Browse files

Add back in UTF7 attack vector fixes. Combine known attack vector rep…

…lacements into one str_replace call.

git-svn-id: http://svn.php.net/repository/pear/packages/HTML_Safe/trunk@301730 c90b9560-bf6c-de11-be94-00142212c4b1
  • Loading branch information...
1 parent ea39f44 commit ea0ff49531cc37fb158ef258a679893af50b5831 @saltybeagle saltybeagle committed Jul 30, 2010
Showing with 12 additions and 5 deletions.
  1. +12 −5 HTML/Safe.php
View
17 HTML/Safe.php
@@ -640,11 +640,18 @@ public function parse($doc)
// Save all '<' symbols
$doc = preg_replace("/<(?=[^a-zA-Z\/\!\?\%])/", '&lt;', $doc);
- // Web documents shouldn't contains \x00 symbol
- $doc = str_replace("\x00", '', $doc);
-
- // Opera6 bug workaround
- $doc = str_replace("\xC0\xBC", '&lt;', $doc);
+ // Known attack vector replacements
+ $doc = str_replace(array("\x00", // Web documents shouldn't contain \x00 symbol
+ "\xC0\xBC", // Opera6 bug workaround
+ "+ADw-", // UTF7 attack <
+ "+AD4-", // UTF7 attack >
+ ),
+ array('',
+ '&lt;',
+ '&lt;',
+ '&gt;',
+ ),
+ $doc);
// UTF7 pack
//$doc = $this->repackUTF7($doc);

0 comments on commit ea0ff49

Please sign in to comment.