Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Add back in UTF7 attack vector fixes. Combine known attack vector rep…

…lacements into one str_replace call.

git-svn-id: http://svn.php.net/repository/pear/packages/HTML_Safe/trunk@301730 c90b9560-bf6c-de11-be94-00142212c4b1
  • Loading branch information...
commit ea0ff49531cc37fb158ef258a679893af50b5831 1 parent ea39f44
Brett Bieber saltybeagle authored
Showing with 12 additions and 5 deletions.
  1. +12 −5 HTML/Safe.php
17 HTML/Safe.php
View
@@ -640,11 +640,18 @@ public function parse($doc)
// Save all '<' symbols
$doc = preg_replace("/<(?=[^a-zA-Z\/\!\?\%])/", '&lt;', $doc);
- // Web documents shouldn't contains \x00 symbol
- $doc = str_replace("\x00", '', $doc);
-
- // Opera6 bug workaround
- $doc = str_replace("\xC0\xBC", '&lt;', $doc);
+ // Known attack vector replacements
+ $doc = str_replace(array("\x00", // Web documents shouldn't contain \x00 symbol
+ "\xC0\xBC", // Opera6 bug workaround
+ "+ADw-", // UTF7 attack <
+ "+AD4-", // UTF7 attack >
+ ),
+ array('',
+ '&lt;',
+ '&lt;',
+ '&gt;',
+ ),
+ $doc);
// UTF7 pack
//$doc = $this->repackUTF7($doc);
Please sign in to comment.
Something went wrong with that request. Please try again.