fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-03 16:51:40 +09:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'develop' into crazymerge

Browse source
This commit is contained in:
Kijin Sung 2015-12-09 13:13:02 +09:00
commit 470e4f2a7a
5 changed files with 43 additions and 55 deletions
Download patch file Download diff file Expand all files Collapse all files

2
config/config.inc.php
View file

@ -29,7 +29,7 @@ define('__ZBXE__', __XE__);
/**
* Display XE's full version.
*/
define('__XE_VERSION__', '1.8.14');
define('__XE_VERSION__', '1.8.15');
define('__XE_VERSION_ALPHA__', (stripos(__XE_VERSION__, 'alpha') !== false));
define('__XE_VERSION_BETA__', (stripos(__XE_VERSION__, 'beta') !== false));
define('__XE_VERSION_RC__', (stripos(__XE_VERSION__, 'rc') !== false));

18
config/func.inc.php
View file

@ -1212,6 +1212,24 @@ function removeSrcHack($match)
}
}
$filter_arrts = array('style', 'src', 'href');
if($tag === 'object') array_push($filter_arrts, 'data');
if($tag === 'param') array_push($filter_arrts, 'value');
foreach($filter_arrts as $attr)
{
if(!isset($attrs[$attr])) continue;
$attr_value = rawurldecode($attrs[$attr]);
$attr_value = htmlspecialchars_decode($attr_value, ENT_COMPAT);
$attr_value = preg_replace('/\s+|[\t\n\r]+/', '', $attr_value);
if(preg_match('@(\?|&|;)(act=)@i', $attr_value))
{
unset($attrs[$attr]);
}
}
if(isset($attrs['style']) && preg_match('@(?:/\*|\*/|\n|:\s*expression\s*\()@i', $attrs['style']))
{
unset($attrs['style']);