Changeset 85a9130 in github


Ignore:
Timestamp:
Sep 12, 2008 12:00:25 PM (5 years ago)
Author:
thomascube <thomas@…>
Branches:
master, HEAD, courier-fix, dev-browser-capabilities, pdo, release-0.6, release-0.7, release-0.8
Children:
6cd0099
Parents:
dc5b83d
Message:

Fix xss entitiy decoding

File:
1 edited

Legend:

Unmodified
Added
Removed

  • program/include/main.inc

    r1c499ae r85a9130  
    644644{ 
    645645  $out = html_entity_decode(html_entity_decode($content)); 
    646   $out = preg_replace('/\\\00([a-z0-9]{2})/ie', "chr(hexdec('\\1'))", $out); 
    647   $out = preg_replace('#/\*.+\*/#Um', '', $out); 
     646  $out = preg_replace('/\\\([a-z0-9]{4})/ie', "chr(hexdec('\\1'))", $out); 
     647  $out = preg_replace('#/\*.*\*/#Um', '', $out); 
    648648  return $out; 
    649649} 
Note: See TracChangeset for help on using the changeset viewer.