# HG changeset patch
# User Dan
# Date 1262037199 18000
# Node ID 3ec9ac297045e13a85435a1ab02a3bc084997afc
# Parent  3a0a7a4743d2ea7781bde8b993d45f27c53214ba
Fixed oversanitation of multiple XHTML closing tags in a row

diff -r 3a0a7a4743d2 -r 3ec9ac297045 includes/functions.php
--- a/includes/functions.php	Mon Dec 28 12:20:43 2009 -0500
+++ b/includes/functions.php	Mon Dec 28 16:53:19 2009 -0500
@@ -2136,7 +2136,7 @@
   // Vulnerability reported by fuzion from nukeit.org:
   // XSS in closing HTML tag style attribute
   // Fix: escape all closing tags with non-whitelisted characters
-  $html = preg_replace('!</((?:.*)([^a-z0-9-_:]+)(?:.*))>!i', '&lt;/\\1&gt;', $html);
+  $html = preg_replace('!</((?:[^>]*)([^a-z0-9_:>-]+)(?:[^>]*))>!i', '&lt;/\\1&gt;', $html);
 
   // Restore stripped comments
   $i = 0;