equal
deleted
inserted
replaced
1850 $html = preg_replace('/<(script|iframe)(.+?)src=([^>]*)</i', '<\\1\\2src=\\3<', $html); |
1850 $html = preg_replace('/<(script|iframe)(.+?)src=([^>]*)</i', '<\\1\\2src=\\3<', $html); |
1851 |
1851 |
1852 // Vulnerability reported by fuzion from nukeit.org: |
1852 // Vulnerability reported by fuzion from nukeit.org: |
1853 // XSS in closing HTML tag style attribute |
1853 // XSS in closing HTML tag style attribute |
1854 // Fix: escape all closing tags with non-whitelisted characters |
1854 // Fix: escape all closing tags with non-whitelisted characters |
1855 $html = preg_replace('!</((?:.*)([^a-z0-9-_:]+)(?:.*))>!', '</\\1>', $html); |
1855 $html = preg_replace('!</((?:[^>]*)([^a-z0-9_:>-]+)(?:[^>]*))>!i', '</\\1>', $html); |
1856 |
1856 |
1857 // Restore stripped comments |
1857 // Restore stripped comments |
1858 $i = 0; |
1858 $i = 0; |
1859 foreach ( $comment_match[0] as $comment ) |
1859 foreach ( $comment_match[0] as $comment ) |
1860 { |
1860 { |
1861 $html = str_replace_once("{HTMLCOMMENT:$i:$rand_seed}", $comment, $html); |
1861 $html = str_replace_once("{HTMLCOMMENT:$i:$rand_seed}", $comment, $html); |
1868 { |
1868 { |
1869 $html = str_replace_once("{TW_CODE:$i:$rand_seed}", $code, $html); |
1869 $html = str_replace_once("{TW_CODE:$i:$rand_seed}", $code, $html); |
1870 $i++; |
1870 $i++; |
1871 } |
1871 } |
1872 |
1872 |
|
1873 // debug |
|
1874 // return '<pre>' . htmlspecialchars($html) . '</pre>'; |
1873 return $html; |
1875 return $html; |
1874 |
|
1875 } |
1876 } |
1876 |
1877 |
1877 /** |
1878 /** |
1878 * Using the same parsing code as sanitize_html(), this function adds <litewiki> tags around certain block-level elements |
1879 * Using the same parsing code as sanitize_html(), this function adds <litewiki> tags around certain block-level elements |
1879 * @param string $html The input HTML |
1880 * @param string $html The input HTML |