twin/jul
1
0
Fork 0
mirror of https://github.com/Xkeeper0/jul.git synced 2025-05-19 08:40:21 -07:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #48 from RanAwaySuccessfully/patch-1

Browse Source 
fixing xss-blocking regex bug
This commit is contained in:
Alex (Xkeeper) 2018-07-01 15:42:06 -07:00 committed by GitHub
commit 5dfc60ce91
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/function.php
View File

@ -1263,7 +1263,7 @@ function xss_clean($data) {
#$data = preg_replace('#(<[^>]+?[\x00-\x20"\'])(?:on|xmlns)[^>]*+>#iu', '$1>', $data); #$data = preg_replace('#(<[^>]+?[\x00-\x20"\'])(?:on|xmlns)[^>]*+>#iu', '$1>', $data);
do { do {
$old_data = $data; $old_data = $data;
$data = preg_replace('#(<[^>]+?[\x00-\x20"\'])(on|xmlns)([^>]*+)>#iu', '$1DISABLED_$2$3>', $data); $data = preg_replace('#(<[A-Za-z][^>]*?[\x00-\x20"\'])(on|xmlns)([^>]*+)>#iu', '$1DISABLED_$2$3>', $data);
} while ($old_data !== $data); } while ($old_data !== $data);
// Remove javascript: and vbscript: protocols // Remove javascript: and vbscript: protocols