fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-05 17:51:40 +09:00
Code Issues Projects Releases Packages Wiki Activity

issue xss defense

Browse source 
git-svn-id: http://xe-core.googlecode.com/svn/branches/1.5.0@10482 201d5d3c-b55e-5fd7-737f-ddc643e51545
This commit is contained in:
ovclas 2012-03-27 04:57:28 +00:00
parent 69de8be6c1
commit 241acdba0a
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
config/func.inc.php
View file

@ -692,7 +692,7 @@
* Remove codes to abuse the admin session in src by tags of imaages and video postings
* - Issue reported by Sangwon Kim
**/
$content = preg_replace_callback('@<(/?)([a-z]+[0-9]?)((?>"[^"]*"|\'[^\']*\'|[^>])*?\b(?:on[a-z]+|data|style|background|href|(?:dyn|low)?src)\s*=[\s\S]*?)(/?)>@i', 'removeSrcHack', $content);
$content = preg_replace_callback('@<(/?)([a-z]+[0-9]?)((?>"[^"]*"|\'[^\']*\'|[^>])*?\b(?:on[a-z]+|data|style|background|href|(?:dyn|low)?src)\s*=[\s\S]*?)(/?)($|>)@i', 'removeSrcHack', $content);
// xmp tag 확인 및 추가
$content = checkXmpTag($content);