WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Security fix for comments: Strip out dangerousa tags. 

Fix by Michel V.


git-svn-id: http://svn.automattic.com/wordpress/trunk@244 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
mikelittle 2003-06-23 23:06:12 +00:00
parent 4e590c32fd
commit 1120a2c27e
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
b2-include/b2functions.php
View File

@ -1140,6 +1140,15 @@ function balanceTags($text, $is_comment = 0) {
return $text;
}
if ($is_comment) {
// sanitise HTML attributes, remove frame/applet tags
$text = preg_replace('#( on[a-z]{1,}|style|class|id)="(.*?)"#i', '', $text);
$text = preg_replace('#( on[a-z]{1,}|style|class|id)=\'(.*?)\'#i', '', $text);
$text = preg_replace('#([a-z]{1,})="(( |\t)*?)(javascript|vbscript|about):(.*?)"#i', '$1=""', $text);
$text = preg_replace('#([a-z]{1,})=\'(( |\t)*?)(javascript|vbscript|about):(.*?)\'#i', '$1=""', $text);
$text = preg_replace('#\<(\/{0,1})([a-z]{0,2})(frame|applet)(.*?)\>#i', '', $text);
}
$tagstack = array();
$stacksize = 0;
$tagqueue = '';