  2110   foreach ( $comment_match[0] as $comment )
  2110   foreach ( $comment_match[0] as $comment )
  2111   {
  2111   {