Mercurial Mercurial > repos > enano-1.0 / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
SECURITY: Fix XSS under IE in closing tags (shared sanitizer)
authorDan
Sat, 17 Jan 2009 11:32:18 -0500
changeset 316 42419c99471c
parent 315 01e7206b4441
child 317 12e099193850
SECURITY: Fix XSS under IE in closing tags (shared sanitizer)
includes/functions.php file | annotate | diff | comparison | revisions 
--- a/includes/functions.php	Sat Jan 17 11:31:45 2009 -0500
+++ b/includes/functions.php	Sat Jan 17 11:32:18 2009 -0500
@@ -1854,6 +1854,11 @@
   // <
   // The rule is so specific because everything else will have been filtered by now
   $html = preg_replace('/<(script|iframe)(.+?)src=([^>]*)</i', '&lt;\\1\\2src=\\3&lt;', $html);
+  
+  // Vulnerability reported by fuzion from nukeit.org:
+  // XSS in closing HTML tag style attribute
+  // Fix: escape all closing tags with non-whitelisted characters
+  $html = preg_replace('!</((?:.*)([^a-z0-9-_:]+)(?:.*))>!', '&lt;/\\1&gt;', $html);
 
   // Restore stripped comments
   $i = 0;
Enano CMS (1.0.x)