From ac5953ab63b2de6118e356b1e5c9a33acc5c1aee Mon Sep 17 00:00:00 2001
From: ovclas <ovclas@gmail.com>
Date: Wed, 25 Apr 2012 10:08:42 +0000
Subject: [PATCH] XSS Defense for PHP4

git-svn-id: http://xe-core.googlecode.com/svn/branches/1.5.0@10616 201d5d3c-b55e-5fd7-737f-ddc643e51545
---
 config/func.inc.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/config/func.inc.php b/config/func.inc.php
index e2a728f6c..88187b856 100644
--- a/config/func.inc.php
+++ b/config/func.inc.php
@@ -754,10 +754,10 @@
 
 		$attr = array();
 		foreach($attrs as $name=>$val) {
-			if($tag == 'object' || $tag == 'embed')
+			if($tag == 'object' || $tag == 'embed' || $tag == 'a')
 			{
 				$attribute = strtolower(trim($name));
-				if($attribute == 'data' || $attribute == 'src')
+				if($attribute == 'data' || $attribute == 'src' || $attribute == 'href')
 				{
 					if(strpos(strtolower($val), 'data:') === 0)
 					{