make sure there is a wordboundary after script, while testing for malicious code (as text like < blabla description blabla > triggered the expunge of the text

This commit is contained in:
Klaus Leithoff 2009-11-02 11:46:46 +00:00
parent 8a6fc34c88
commit e5335026ec

View File

@ -1276,9 +1276,9 @@ function _check_script_tag(&$var,$name='')
} }
else else
{ {
if (preg_match('/<\/?[^>]*(iframe|script|onabort|onblur|onchange|onclick|ondblclick|onerror|onfocus|onkeydown|onkeypress|onkeyup|onload|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|onreset|onselect|onsubmit|onunload|javascript)+[^>]*>/i',$val)) if (preg_match('/<\/?[^>]*(iframe|script\b|onabort|onblur|onchange|onclick|ondblclick|onerror|onfocus|onkeydown|onkeypress|onkeyup|onload|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|onreset|onselect|onsubmit|onunload|javascript)+[^>]*>/i',$val))
{ {
//echo "<p>*** _check_script_tag($name): unset(${name}[$key]) ***</p>\n"; error_log("*** _check_script_tag($name): unset(${name}[$key]) with value $val***");
$GLOBALS['egw_unset_vars'][$name.'['.$key.']'] =& $var[$key]; $GLOBALS['egw_unset_vars'][$name.'['.$key.']'] =& $var[$key];
unset($var[$key]); unset($var[$key]);
} }