Changeset 7161 for trunk/expressoMail1_2
- Timestamp:
- 09/04/12 12:54:18 (12 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/expressoMail1_2/inc/class.imap_functions.inc.php
r7070 r7161 1906 1906 $body = str_ireplace('<o:p> </o:p>','<br />', $body);//Qubra de linha do MSO 1907 1907 $body = preg_replace('/<(meta|base|link|html|\/html)[^>]*>/i', '', $body); 1908 1909 1910 // Malicious Code Remove 1911 $dirtyCodePattern = "/(<([\w]+[\w0-9]*)(.*)on(mouse(move|over|down|up)|load|blur|change|error|click|dblclick|focus|key(down|up|press)|select)([\n\ ]*)=([\n\ ]*)[\"'][^>\"']*[\"']([^>]*)>)(.*)(<\/\\2>)?/misU"; 1912 preg_match_all($dirtyCodePattern, $body, $rest, PREG_PATTERN_ORDER); 1913 foreach ($rest[0] as $i => $val) { 1914 if (!(preg_match("/javascript:window\.open\(\"([^'\"]*)\/index\.php\?menuaction=calendar\.uicalendar\.set_action\&cal_id=([^;'\"]+);?['\"]/i", $rest[1][$i]) && strtoupper($rest[4][$i]) == "CLICK" )) //Calendar events 1915 $body = str_replace($rest[1][$i], "<" . $rest[2][$i] . $rest[3][$i] . $rest[7][$i] . ">", $body); 1916 } 1908 1917 1909 1918 require_once(dirname(__FILE__).'/../../library/CssToInlineStyles/css_to_inline_styles.php'); … … 1923 1932 foreach ($tag_list as $index => $tag) 1924 1933 $body = @mb_eregi_replace("<$tag\\b[^>]*>(.*?)</$tag>", '', $body); 1925 1926 // Malicious Code Remove1927 $dirtyCodePattern = "/(<([\w]+[\w0-9]*)(.*)on(mouse(move|over|down|up)|load|blur|change|error|click|dblclick|focus|key(down|up|press)|select)([\n\ ]*)=([\n\ ]*)[\"'][^>\"']*[\"']([^>]*)>)(.*)(<\/\\2>)?/misU";1928 preg_match_all($dirtyCodePattern, $body, $rest, PREG_PATTERN_ORDER);1929 foreach ($rest[0] as $i => $val) {1930 if (!(preg_match("/javascript:window\.open\(\"([^'\"]*)\/index\.php\?menuaction=calendar\.uicalendar\.set_action\&cal_id=([^;'\"]+);?['\"]/i", $rest[1][$i]) && strtoupper($rest[4][$i]) == "CLICK" )) //Calendar events1931 $body = str_replace($rest[1][$i], "<" . $rest[2][$i] . $rest[3][$i] . $rest[7][$i] . ">", $body);1932 }1933 1934 1934 1935 /*
Note: See TracChangeset
for help on using the changeset viewer.