From e5335026ec842036c6f2744279c8d4e677fa0f04 Mon Sep 17 00:00:00 2001
From: Klaus Leithoff <kl@stylite.de>
Date: Mon, 2 Nov 2009 11:46:46 +0000
Subject: [PATCH] make sure there is a wordboundary after script, while testing
 for malicious code (as text like < blabla description blabla > triggered the
 expunge of the text

---
 phpgwapi/inc/common_functions.inc.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/phpgwapi/inc/common_functions.inc.php b/phpgwapi/inc/common_functions.inc.php
index ae04c4c229..b21718405b 100755
--- a/phpgwapi/inc/common_functions.inc.php
+++ b/phpgwapi/inc/common_functions.inc.php
@@ -1276,9 +1276,9 @@ function _check_script_tag(&$var,$name='')
 			}
 			else
 			{
-				if (preg_match('/<\/?[^>]*(iframe|script|onabort|onblur|onchange|onclick|ondblclick|onerror|onfocus|onkeydown|onkeypress|onkeyup|onload|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|onreset|onselect|onsubmit|onunload|javascript)+[^>]*>/i',$val))
+				if (preg_match('/<\/?[^>]*(iframe|script\b|onabort|onblur|onchange|onclick|ondblclick|onerror|onfocus|onkeydown|onkeypress|onkeyup|onload|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|onreset|onselect|onsubmit|onunload|javascript)+[^>]*>/i',$val))
 				{
-					//echo "<p>*** _check_script_tag($name): unset(${name}[$key]) ***</p>\n";
+					error_log("*** _check_script_tag($name): unset(${name}[$key]) with value $val***");
 					$GLOBALS['egw_unset_vars'][$name.'['.$key.']'] =& $var[$key];
 					unset($var[$key]);
 				}