From a08a60e974c63547eeb9399ee7243d585a309278 Mon Sep 17 00:00:00 2001 From: thomascube Date: Thu, 1 Nov 2007 09:51:14 +0000 Subject: [PATCH] Also remove unclosed script tags (fixes XSS vulnerability) --- program/steps/mail/func.inc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc index 02263292a..c072c9118 100644 --- a/program/steps/mail/func.inc +++ b/program/steps/mail/func.inc @@ -973,10 +973,10 @@ function rcmail_sanitize_html($body, $container_id) // remove SCRIPT tags foreach (array('script', 'applet', 'object', 'embed', 'iframe') as $tag) { - while (($pos = strpos($body_lc, '<'.$tag)) && ($pos2 = strpos($body_lc, '', $pos))) + while (($pos = strpos($body_lc, '<'.$tag)) && (($pos2 = strpos($body_lc, '', $pos)) || ($pos3 = strpos($body_lc, '>', $pos)))) { - $pos2 += strlen(''); - $body = substr($body, 0, $pos) . substr($body, $pos2, strlen($body)-$pos2); + $end = $pos2 ? $pos2 + strlen('') : $pos3 + 1; + $body = substr($body, 0, $pos) . substr($body, $end, strlen($body)-$end); $body_lc = strtolower($body); } }