- Timestamp:
- 09/04/12 14:26:03 (12 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/2.4/expressoMail1_2/inc/class.imap_functions.inc.php
r7087 r7162 1897 1897 $body = preg_replace('/<(meta|base|link|html|\/html)[^>]*>/i', '', $body); 1898 1898 1899 1900 // Malicious Code Remove 1901 $dirtyCodePattern = "/(<([\w]+[\w0-9]*)(.*)on(mouse(move|over|down|up)|load|blur|change|error|click|dblclick|focus|key(down|up|press)|select)([\n\ ]*)=([\n\ ]*)[\"'][^>\"']*[\"']([^>]*)>)(.*)(<\/\\2>)?/misU"; 1902 preg_match_all($dirtyCodePattern, $body, $rest, PREG_PATTERN_ORDER); 1903 foreach ($rest[0] as $i => $val) { 1904 if (!(preg_match("/javascript:window\.open\(\"([^'\"]*)\/index\.php\?menuaction=calendar\.uicalendar\.set_action\&cal_id=([^;'\"]+);?['\"]/i", $rest[1][$i]) && strtoupper($rest[4][$i]) == "CLICK" )) //Calendar events 1905 $body = str_replace($rest[1][$i], "<" . $rest[2][$i] . $rest[3][$i] . $rest[7][$i] . ">", $body); 1906 } 1899 1907 require_once(dirname(__FILE__).'/../../library/CssToInlineStyles/css_to_inline_styles.php'); 1900 1908 $cssToInlineStyles = new CSSToInlineStyles($body); … … 1913 1921 foreach ($tag_list as $index => $tag) 1914 1922 $body = @mb_eregi_replace("<$tag\\b[^>]*>(.*?)</$tag>", '', $body); 1915 1916 // Malicious Code Remove1917 $dirtyCodePattern = "/(<([\w]+[\w0-9]*)(.*)on(mouse(move|over|down|up)|load|blur|change|error|click|dblclick|focus|key(down|up|press)|select)([\n\ ]*)=([\n\ ]*)[\"'][^>\"']*[\"']([^>]*)>)(.*)(<\/\\2>)?/misU";1918 preg_match_all($dirtyCodePattern, $body, $rest, PREG_PATTERN_ORDER);1919 foreach ($rest[0] as $i => $val) {1920 if (!(preg_match("/javascript:window\.open\(\"([^'\"]*)\/index\.php\?menuaction=calendar\.uicalendar\.set_action\&cal_id=([^;'\"]+);?['\"]/i", $rest[1][$i]) && strtoupper($rest[4][$i]) == "CLICK" )) //Calendar events1921 $body = str_replace($rest[1][$i], "<" . $rest[2][$i] . $rest[3][$i] . $rest[7][$i] . ">", $body);1922 }1923 1923 1924 1924 /*
Note: See TracChangeset
for help on using the changeset viewer.