Skip to content

Commit

Permalink
MDL-17637 fixed adobe XSS protection
Browse files Browse the repository at this point in the history
  • Loading branch information
skodak committed Dec 29, 2008
1 parent bba9b20 commit 920337d
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion lib/weblib.php
View file
Expand Up @@ -2007,7 +2007,7 @@ function cleanAttributes2($htmlArray){
$arreach['value'] = preg_replace("/b\s*i\s*n\s*d\s*i\s*n\s*g/i", "Xbinding", $arreach['value']);
} else if ($arreach['name'] == 'href') {
//Adobe Acrobat Reader XSS protection
$arreach['value'] = preg_replace('/(\.(pdf|fdf|xfdf|xdp|xfd))[^a-z0-9_\.\-].*$/i', '$1', $arreach['value']);
$arreach['value'] = preg_replace('/(\.(pdf|fdf|xfdf|xdp|xfd)[^#]*)#.*$/i', '$1', $arreach['value']);
}
$attStr .= ' '.$arreach['name'].'="'.$arreach['value'].'"';
}
Expand Down

0 comments on commit 920337d

Please sign in to comment.