Mercurial Mercurial > repos > enano-1.1 / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
includes/functions.php
changeset 1198 3ec9ac297045
parent 1183 15957df91ea4
child 1203 c6587072e4c4
equal deleted inserted replaced
1197:3a0a7a4743d2 1198:3ec9ac297045 
  2134   $html = preg_replace('/<(script|iframe)(.+?)src=([^>]*)</i', '&lt;\\1\\2src=\\3&lt;', $html);
 
  2134   $html = preg_replace('/<(script|iframe)(.+?)src=([^>]*)</i', '&lt;\\1\\2src=\\3&lt;', $html);
 
  2135   
  2135   
  2136   // Vulnerability reported by fuzion from nukeit.org:
 
  2136   // Vulnerability reported by fuzion from nukeit.org:
 
  2137   // XSS in closing HTML tag style attribute
 
  2137   // XSS in closing HTML tag style attribute
 
  2138   // Fix: escape all closing tags with non-whitelisted characters
 
  2138   // Fix: escape all closing tags with non-whitelisted characters
 
  2139   $html = preg_replace('!</((?:.*)([^a-z0-9-_:]+)(?:.*))>!i', '&lt;/\\1&gt;', $html);
 
  2139   $html = preg_replace('!</((?:[^>]*)([^a-z0-9_:>-]+)(?:[^>]*))>!i', '&lt;/\\1&gt;', $html);
 
  2140 
  2140 
  2141   // Restore stripped comments
 
  2141   // Restore stripped comments
 
  2142   $i = 0;
 
  2142   $i = 0;
 
  2143   foreach ( $comment_match[0] as $comment )
 
  2143   foreach ( $comment_match[0] as $comment )
 
  2144   {
 
  2144   {
Enano CMS (1.1.x)