From: graf25 Date: Thu, 24 Apr 2003 02:19:31 +0000 (+0000) Subject: Updated to remove lowsrc attribute. X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=3a50c8d2cb12699407b8abdd26776eed1e2b325c;p=squirrelmail.git Updated to remove lowsrc attribute. Optimized the regexes to remove the useles /s switch. git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@4799 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- diff --git a/functions/mime.php b/functions/mime.php index a1be206c..eace33a3 100644 --- a/functions/mime.php +++ b/functions/mime.php @@ -1629,10 +1629,11 @@ function magicHTML($body, $id, $message, $mailbox = 'INBOX') { $rm_attnames = Array( "/.*/" => Array( - "/target/si", - "/^on.*/si", - "/^dynsrc/si", - "/^data.*/si" + "/target/i", + "/^on.*/i", + "/^dynsrc/i", + "/^data.*/i", + "/^lowsrc.*/i" ) ); @@ -1643,10 +1644,10 @@ function magicHTML($body, $id, $message, $mailbox = 'INBOX') { "/^src|background/i" => Array( Array( - "|^([\'\"])\s*\.\./.*([\'\"])|si", - "/^([\'\"])\s*\S+script\s*:.*([\'\"])/si", - "/^([\'\"])\s*mocha\s*:*.*([\'\"])/si", - "/^([\'\"])\s*about\s*:.*([\'\"])/si" + "|^([\'\"])\s*\.\./.*([\'\"])|i", + "/^([\'\"])\s*\S+script\s*:.*([\'\"])/i", + "/^([\'\"])\s*mocha\s*:*.*([\'\"])/i", + "/^([\'\"])\s*about\s*:.*([\'\"])/i" ), Array( "\\1$secremoveimg\\2", @@ -1658,10 +1659,10 @@ function magicHTML($body, $id, $message, $mailbox = 'INBOX') { "/^href|action/i" => Array( Array( - "|^([\'\"])\s*\.\./.*([\'\"])|si", - "/^([\'\"])\s*\S+script\s*:.*([\'\"])/si", - "/^([\'\"])\s*mocha\s*:*.*([\'\"])/si", - "/^([\'\"])\s*about\s*:.*([\'\"])/si" + "|^([\'\"])\s*\.\./.*([\'\"])|i", + "/^([\'\"])\s*\S+script\s*:.*([\'\"])/i", + "/^([\'\"])\s*mocha\s*:*.*([\'\"])/i", + "/^([\'\"])\s*about\s*:.*([\'\"])/i" ), Array( "\\1#\\2", @@ -1676,10 +1677,10 @@ function magicHTML($body, $id, $message, $mailbox = 'INBOX') { "/expression/si", "/binding/si", "/behaviou*r/si", - "|url\(([\'\"])\s*\.\./.*([\'\"])\)|si", - "/url\(([\'\"])\s*\S+script\s*:.*([\'\"])\)/si", - "/url\(([\'\"])\s*mocha\s*:.*([\'\"])\)/si", - "/url\(([\'\"])\s*about\s*:.*([\'\"])\)/si" + "|url\(([\'\"])\s*\.\./.*([\'\"])\)|i", + "/url\(([\'\"])\s*\S+script\s*:.*([\'\"])\)/i", + "/url\(([\'\"])\s*mocha\s*:.*([\'\"])\)/i", + "/url\(([\'\"])\s*about\s*:.*([\'\"])\)/i" ), Array( "idiocy", @@ -1702,12 +1703,12 @@ function magicHTML($body, $id, $message, $mailbox = 'INBOX') { * to false. */ array_push($bad_attvals{'/.*/'}{'/^src|background/i'}[0], - '/^([\'\"])\s*https*:.*([\'\"])/si'); + '/^([\'\"])\s*https*:.*([\'\"])/i'); array_push($bad_attvals{'/.*/'}{'/^src|background/i'}[1], "\\1$secremoveimg\\2"); - array_push($bad_attvals{'/.*/'}{'/^style/si'}[0], + array_push($bad_attvals{'/.*/'}{'/^style/i'}[0], '/url\(([\'\"])\s*https*:.*([\'\"])\)/si'); - array_push($bad_attvals{'/.*/'}{'/^style/si'}[1], + array_push($bad_attvals{'/.*/'}{'/^style/i'}[1], "url(\\1$secremoveimg\\2)"); } @@ -1732,4 +1733,4 @@ function magicHTML($body, $id, $message, $mailbox = 'INBOX') { return $trusted; } -?> \ No newline at end of file +?>