Mercurial Mercurial > repos > enano-1.1 / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Functions: fixed HTML sanitizer to properly preprocess <code> one-liners
authorDan
Sun, 20 Sep 2009 02:51:54 -0400
changeset 1115 b3c249d06990
parent 1114 4f4d63a281cd
child 1116 220428d80925
Functions: fixed HTML sanitizer to properly preprocess <code> one-liners
includes/functions.php file | annotate | diff | comparison | revisions 
--- a/includes/functions.php	Tue Sep 15 14:37:03 2009 -0400
+++ b/includes/functions.php	Sun Sep 20 02:51:54 2009 -0400
@@ -1978,7 +1978,7 @@
   }
   
   // Strip out code sections that will be postprocessed by Text_Wiki
-  preg_match_all(';^<code(\s[^>]*)?>((?:(?R)|.)*?)\n</code>(\s|$);msi', $html, $code_match);
+  preg_match_all(';^<code(\s[^>]*)?>((?:(?R)|.)*?)</code>(\s|$);msi', $html, $code_match);
   $i = 0;
   foreach ( $code_match[0] as $code )
   {
@@ -2103,7 +2103,7 @@
   // Vulnerability reported by fuzion from nukeit.org:
   // XSS in closing HTML tag style attribute
   // Fix: escape all closing tags with non-whitelisted characters
-  $html = preg_replace('!</((?:.*)([^a-z0-9-_:]+)(?:.*))>!', '&lt;/\\1&gt;', $html);
+  $html = preg_replace('!</((?:.*)([^a-z0-9-_:]+)(?:.*))>!i', '&lt;/\\1&gt;', $html);
 
   // Restore stripped comments
   $i = 0;
Enano CMS (1.1.x)