Changeset 2617 in subversion


Ignore:
Timestamp:
Jun 5, 2009 2:03:21 PM (4 years ago)
Author:
alec
Message:
  • fix rcmail_temp_gc() + small code cleanups
Location:
trunk/roundcubemail/program
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/roundcubemail/program/include/main.inc

    r2609 r2617  
    129129function rcmail_temp_gc() 
    130130  { 
    131   $tmp = unslashify($CONFIG['temp_dir']); 
     131  $rcmail = rcmail::get_instance(); 
     132 
     133  $tmp = unslashify($rcmail->config->get('temp_dir')); 
    132134  $expire = mktime() - 172800;  // expire in 48 hours 
    133135 
     
    565567      $value = $_COOKIE[$fname]; 
    566568    } 
    567    
     569 
     570  if (empty($value)) 
     571    return $value; 
     572 
    568573  // strip single quotes if magic_quotes_sybase is enabled 
    569574  if (ini_get('magic_quotes_sybase')) 
     
    724729   
    725730  // ignore the whole block if evil styles are detected 
    726   $stripped = preg_replace('/[^a-z\(:]/', '', rcmail_xss_entitiy_decode($source)); 
     731  $stripped = preg_replace('/[^a-z\(:]/', '', rcmail_xss_entity_decode($source)); 
    727732  if (preg_match('/expression|behavior|url\(|import/', $stripped)) 
    728733    return '/* evil! */'; 
     
    765770 * @return string Decoded string 
    766771 */ 
    767 function rcmail_xss_entitiy_decode($content) 
     772function rcmail_xss_entity_decode($content) 
    768773{ 
    769774  $out = html_entity_decode(html_entity_decode($content)); 
    770   $out = preg_replace_callback('/\\\([0-9a-f]{4})/i', 'rcmail_xss_entitiy_decode_callback', $out); 
     775  $out = preg_replace_callback('/\\\([0-9a-f]{4})/i', 'rcmail_xss_entity_decode_callback', $out); 
    771776  $out = preg_replace('#/\*.*\*/#Um', '', $out); 
    772777  return $out; 
     
    775780 
    776781/** 
    777  * preg_replace_callback callback for rcmail_xss_entitiy_decode_callback 
     782 * preg_replace_callback callback for rcmail_xss_entity_decode_callback 
    778783 * 
    779784 * @param array matches result from preg_replace_callback 
    780785 * @return string decoded entity 
    781786 */  
    782 function rcmail_xss_entitiy_decode_callback($matches) 
     787function rcmail_xss_entity_decode_callback($matches) 
    783788{  
    784789  return chr(hexdec($matches[1])); 

  • trunk/roundcubemail/program/steps/mail/func.inc

    r2616 r2617  
    862862    case 'style': 
    863863      // decode all escaped entities and reduce to ascii strings 
    864       $stripped = preg_replace('/[^a-zA-Z\(:]/', '', rcmail_xss_entitiy_decode($content)); 
     864      $stripped = preg_replace('/[^a-zA-Z\(:]/', '', rcmail_xss_entity_decode($content)); 
    865865       
    866866      // now check for evil strings like expression, behavior or url() 
Note: See TracChangeset for help on using the changeset viewer.