Changeset 1036 for trunk/expressoMail1_2/inc/class.imap_functions.inc.php
- Timestamp:
- 06/22/09 09:47:02 (15 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/expressoMail1_2/inc/class.imap_functions.inc.php
r1035 r1036 1 1 <?php 2 $GLOBALS['phpgw_info']['flags'] = array( 3 'currentapp' => 'expressoMail1_2', 4 'nonavbar' => true, 5 'noheader' => true 6 ); 7 8 require_once $_SERVER[ 'DOCUMENT_ROOT' ] . '/header.inc.php'; 2 9 include_once("class.functions.inc.php"); 3 10 include_once("class.ldap_functions.inc.php"); … … 1000 1007 } 1001 1008 // Malicious Code Remove 1002 $dirtyCodePattern = "/(<([\w]+ )([^>]*)on(mouse(move|over|down|up)|load|blur|change|click|dblclick|focus|key(down|up|press)|select)=[\"'][^>\"']*[\"']([^>]*)>)(.*)(<\/\\2>)?/isU";1009 $dirtyCodePattern = "/(<([\w]+[\w0-9]*)([^>]*)on(mouse(move|over|down|up)|load|blur|change|click|dblclick|focus|key(down|up|press)|select)(\ *)=(\ *)[\"'][^>\"']*[\"']([^>]*)>)(.*)(<\/\\2>)?/misU"; 1003 1010 preg_match_all($dirtyCodePattern,$body,$rest,PREG_PATTERN_ORDER); 1004 1011 foreach($rest[0] as $i => $val) 1005 if (!(preg_match("/ window\.open/i",$rest[1][$i]) && strtoupper($rest[4][$i]) == "CLICK" )) //Calendar events1012 if (!(preg_match("/javascript:window\.open\(\"\/index\.php\?menuaction=calendar\.uicalendar\.set_action\&cal_id=([^;'\"]+);?['\"]/i",$rest[1][$i]) && strtoupper($rest[4][$i]) == "CLICK" )) //Calendar events 1006 1013 $body = str_replace($rest[1][$i],"<".$rest[2][$i].$rest[3][$i].$rest[7][$i].">",$body); 1007 1014 … … 1013 1020 // Verify exception. 1014 1021 @preg_match("/<a href=\"notes:\/\/\//",$body,$matches); 1015 // I t no hasexception,then open the link in new window.1022 // If there is no exception,then open the link in new window. 1016 1023 if(count($matches)) 1017 1024 return $body;
Note: See TracChangeset
for help on using the changeset viewer.