githubFork/roundcubemail.git

githubFork / roundcubemail

Roundcubemail devel

summary
reflog
commits
tree
docs
forks
compare

parent: dc5b83d1 | patch | commit | ignore whitespace

Fix xss entitiy decoding

thomascube

2008-09-12 85a9130647fff8ffafbd35117705f3ec7ec98ce0

Fix xss entitiy decoding

1 files modified

program/include/main.inc

4 ●●●●● patch | view | raw | blame | history

 program/include/main.inc

@@ -643,8 +643,8 @@
function rcmail_xss_entitiy_decode($content)
{
  $out = html_entity_decode(html_entity_decode($content));
  $out = preg_replace('/\\\00([a-z0-9]{2})/ie', "chr(hexdec('\\1'))", $out);
  $out = preg_replace('#/\*.+\*/#Um', '', $out);
  $out = preg_replace('/\\\([a-z0-9]{4})/ie', "chr(hexdec('\\1'))", $out);
  $out = preg_replace('#/\*.*\*/#Um', '', $out);
  return $out;
}

			@@ -643,8 +643,8 @@
			function rcmail_xss_entitiy_decode($content)
			{
			$out = html_entity_decode(html_entity_decode($content));
			$out = preg_replace('/\\\00([a-z0-9]{2})/ie', "chr(hexdec('\\1'))", $out);
			$out = preg_replace('#/\.+\/#Um', '', $out);
			$out = preg_replace('/\\\([a-z0-9]{4})/ie', "chr(hexdec('\\1'))", $out);
			$out = preg_replace('#/\.\*/#Um', '', $out);
			return $out;
			}