fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-04-27 22:33:10 +09:00
Code Issues Projects Releases Packages Wiki Activity

xss defense

Browse source 
git-svn-id: http://xe-core.googlecode.com/svn/branches/1.5.3.2@11279 201d5d3c-b55e-5fd7-737f-ddc643e51545
This commit is contained in:
ovclas 2012-09-18 02:40:49 +00:00
parent bcd610fd9f
commit e8643457f9
1 changed files with 7 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
classes/context/Context.class.php
View file

@ -810,6 +810,13 @@ class Context {
elseif($this->getRequestMethod()=='POST'&&isset($_POST[$key])) $set_to_vars = true;
else $set_to_vars = false;
if($set_to_vars)
{
$val = preg_replace('/<\?.*(\?>)?/iUsm', '', $val);
$val = preg_replace('/<\%.*(\%>)?/iUsm', '', $val);
$val = preg_replace('/<script(\s|\S)*language[\s]*=("|\')php("|\')(\s|\S)*>.*<[\s]*\/[\s]*script[\s]*>/iUsm', '', $val);
}
$this->set($key, $val, $set_to_vars);
}
}