diff -r 4f4d63a281cd -r b3c249d06990 includes/functions.php
--- a/includes/functions.php Tue Sep 15 14:37:03 2009 -0400
+++ b/includes/functions.php Sun Sep 20 02:51:54 2009 -0400
@@ -1978,7 +1978,7 @@
}
// Strip out code sections that will be postprocessed by Text_Wiki
- preg_match_all(';^]*)?>((?:(?R)|.)*?)\n
(\s|$);msi', $html, $code_match);
+ preg_match_all(';^]*)?>((?:(?R)|.)*?)
(\s|$);msi', $html, $code_match);
$i = 0;
foreach ( $code_match[0] as $code )
{
@@ -2103,7 +2103,7 @@
// Vulnerability reported by fuzion from nukeit.org:
// XSS in closing HTML tag style attribute
// Fix: escape all closing tags with non-whitelisted characters
- $html = preg_replace('!((?:.*)([^a-z0-9-_:]+)(?:.*))>!', '</\\1>', $html);
+ $html = preg_replace('!((?:.*)([^a-z0-9-_:]+)(?:.*))>!i', '</\\1>', $html);
// Restore stripped comments
$i = 0;