fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-05-01 00:02:21 +09:00
Code Issues Projects Releases Packages Wiki Activity

issue 534: remove XSS code

Browse source 
git-svn-id: http://xe-core.googlecode.com/svn/branches/1.5.0@9661 201d5d3c-b55e-5fd7-737f-ddc643e51545
This commit is contained in:
taggon 2011-10-17 06:23:59 +00:00
parent b49fbf4da1
commit 6ee154c21b
2 changed files with 8 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

3
config/func.inc.php
View file

@ -660,7 +660,7 @@
* Remove codes to abuse the admin session in src by tags of imaages and video postings
* - Issue reported by Sangwon Kim
**/
$content = preg_replace_callback('@<(/?)([a-z]+[0-9]?)([^>]*?\b(?:on[a-z]+|data|style|background|href|(?:dyn|low)?src)\s*=[\s\S]*?)(/?)>@i', 'removeSrcHack', $content);
$content = preg_replace_callback('@<(/?)([a-z]+[0-9]?)((?>"[^"]*"|\'[^\']*\'|[^>])*?\b(?:on[a-z]+|data|style|background|href|(?:dyn|low)?src)\s*=[\s\S]*?)(/?)>@i', 'removeSrcHack', $content);
// xmp tag 확인 및 추가
$content = checkXmpTag($content);
@ -710,6 +710,7 @@
$attr = array();
foreach($attrs as $name=>$val) {
$val = str_replace('"', '&quot;', $val);
$attr[] = $name."=\"{$val}\"";
}
$attr = count($attr)?' '.implode(' ',$attr):'';

7
tests/FuncIncTest.class.php
View file

@ -33,7 +33,12 @@ class FuncIncTest extends PHPUnit_Framework_TestCase
array(
"<img src=\"invalid\"\nonerror=\"alert(1)\" />",
'<img src="invalid" />'
)
),
// issue 534
array(
'<img src=\'as"df dummy=\'"1234\'" 4321\' asdf/*/>*/" onerror="console.log(\'Yet another XSS\')">',
'<img src="as&quot;df dummy=" />*/" onerror="console.log(\'Yet another XSS\')">'
),
);
}