makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 14:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

That was not the code you were looking for....

Browse source 
git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@5507 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Graham Eames 2006-01-28 16:47:29 +00:00
parent 3c54fa68e5
commit 9fc979dcd1
1 changed files with 5 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
phpBB/includes/functions_post.php
View file

@ -46,7 +46,7 @@ function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid
if ($html_on) if ($html_on)
{ {
$message = addslashes(preg_replace_callback('/<\/?(\w+)((?:[\W]+\w+\s*=\s*(?:"[^"]*"|\'[^\']*\'|`[^`]*`|.*?))*)\s*?\/?>/', 'clean_html', stripslashes($message))); $message = addslashes(preg_replace_callback('/<\/?(\w+)((?:[^\w>]+\w+(?:\s*=\s*(?:"[^"]*"|\'[^\']*\'|`[^`]*`|´[^´]*´|.*?))?)*)[\W]*?\/?>/', 'clean_html', stripslashes($message)));
} }
else else
{ {
@ -813,23 +813,23 @@ function clean_html($tag)
$disallowed_attributes = '/^(?:style|on)/'; $disallowed_attributes = '/^(?:style|on)/';
if (in_array(strtolower($tag[1]), $allowed_html_tags)) if (in_array(strtolower($tag[1]), $allowed_html_tags))
{ {
$attributes = ''; $attributes = '';
if (!empty($tag[2])) if (!empty($tag[2]))
{ {
// Get all the elements of a tag so that they can be checked in turn // Get all the elements of a tag so that they can be checked in turn
$matches = array(); $matches = array();
preg_match_all('/[\W]+(\w+)\s*=\s*("[^"]*"|\'[^\']*\'|`[^`]*`|[^\'"`]*)/', $tag[2], $matches); preg_match_all('/[\W]+(\w+)(?:\s*=\s*("[^"]*"|\'[^\']*\'|`[^`]*`|´[^´]*´|[^\'"`´]*))?/', $tag[2], $matches);
foreach ($matches[1] as $key => $value) foreach ($matches[1] as $key => $value)
{ {
// Remove any attributes which are not allowed // Remove any attributes which are not allowed
if (preg_match($disallowed_attributes, strtolower($value)) || (!preg_match('/([\'`"]).*\\1/', $matches[2][$key]) && preg_match('/[^0-9a-zA-Z\\x2D\\x2E\\\x3A\\x5F]+/', $matches[2][$key]))) if (preg_match($disallowed_attributes, strtolower($value)) || (!preg_match('/([\'´`"]).*\\1/', $matches[2][$key]) && preg_match('/[^0-9a-zA-Z\\x2D\\x2E\\\x3A\\x5F]+/', $matches[2][$key])))
{ {
continue; continue;
} }
// Build a string containing the allowed attributes, strip out anything that could harm the parser // Build a string containing the allowed attributes, strip out anything that could harm the parser
$attributes .= ' ' . $value . '="' . htmlentities(preg_replace('/^[`"\']?(.*?)[`"\']?$/', '\1', $matches[2][$key])) . '"'; $attributes .= ' ' . $value . '="' . htmlentities(preg_replace('/^[´`"\']?(.*?)[´`"\']?$/', '\1', $matches[2][$key])) . '"';
} }
} }
else else