From 2f9ab6e3337daa3e68314eb737a8e8bd964725fa Mon Sep 17 00:00:00 2001 From: emc3 Date: Tue, 9 Dec 2003 14:39:30 +0000 Subject: [PATCH] Fixed XSS vulnerability in comments git-svn-id: http://svn.automattic.com/wordpress/trunk@594 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- b2-include/b2functions.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/b2-include/b2functions.php b/b2-include/b2functions.php index d3a6c69a83..6f8994a9d7 100644 --- a/b2-include/b2functions.php +++ b/b2-include/b2functions.php @@ -1207,9 +1207,9 @@ function pingback($content, $post_ID) { ** This is how we can do bad stuff! **/ function sanitise_html_attributes($text) { - $text = preg_replace('#( on[a-z]{1,}|style|class|id)="(.*?)"#i', '', $text); - $text = preg_replace('#( on[a-z]{1,}|style|class|id)=\'(.*?)\'#i', '', $text); - $text = preg_replace('#( on[a-z]{1,}|style|class|id)[ \t]*=[ \t]*([^ \t\>]*?)#i', '', $text); + $text = preg_replace('#(([\s"\'])on[a-z]{1,}|style|class|id)="(.*?)"#i', '$1', $text); + $text = preg_replace('#(([\s"\'])on[a-z]{1,}|style|class|id)=\'(.*?)\'#i', '$1', $text); + $text = preg_replace('#(([\s"\'])on[a-z]{1,}|style|class|id)[ \t]*=[ \t]*([^ \t\>]*?)#i', '$1', $text); $text = preg_replace('#([a-z]{1,})="(( |\t)*?)(javascript|vbscript|about):(.*?)"#i', '$1=""', $text); $text = preg_replace('#([a-z]{1,})=\'(( |\t)*?)(javascript|vbscript|about):(.*?)\'#i', '$1=""', $text); $text = preg_replace('#\<(\/{0,1})([a-z]{0,2})(frame|applet)(.*?)\>#i', '', $text);