From c4c6b9439e22ba55016c56b264321a44653dff2a Mon Sep 17 00:00:00 2001 From: Dougal Campbell Date: Tue, 9 Dec 2003 14:39:30 +0000 Subject: [PATCH] Fixed XSS vulnerability in comments git-svn-id: https://develop.svn.wordpress.org/trunk@594 602fd350-edb4-49c9-b593-d223f7449a82 --- b2-include/b2functions.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/b2-include/b2functions.php b/b2-include/b2functions.php index d3a6c69a83..6f8994a9d7 100644 --- a/b2-include/b2functions.php +++ b/b2-include/b2functions.php @@ -1207,9 +1207,9 @@ function pingback($content, $post_ID) { ** This is how we can do bad stuff! **/ function sanitise_html_attributes($text) { - $text = preg_replace('#( on[a-z]{1,}|style|class|id)="(.*?)"#i', '', $text); - $text = preg_replace('#( on[a-z]{1,}|style|class|id)=\'(.*?)\'#i', '', $text); - $text = preg_replace('#( on[a-z]{1,}|style|class|id)[ \t]*=[ \t]*([^ \t\>]*?)#i', '', $text); + $text = preg_replace('#(([\s"\'])on[a-z]{1,}|style|class|id)="(.*?)"#i', '$1', $text); + $text = preg_replace('#(([\s"\'])on[a-z]{1,}|style|class|id)=\'(.*?)\'#i', '$1', $text); + $text = preg_replace('#(([\s"\'])on[a-z]{1,}|style|class|id)[ \t]*=[ \t]*([^ \t\>]*?)#i', '$1', $text); $text = preg_replace('#([a-z]{1,})="(( |\t)*?)(javascript|vbscript|about):(.*?)"#i', '$1=""', $text); $text = preg_replace('#([a-z]{1,})=\'(( |\t)*?)(javascript|vbscript|about):(.*?)\'#i', '$1=""', $text); $text = preg_replace('#\<(\/{0,1})([a-z]{0,2})(frame|applet)(.*?)\>#i', '', $text);