Changeset a08a60e in github

Timestamp:

Nov 1, 2007 5:51:14 AM (6 years ago)

Author:

thomascube <thomas@…>

Branches:

master, HEAD, courier-fix, dev-browser-capabilities, pdo, release-0.6, release-0.7, release-0.8

Children:

ff0566b

Parents:

6270699

Message:

Also remove unclosed script tags (fixes XSS vulnerability)

File:

• program/steps/mail/func.inc (modified) (1 diff)

program/steps/mail/func.inc

@@ -974 +974 @@
   foreach (array('script', 'applet', 'object', 'embed', 'iframe') as $tag)
     {
-    while (($pos = strpos($body_lc, '<'.$tag)) && ($pos2 = strpos($body_lc, '</'.$tag.'>', $pos)))
-      {
-      $pos2 += strlen('</'.$tag.'>');
-      $body = substr($body, 0, $pos) . substr($body, $pos2, strlen($body)-$pos2);
+    while (($pos = strpos($body_lc, '<'.$tag)) && (($pos2 = strpos($body_lc, '</'.$tag.'>', $pos)) || ($pos3 = strpos($body_lc, '>', $pos))))
+      {
+      $end = $pos2 ? $pos2 + strlen('</'.$tag.'>') : $pos3 + 1;
+      $body = substr($body, 0, $pos) . substr($body, $end, strlen($body)-$end);
       $body_lc = strtolower($body);
       }