mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-12-23 07:09:20 +01:00
make sure there is a wordboundary after script, while testing for malicious code (as text like < blabla description blabla > triggered the expunge of the text
This commit is contained in:
parent
a49344abf1
commit
c5453aa3f9
@ -1274,9 +1274,9 @@ function _check_script_tag(&$var,$name='')
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
if (preg_match('/<\/?[^>]*(iframe|script|onabort|onblur|onchange|onclick|ondblclick|onerror|onfocus|onkeydown|onkeypress|onkeyup|onload|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|onreset|onselect|onsubmit|onunload|javascript)+[^>]*>/i',$val))
|
if (preg_match('/<\/?[^>]*(iframe|script\b|onabort|onblur|onchange|onclick|ondblclick|onerror|onfocus|onkeydown|onkeypress|onkeyup|onload|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|onreset|onselect|onsubmit|onunload|javascript)+[^>]*>/i',$val))
|
||||||
{
|
{
|
||||||
//echo "<p>*** _check_script_tag($name): unset(${name}[$key]) ***</p>\n";
|
error_log("*** _check_script_tag($name): unset(${name}[$key]) with value $val***");
|
||||||
error_log(__FUNCTION__."(,$name) ${name}[$key] = ".$var[$key]);
|
error_log(__FUNCTION__."(,$name) ${name}[$key] = ".$var[$key]);
|
||||||
$GLOBALS['egw_unset_vars'][$name.'['.$key.']'] =& $var[$key];
|
$GLOBALS['egw_unset_vars'][$name.'['.$key.']'] =& $var[$key];
|
||||||
unset($var[$key]);
|
unset($var[$key]);
|
||||||
|
Loading…
Reference in New Issue
Block a user