Changeset ee883ad in github for program/steps/mail/func.inc


Ignore:
Timestamp:
Dec 22, 2006 4:45:21 PM (6 years ago)
Author:
thomascube <thomas@…>
Branches:
master, HEAD, courier-fix, dev-browser-capabilities, pdo, release-0.6, release-0.7, release-0.8
Children:
822e276
Parents:
8af7757
Message:

Applied security patches by Kees Cook (Ubuntu) + little visual enhancements

File:
1 edited

Legend:

Unmodified
Added
Removed

  • program/steps/mail/func.inc

    r2bca6e1 ree883ad  
    740740                               '/<script.+<\/script>/Umis'); 
    741741 
    742       $remote_replaces = array('<img \\1src=\\2./program/blank.gif\\4', 
     742      $remote_replaces = array('<img \\1src=\\2./program/blocked.gif\\4', 
    743743                               '', 
    744744                               '', 
     
    12111211 
    12121212  // replace event handlers on any object 
    1213   $body = preg_replace('/\s(on[a-z]+)=/im', ' __removed=', $body);   
     1213  $body = preg_replace('/\s(on[^=]+)=/im', ' __removed=', $body);   
     1214  $body = preg_replace('/\shref=["\']?(javascript:)/im', 'null:', $body); 
    12141215 
    12151216  // resolve <base href> 
     
    12521253    $attrib['onclick'] = sprintf("return %s.command('compose','%s',this)", 
    12531254                                 $GLOBALS['JS_OBJECT_NAME'], 
    1254                                  substr($attrib['href'], 7)); 
     1255                                 JQ(substr($attrib['href'], 7))); 
    12551256  else if (!empty($attrib['href']) && $attrib['href']{0}!='#') 
    12561257    $attrib['target'] = '_blank'; 
Note: See TracChangeset for help on using the changeset viewer.