banananetwork
/
roundcubemail
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Also remove unclosed script tags (fixes XSS vulnerability)

Browse Source
release-0.6
thomascube 17 years ago
parent 6270699ba8
commit a08a60e974
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File

6
program/steps/mail/func.inc
Unescape Escape View File

@ -973,10 +973,10 @@ function rcmail_sanitize_html($body, $container_id)
// remove SCRIPT tags // remove SCRIPT tags
foreach (array('script', 'applet', 'object', 'embed', 'iframe') as $tag) foreach (array('script', 'applet', 'object', 'embed', 'iframe') as $tag)
{ {
while (($pos = strpos($body_lc, '<'.$tag)) && ($pos2 = strpos($body_lc, '</'.$tag.'>', $pos))) while (($pos = strpos($body_lc, '<'.$tag)) && (($pos2 = strpos($body_lc, '</'.$tag.'>', $pos)) || ($pos3 = strpos($body_lc, '>', $pos))))
{ {
$pos2 += strlen('</'.$tag.'>'); $end = $pos2 ? $pos2 + strlen('</'.$tag.'>') : $pos3 + 1;
$body = substr($body, 0, $pos) . substr($body, $pos2, strlen($body)-$pos2); $body = substr($body, 0, $pos) . substr($body, $end, strlen($body)-$end);
$body_lc = strtolower($body); $body_lc = strtolower($body);
} }
} }

Write Preview
Loading…
Cancel
Save