From c4248c8615fd602afd67b406dd467a7d2535e313 Mon Sep 17 00:00:00 2001
From: ngleader <ngleader@gmail.com>
Date: Mon, 3 Jan 2011 08:39:51 +0000
Subject: [PATCH] =?UTF-8?q?#19433011=20CSRF/XSS=20=C3=AC=C2=B7=C2=A8=C3=AC?=
 =?UTF-8?q?=C2=95=C2=BD=C3=AC=C2=A0=C2=90=20=C3=AA=C2=B0=C2=9C=C3=AC=C2=84?=
 =?UTF-8?q?=C2=A0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

git-svn-id: http://xe-core.googlecode.com/svn/sandbox@8010 201d5d3c-b55e-5fd7-737f-ddc643e51545
---
 config/func.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/func.inc.php b/config/func.inc.php
index 5b56ad051..bae91b4c7 100644
--- a/config/func.inc.php
+++ b/config/func.inc.php
@@ -742,7 +742,7 @@
 		if($close_tag) $val .= ' /';
 		
 		// attribute on* remove
-		if(preg_match('/^on(click|load|unload|blur|dbclick|focus|resize|keypress|keyup|keydown|mouseover|mouseout|mouseup|select|change|error)/',preg_replace('/[^a-zA-Z_]/','',$key))) return '';
+		if(preg_match('/^on([a-z]+)/',preg_replace('/[^a-zA-Z_]/','',$key))) return '';
        
 		$output = sprintf('%s=%s', $key, $val);