Changeset 1057 for trunk/expressoMail1_2/inc
- Timestamp:
- 06/29/09 09:29:13 (15 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/expressoMail1_2/inc/class.imap_functions.inc.php
r1040 r1057 1009 1009 } 1010 1010 // Malicious Code Remove 1011 $dirtyCodePattern = "/(<([\w]+[\w0-9]*)( [^>]*)on(mouse(move|over|down|up)|load|blur|change|click|dblclick|focus|key(down|up|press)|select)(\ *)=(\*)[\"'][^>\"']*[\"']([^>]*)>)(.*)(<\/\\2>)?/misU";1011 $dirtyCodePattern = "/(<([\w]+[\w0-9]*)(.*)on(mouse(move|over|down|up)|load|blur|change|click|dblclick|focus|key(down|up|press)|select)([\n\ ]*)=([\n\ ]*)[\"'][^>\"']*[\"']([^>]*)>)(.*)(<\/\\2>)?/misU"; 1012 1012 preg_match_all($dirtyCodePattern,$body,$rest,PREG_PATTERN_ORDER); 1013 1013 foreach($rest[0] as $i => $val) 1014 1014 if (!(preg_match("/javascript:window\.open\(\"\/index\.php\?menuaction=calendar\.uicalendar\.set_action\&cal_id=([^;'\"]+);?['\"]/i",$rest[1][$i]) && strtoupper($rest[4][$i]) == "CLICK" )) //Calendar events 1015 1015 $body = str_replace($rest[1][$i],"<".$rest[2][$i].$rest[3][$i].$rest[7][$i].">",$body); 1016 1016 1017 1017 return "<span>".$body;
Note: See TracChangeset
for help on using the changeset viewer.