Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

UTF-7 XSS vulnerability fixed

git-svn-id: http://svn.php.net/repository/pear/packages/HTML_Safe/trunk@301739 c90b9560-bf6c-de11-be94-00142212c4b1
  • Loading branch information...
commit 34145823b551545fbc862e109f3402822cbe9da0 1 parent ea0ff49
Miguel Vazquez Gocobachi authored
Showing with 1 addition and 14 deletions.
  1. +1 −14 HTML/Safe.php
View
15 HTML/Safe.php
@@ -640,21 +640,8 @@ public function parse($doc)
// Save all '<' symbols
$doc = preg_replace("/<(?=[^a-zA-Z\/\!\?\%])/", '&lt;', $doc);
- // Known attack vector replacements
- $doc = str_replace(array("\x00", // Web documents shouldn't contain \x00 symbol
- "\xC0\xBC", // Opera6 bug workaround
- "+ADw-", // UTF7 attack <
- "+AD4-", // UTF7 attack >
- ),
- array('',
- '&lt;',
- '&lt;',
- '&gt;',
- ),
- $doc);
-
// UTF7 pack
- //$doc = $this->repackUTF7($doc);
+ $doc = $this->repackUTF7($doc);
// Instantiate the parser
$parser = new XML_HTMLSax3;
Please sign in to comment.
Something went wrong with that request. Please try again.