#19433011 CSRF/XSS ì·¨ì½ì ê°ì

git-svn-id: http://xe-core.googlecode.com/svn/sandbox@8010 201d5d3c-b55e-5fd7-737f-ddc643e51545
2026-04-02 01:52:10 +09:00 · 2011-01-03 08:39:51 +00:00 · 2011-01-03 08:39:51 +00:00 · c4248c8615
commit c4248c8615
parent 0c086488b0
1 changed files with 1 additions and 1 deletions
--- a/config/func.inc.php
+++ b/config/func.inc.php
@ -742,7 +742,7 @@
 		if($close_tag) $val .= ' /';
 		
 		// attribute on* remove
-		if(preg_match('/^on(click|load|unload|blur|dbclick|focus|resize|keypress|keyup|keydown|mouseover|mouseout|mouseup|select|change|error)/',preg_replace('/[^a-zA-Z_]/','',$key))) return '';
+		if(preg_match('/^on([a-z]+)/',preg_replace('/[^a-zA-Z_]/','',$key))) return '';
       
 		$output = sprintf('%s=%s', $key, $val);