extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2025-01-09 07:28:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

fixed delete-problem of anglemail after security update

Browse Source
This commit is contained in:
Ralf Becker 2004-08-24 10:45:07 +00:00
parent ed8760d199
commit e027149a05
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
phpgwapi/inc/common_functions.inc.php
View File

@ -1201,7 +1201,7 @@
return $_GET['menuaction'] ? $_GET['menuaction'] : str_replace(PHPGW_SERVER_ROOT,'',$_SERVER['SCRIPT_FILENAME']); return $_GET['menuaction'] ? $_GET['menuaction'] : str_replace(PHPGW_SERVER_ROOT,'',$_SERVER['SCRIPT_FILENAME']);
} }
function _check_script_tag(&$var) function _check_script_tag(&$var,$name='')
{ {
if (is_array($var)) if (is_array($var))
{ {
@ -1209,12 +1209,13 @@
{ {
if (is_array($val)) if (is_array($val))
{ {
_check_script_tag($var[$key]); _check_script_tag($var[$key],$name.'['.$key.']');
} }
else else
{ {
if (preg_match('/<\/?[^>]*(script|onabort|onblur|onchange|onclick|ondblclick|onerror|onfocus|onkeydown|onkeypress|onkeyup|onload|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|onreset|onselect|onsubmit|onunload|javascript)+[^>]*>/i',$val)) if (preg_match('/<\/?[^>]*(script|onabort|onblur|onchange|onclick|ondblclick|onerror|onfocus|onkeydown|onkeypress|onkeyup|onload|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|onreset|onselect|onsubmit|onunload|javascript)+[^>]*>/i',$val))
{ {
//echo "<p>*** _check_script_tag($name): unset($name [$key]) ***</p>\n";
unset($var[$key]); unset($var[$key]);
} }
} }
@ -1237,7 +1238,8 @@
} }
if (is_array($GLOBALS[$where])) if (is_array($GLOBALS[$where]))
{ {
_check_script_tag($GLOBALS[$where]); _check_script_tag($GLOBALS[$where],$where);
reset($GLOBALS[$where]); // in case some stupid old code expects the array-pointer to be at the start of the array
} }
} }
?> ?>