Fixing what I broke.

author graf25 <graf25@7612ce4b-ef26-0410-bec9-ea0150e637f0>

Sat, 26 Apr 2003 04:29:53 +0000 (04:29 +0000)

committer graf25 <graf25@7612ce4b-ef26-0410-bec9-ea0150e637f0>

Sat, 26 Apr 2003 04:29:53 +0000 (04:29 +0000)
author graf25 <graf25@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Sat, 26 Apr 2003 04:29:53 +0000 (04:29 +0000)
committer graf25 <graf25@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Sat, 26 Apr 2003 04:29:53 +0000 (04:29 +0000)
diff --git a/functions/mime.php b/functions/mime.php

index c631666db712880e51f72ba3694c0e4e9331ef5d..9ed7c844db023cecc17c48440e87edea6499ba95 100644 (file)
--- a/functions/mime.php
+++ b/functions/mime.php
@@ -1340,9 +1340,9 @@ function sq_fixstyle($message, $id, $content){
       * Fix stupid css declarations which lead to vulnerabilities
       * in IE.
       */
-    $match   = Array('/expression/si',
-                     '/behaviou*r/si',
-                     '/binding/si');
+    $match   = Array('/expression/i',
+                     '/behaviou*r/i',
+                     '/binding/i');
      $replace = Array('idiocy', 'idiocy', 'idiocy');
      $content = preg_replace($match, $replace, $content);
      return $content;
@@ -1644,10 +1644,10 @@ function magicHTML($body, $id, $message, $mailbox = 'INBOX') {
                  "/^src|background/i" =>
                      Array(
                            Array(
-                                "|^([\'\"])\s*\.\./.*([\'\"])|i",
-                                "/^([\'\"])\s*\S+script\s*:.*([\'\"])/i",
-                                "/^([\'\"])\s*mocha\s*:*.*([\'\"])/i",
-                                "/^([\'\"])\s*about\s*:.*([\'\"])/i"
+                                "|^([\'\"])\s*\.\./.*([\'\"])|si",
+                                "/^([\'\"])\s*\S+script\s*:.*([\'\"])/si",
+                                "/^([\'\"])\s*mocha\s*:*.*([\'\"])/si",
+                                "/^([\'\"])\s*about\s*:.*([\'\"])/si"
                                  ),
                            Array(
                                  "\\1$secremoveimg\\2",
@@ -1659,10 +1659,10 @@ function magicHTML($body, $id, $message, $mailbox = 'INBOX') {
                  "/^href|action/i" =>
                      Array(
                            Array(
-                                "|^([\'\"])\s*\.\./.*([\'\"])|i",
-                                "/^([\'\"])\s*\S+script\s*:.*([\'\"])/i",
-                                "/^([\'\"])\s*mocha\s*:*.*([\'\"])/i",
-                                "/^([\'\"])\s*about\s*:.*([\'\"])/i"
+                                "|^([\'\"])\s*\.\./.*([\'\"])|si",
+                                "/^([\'\"])\s*\S+script\s*:.*([\'\"])/si",
+                                "/^([\'\"])\s*mocha\s*:*.*([\'\"])/si",
+                                "/^([\'\"])\s*about\s*:.*([\'\"])/si"
                                  ),
                            Array(
                                  "\\1#\\2",
@@ -1671,16 +1671,16 @@ function magicHTML($body, $id, $message, $mailbox = 'INBOX') {
                                  "\\1#\\2"
                                  )
                          ),
-                "/^style/si" =>
+                "/^style/i" =>
                      Array(
                            Array(
-                                "/expression/si",
-                                "/binding/si",
-                                "/behaviou*r/si",
-                                "|url\(([\'\"])\s*\.\./.*([\'\"])\)|i",
-                                "/url\(([\'\"])\s*\S+script\s*:.*([\'\"])\)/i",
-                                "/url\(([\'\"])\s*mocha\s*:.*([\'\"])\)/i",
-                                "/url\(([\'\"])\s*about\s*:.*([\'\"])\)/i"
+                                "/expression/i",
+                                "/binding/i",
+                                "/behaviou*r/i",
+                                "|url\(([\'\"])\s*\.\./.*([\'\"])\)|si",
+                                "/url\(([\'\"])\s*\S+script\s*:.*([\'\"])\)/si",
+                                "/url\(([\'\"])\s*mocha\s*:.*([\'\"])\)/si",
+                                "/url\(([\'\"])\s*about\s*:.*([\'\"])\)/si"
                                 ),
                            Array(
                                  "idiocy",
@@ -1703,7 +1703,7 @@ function magicHTML($body, $id, $message, $mailbox = 'INBOX') {
           * to false.
           */
           array_push($bad_attvals{'/.*/'}{'/^src|background/i'}[0],
-                    '/^([\'\"])\s*https*:.*([\'\"])/i');
+                    '/^([\'\"])\s*https*:.*([\'\"])/si');
           array_push($bad_attvals{'/.*/'}{'/^src|background/i'}[1],
                      "\\1$secremoveimg\\2");
           array_push($bad_attvals{'/.*/'}{'/^style/i'}[0],
@@ -1713,7 +1713,7 @@ function magicHTML($body, $id, $message, $mailbox = 'INBOX') {
      }
  
      $add_attr_to_tag = Array(
-                             "/^a$/si" => Array('target'=>'"_new"')
+                             "/^a$/i" => Array('target'=>'"_new"')
                               );
      $trusted = sq_sanitize($body, 
                             $tag_list, 
@@ -1727,7 +1727,7 @@ function magicHTML($body, $id, $message, $mailbox = 'INBOX') {
                             $id,
                             $mailbox
                             );
-    if (preg_match("|$secremoveimg|si", $trusted)){
+    if (preg_match("|$secremoveimg|i", $trusted)){
          $has_unsafe_images = true;
      } 
      return $trusted;
author	graf25 <graf25@7612ce4b-ef26-0410-bec9-ea0150e637f0>
	Sat, 26 Apr 2003 04:29:53 +0000 (04:29 +0000)
committer	graf25 <graf25@7612ce4b-ef26-0410-bec9-ea0150e637f0>
	Sat, 26 Apr 2003 04:29:53 +0000 (04:29 +0000)