Also remove unclosed script tags (fixes XSS vulnerability)
| | |
|---|
| | | // remove SCRIPT tags |
|---|
| | | foreach (array('script', 'applet', 'object', 'embed', 'iframe') as $tag) |
|---|
| | | { |
|---|
| | | while (($pos = strpos($body_lc, '<'.$tag)) && ($pos2 = strpos($body_lc, '</'.$tag.'>', $pos))) |
|---|
| | | while (($pos = strpos($body_lc, '<'.$tag)) && (($pos2 = strpos($body_lc, '</'.$tag.'>', $pos)) || ($pos3 = strpos($body_lc, '>', $pos)))) |
|---|
| | | { |
|---|
| | | $pos2 += strlen('</'.$tag.'>'); |
|---|
| | | $body = substr($body, 0, $pos) . substr($body, $pos2, strlen($body)-$pos2); |
|---|
| | | $end = $pos2 ? $pos2 + strlen('</'.$tag.'>') : $pos3 + 1; |
|---|
| | | $body = substr($body, 0, $pos) . substr($body, $end, strlen($body)-$end); |
|---|
| | | $body_lc = strtolower($body); |
|---|
| | | } |
|---|
| | | } |
|---|
