# HG changeset patch
# User Dan
# Date 1232223396 18000
# Node ID 880c4b7eb65876ce218b9375ef143cfb80aa836a
# Parent  44b8446533e163919430ccb9b10be3f4602e86ea
SECURITY: Fix XSS under IE in closing tags (shared sanitizer)

diff -r 44b8446533e1 -r 880c4b7eb658 includes/functions.php
--- a/includes/functions.php	Fri Jan 16 13:14:08 2009 -0500
+++ b/includes/functions.php	Sat Jan 17 15:16:36 2009 -0500
@@ -1971,6 +1971,11 @@
   // <
   // The rule is so specific because everything else will have been filtered by now
   $html = preg_replace('/<(script|iframe)(.+?)src=([^>]*)</i', '&lt;\\1\\2src=\\3&lt;', $html);
+  
+  // Vulnerability reported by fuzion from nukeit.org:
+  // XSS in closing HTML tag style attribute
+  // Fix: escape all closing tags with non-whitelisted characters
+  $html = preg_replace('!</((?:.*)([^a-z0-9-_:]+)(?:.*))>!', '&lt;/\\1&gt;', $html);
 
   // Restore stripped comments
   $i = 0;