fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-19 19:29:56 +09:00
Code Issues Projects Releases Packages Wiki Activity

merge from 1.5.3.2 (~r11225)

Browse source 
git-svn-id: http://xe-core.googlecode.com/svn/trunk@11226 201d5d3c-b55e-5fd7-737f-ddc643e51545
This commit is contained in:
flyskyko 2012-09-13 06:14:45 +00:00
parent 54e3a72065
commit 77f5aa2671
313 changed files with 8058 additions and 14251 deletions
Download patch file Download diff file Expand all files Collapse all files

15
config/func.inc.php
View file

@ -775,8 +775,12 @@
* @return string
**/
function removeHackTag($content) {
require_once(_XE_PATH_.'classes/security/EmbedFilter.class.php');
$oEmbedFilter = EmbedFilter::getInstance();
$oEmbedFilter->check($content);
// change the specific tags to the common texts
$content = preg_replace('@<(\/?(?:html|body|head|title|meta|base|link|script|style|applet|iframe)(/*)[\w\s>])@i', '&lt;$1', $content);
$content = preg_replace('@<(\/?(?:html|body|head|title|meta|base|link|script|style|applet)(/*)[\w\s>])@i', '&lt;$1', $content);
/**
* Remove codes to abuse the admin session in src by tags of imaages and video postings
@ -851,6 +855,15 @@
}
}
}
if($tag == 'img')
{
$attribute = strtolower(trim($name));
if(strpos(strtolower($val), 'data:') === 0)
{
continue;
}
}
$val = str_replace('"', '&quot;', $val);
$attr[] = $name."=\"{$val}\"";
}