[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-cvs] wiki/parse/transforms.php, 1.4.2.1
|
From: |
nomail |
|
Subject: |
[Phpgroupware-cvs] wiki/parse/transforms.php, 1.4.2.1 |
|
Date: |
Fri, 3 Sep 2004 12:46:24 +0200 |
Update of /wiki/parse
Modified Files:
Branch: Version-0_9_16-branch
transforms.php
date: 2004/09/03 10:46:24; author: skwashd; state: Exp; lines: +5 -2
Log Message:
XSS Fix
=====================================================================
Index: wiki/parse/transforms.php
diff -u wiki/parse/transforms.php:1.4 wiki/parse/transforms.php:1.4.2.1
--- wiki/parse/transforms.php:1.4 Wed Jul 2 22:16:34 2003
+++ wiki/parse/transforms.php Fri Sep 3 10:46:24 2004
@@ -1,6 +1,9 @@
<?php
// $Id$
+//Portions of this script written by Dave Hall - skwashd at phpgroupware.org
+//Portions of this file are Copyright (c) 2004 The Free Software Foundation Inc
+
// The main parser components. Each of these takes a line of text and scans it
// for particular wiki markup. It converts markup elements to
// $FlgChr . x . $FlgChr, where x is an index into the global array $Entity,
@@ -322,7 +325,7 @@
return $FlgChr . (count($Entity) - 1) . $FlgChr;
}
// the following str-replace gards agains css or script in the html
- $buffer = $buffer .
parse_elements(str_replace(array('<script','</script'),array('<script','</script'),$text));
+ $buffer .=
parse_elements(str_replace(array('<script','</script'),array('<script','</script'),
preg_replace("' on(.*?)=\"(.*?)\"'i", '', $text)));
return '';
}
else
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-cvs] wiki/parse/transforms.php, 1.4.2.1,
nomail <=