Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix Nested Email MyCode Persistent XSS
  • Loading branch information
dvz committed Feb 22, 2021
1 parent 5fe63c8 commit cb781b4
Showing 1 changed file with 2 additions and 8 deletions.
10 changes: 2 additions & 8 deletions inc/class_parser.php
Expand Up @@ -1347,14 +1347,8 @@ function mycode_parse_email($email, $name="")
{
$name = $email;
}
if(preg_match("/^([a-zA-Z0-9-_\+\.]+?)@[a-zA-Z0-9-]+\.[a-zA-Z0-9\.-]+$/si", $email))
{
$email = $email;
}
elseif(preg_match("/^([a-zA-Z0-9-_\+\.]+?)@[a-zA-Z0-9-]+\.[a-zA-Z0-9\.-]+\?(.*?)$/si", $email))
{
$email = htmlspecialchars_uni($email);
}

$email = $this->encode_url($email);

eval("\$mycode_email = \"".$templates->get("mycode_email", 1, 0)."\";");
return $mycode_email;
Expand Down

0 comments on commit cb781b4

Please sign in to comment.