Changeset 1866 in ExiteCMS for trunk/includes/core_functions.php
- Timestamp:
- 10/18/08 10:52:43 (4 years ago)
- File:
-
- 1 edited
-
trunk/includes/core_functions.php (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/includes/core_functions.php
r1861 r1866 764 764 if (!isset($never_allowed_str)) { 765 765 $never_allowed_str = array( 766 'document.cookie' => '[ removed]',767 'document.write' => '[ removed]',768 '.parentNode' => '[ removed]',769 '.innerHTML' => '[ removed]',770 'window.location' => '[ removed]',771 '-moz-binding' => '[ removed]',766 'document.cookie' => '[--XSS--]', 767 'document.write' => '[--XSS--]', 768 '.parentNode' => '[--XSS--]', 769 '.innerHTML' => '[--XSS--]', 770 'window.location' => '[--XSS--]', 771 '-moz-binding' => '[--XSS--]', 772 772 '<!--' => '<!--', 773 773 '-->' => '-->', … … 779 779 if (!isset($never_allowed_regex)) { 780 780 $never_allowed_regex = array( 781 "javascript\s*:" => '[ removed]',782 "expression\s*\(" => '[ removed]', // CSS and IE783 "Redirect\s+302" => '[ removed]'781 "javascript\s*:" => '[--XSS--]', 782 "expression\s*\(" => '[--XSS--]', // CSS and IE 783 "Redirect\s+302" => '[--XSS--]' 784 784 ); 785 785 } … … 876 876 } 877 877 if (preg_match("/script/i", $str) OR preg_match("/xss/i", $str)) { 878 $str = preg_replace("#<(/*)(script|xss)(.*?)\>#si", '[ removed]', $str);878 $str = preg_replace("#<(/*)(script|xss)(.*?)\>#si", '[--XSS--]', $str); 879 879 } 880 880 }
Note: See TracChangeset
for help on using the changeset viewer.
