fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-06 18:21:39 +09:00
Code Issues Projects Releases Packages Wiki Activity

XSS Defense for PHP4

Browse source 
git-svn-id: http://xe-core.googlecode.com/svn/branches/1.5.0@10616 201d5d3c-b55e-5fd7-737f-ddc643e51545
This commit is contained in:
ovclas 2012-04-25 10:08:42 +00:00
parent bb410d1325
commit ac5953ab63
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
config/func.inc.php
View file

@ -754,10 +754,10 @@
$attr = array(); $attr = array();
foreach($attrs as $name=>$val) { foreach($attrs as $name=>$val) {
if($tag == 'object' || $tag == 'embed') if($tag == 'object' || $tag == 'embed' || $tag == 'a')
{ {
$attribute = strtolower(trim($name)); $attribute = strtolower(trim($name));
if($attribute == 'data' || $attribute == 'src') if($attribute == 'data' || $attribute == 'src' || $attribute == 'href')
{ {
if(strpos(strtolower($val), 'data:') === 0) if(strpos(strtolower($val), 'data:') === 0)
{ {