Changeset 1057 for trunk/expressoMail1_2

Timestamp:

06/29/09 09:29:13 (15 years ago)

Author:

amuller

Message:

Ticket #475 - #559 - Atualização de segurança e adição de tema

Location:

trunk/expressoMail1_2

Files:

• inc/class.imap_functions.inc.php (modified) (1 diff)
• index.php (modified) (1 diff)

trunk/expressoMail1_2/inc/class.imap_functions.inc.php

@@ -1009 +1009 @@
                 }
                 // Malicious Code Remove
-                $dirtyCodePattern = "/(<([\w]+[\w0-9]*)([^>]*)on(mouse(move|over|down|up)|load|blur|change|click|dblclick|focus|key(down|up|press)|select)(\ *)=(\ *)[\"'][^>\"']*[\"']([^>]*)>)(.*)(<\/\\2>)?/misU";
+                $dirtyCodePattern = "/(<([\w]+[\w0-9]*)(.*)on(mouse(move|over|down|up)|load|blur|change|click|dblclick|focus|key(down|up|press)|select)([\n\ ]*)=([\n\ ]*)[\"'][^>\"']*[\"']([^>]*)>)(.*)(<\/\\2>)?/misU";
                 preg_match_all($dirtyCodePattern,$body,$rest,PREG_PATTERN_ORDER);
                 foreach($rest[0] as $i => $val)
                         if (!(preg_match("/javascript:window\.open\(\"\/index\.php\?menuaction=calendar\.uicalendar\.set_action\&cal_id=([^;'\"]+);?['\"]/i",$rest[1][$i]) && strtoupper($rest[4][$i]) == "CLICK" )) //Calendar events
-                                $body = str_replace($rest[1][$i],"<".$rest[2][$i].$rest[3][$i].$rest[7][$i].">",$body);
+                        $body = str_replace($rest[1][$i],"<".$rest[2][$i].$rest[3][$i].$rest[7][$i].">",$body);
 
                 return  "<span>".$body;

trunk/expressoMail1_2/index.php

@@ -1 +1 @@
 <?php
-
-        /* Begin: Check config needed for expressoMail */
-        /* Config need for expressoMail work */
-        $php_ini['session.auto_start'] = '1';
-        $php_ini['magic_quotes_gpc'] = '';
-        $php_ini['magic_quotes_runtime'] = '';
-        $php_ini['magic_quotes_sybase'] = '';
-        
-        /* Config from php.ini */
-        $php_ini_configs = array("session.auto_start","magic_quotes_gpc","magic_quotes_runtime","magic_quotes_sybase");
-        /* Checking */
-        $error = false;
-        foreach($php_ini_configs as $config)
-        {
-                if ( ($f_phpini=ini_get($config)) != $php_ini[$config])
-                {
-                        $error = true;
-                        echo "Erro: Config <font color=red>$config</font> from php.ini needs to be '" . $php_ini[$config] . "', but is set to '" . $f_phpini . "'.<br>";
-                }
-        }
-        if ($error)
-                exit;
-        /* End: Check config needed for expressoMail */
                 
         $GLOBALS['phpgw_info']['flags'] = array(