Context Navigation

Changeset 1057 for trunk/expressoMail1_2/inc

Timestamp:

06/29/09 09:29:13 (15 years ago)

Author:

amuller

Message:

Ticket #475 - #559 - Atualização de segurança e adição de tema

File:

-                      r1040
+                      r1057
+                }
                 // Malicious Code Remove
                 $dirtyCodePattern = "/(<([\w]+[\w0-9]*)([^>]*)on(mouse(move|over|down|up)|load|blur|change|click|dblclick|focus|key(down|up|press)|select)(\ *)=(\ *)[\"'][^>\"']*[\"']([^>]*)>)(.*)(<\/\\2>)?/misU";
+                $dirtyCodePattern = "/(<([\w]+[\w0-9]*)(.*)on(mouse(move|over|down|up)|load|blur|change|click|dblclick|focus|key(down|up|press)|select)([\n\ ]*)=([\n\ ]*)[\"'][^>\"']*[\"']([^>]*)>)(.*)(<\/\\2>)?/misU";
                 preg_match_all($dirtyCodePattern,$body,$rest,PREG_PATTERN_ORDER);
                 foreach($rest[0] as $i => $val)
                         if (!(preg_match("/javascript:window\.open\(\"\/index\.php\?menuaction=calendar\.uicalendar\.set_action\&cal_id=([^;'\"]+);?['\"]/i",$rest[1][$i]) && strtoupper($rest[4][$i]) == "CLICK" )) //Calendar events
                                 $body = str_replace($rest[1][$i],"<".$rest[2][$i].$rest[3][$i].$rest[7][$i].">",$body);
+                        $body = str_replace($rest[1][$i],"<".$rest[2][$i].$rest[3][$i].$rest[7][$i].">",$body);
                 return  "<span>".$body;

Note: See TracChangeset for help on using the changeset viewer.