Mercurial Mercurial > repos > enano-1.0 / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
includes/functions.php
changeset 163 54c79adfb694
parent 162 ad00dc1f8706
child 165 d53cc29308f4
child 170 4c5c2b66a34d
equal deleted inserted replaced
162:ad00dc1f8706 163:54c79adfb694 
  1820       $html);
 
  1820       $html);
 
  1821 
  1821 
  1822   $tag_whitelist = array_keys ( setupAttributeWhitelist() );
 
  1822   $tag_whitelist = array_keys ( setupAttributeWhitelist() );
 
  1823   if ( !$filter_php )
 
  1823   if ( !$filter_php )
 
  1824     $tag_whitelist[] = '?php';
 
  1824     $tag_whitelist[] = '?php';
 
       
  1825   // allow HTML comments
 
       
  1826   $tag_whitelist[] = '!--';
 
  1825   $len = strlen($html);
 
  1827   $len = strlen($html);
 
  1826   $in_quote = false;
 
  1828   $in_quote = false;
 
  1827   $quote_char = '';
 
  1829   $quote_char = '';
 
  1828   $tag_start = 0;
 
  1830   $tag_start = 0;
 
  1829   $tag_name = '';
 
  1831   $tag_name = '';
 
  1880         $tag_name = '';
 
  1882         $tag_name = '';
 
  1881         continue;
 
  1883         continue;
 
  1882       }
 
  1884       }
 
  1883       else
 
  1885       else
 
  1884       {
 
  1886       {
 
       
  1887         // If not filtering PHP, don't bother to strip
 
  1885         if ( $tag_name == '?php' && !$filter_php )
 
  1888         if ( $tag_name == '?php' && !$filter_php )
 
       
  1889           continue;
 
       
  1890         // If this is a comment, likewise skip this "tag"
 
       
  1891         if ( $tag_name == '!--' )
 
  1886           continue;
 
  1892           continue;
 
  1887         $f = fixTagAttributes( $attribs_only, $tag_name );
 
  1893         $f = fixTagAttributes( $attribs_only, $tag_name );
 
  1888         $s = ( empty($f) ) ? '' : ' ';
 
  1894         $s = ( empty($f) ) ? '' : ' ';
 
  1889 
  1895 
  1890         $sanitized = '<' . $tag_name . $f . '>';
 
  1896         $sanitized = '<' . $tag_name . $f . '>';
 
  1909         $trk_name = false;
 
  1915         $trk_name = false;
 
  1910       }
 
  1916       }
 
  1911     }
 
  1917     }
 
  1912 
  1918 
  1913   }
 
  1919   }
 
  1914 
  1920   
  1915   // Vulnerability from ha.ckers.org/xss.html:
 
  1921   // Vulnerability from ha.ckers.org/xss.html:
 
  1916   // <script src="http://foo.com/xss.js"
 
  1922   // <script src="http://foo.com/xss.js"
 
  1917   // <
 
  1923   // <
 
  1918   // The rule is so specific because everything else will have been filtered by now
 
  1924   // The rule is so specific because everything else will have been filtered by now
 
  1919   $html = preg_replace('/<(script|iframe)(.+?)src=([^>]*)</i', '&lt;\\1\\2src=\\3&lt;', $html);
 
  1925   $html = preg_replace('/<(script|iframe)(.+?)src=([^>]*)</i', '&lt;\\1\\2src=\\3&lt;', $html);
 
  1920 
  1926 
  1921   // Unstrip comments
 
       
  1922   $html = preg_replace('/&lt;!--([^>]*?)--&gt;/i', '', $html);
 
       
  1923   
       
  1924   // Restore stripped comments
 
  1927   // Restore stripped comments
 
  1925   $i = 0;
 
  1928   $i = 0;
 
  1926   foreach ( $comment_match[0] as $comment )
 
  1929   foreach ( $comment_match[0] as $comment )
 
  1927   {
 
  1930   {
 
  1928     $html = str_replace_once("{HTMLCOMMENT:$i:$rand_seed}", $comment, $html);
 
  1931     $html = str_replace_once("{HTMLCOMMENT:$i:$rand_seed}", $comment, $html);
Enano CMS (1.0.x)