1.1 --- a/includes/functions.php	Sat Jan 17 11:31:45 2009 -0500
     1.2 +++ b/includes/functions.php	Sat Jan 17 11:32:18 2009 -0500
     1.3 @@ -1854,6 +1854,11 @@
     1.4    // <
     1.5    // The rule is so specific because everything else will have been filtered by now
     1.6    $html = preg_replace('/<(script|iframe)(.+?)src=([^>]*)</i', '&lt;\\1\\2src=\\3&lt;', $html);
     1.7 +  
     1.8 +  // Vulnerability reported by fuzion from nukeit.org:
     1.9 +  // XSS in closing HTML tag style attribute
    1.10 +  // Fix: escape all closing tags with non-whitelisted characters
    1.11 +  $html = preg_replace('!</((?:.*)([^a-z0-9-_:]+)(?:.*))>!', '&lt;/\\1&gt;', $html);
    1.12  
    1.13    // Restore stripped comments
    1.14    $i = 0;