From: graf25 Date: Sat, 26 Apr 2003 04:29:53 +0000 (+0000) Subject: Fixing what I broke. X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=f83c60a2b96d60fd06e57bb77be1ddb58459a0ea;p=squirrelmail.git Fixing what I broke. git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@4820 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- diff --git a/functions/mime.php b/functions/mime.php index c631666d..9ed7c844 100644 --- a/functions/mime.php +++ b/functions/mime.php @@ -1340,9 +1340,9 @@ function sq_fixstyle($message, $id, $content){ * Fix stupid css declarations which lead to vulnerabilities * in IE. */ - $match = Array('/expression/si', - '/behaviou*r/si', - '/binding/si'); + $match = Array('/expression/i', + '/behaviou*r/i', + '/binding/i'); $replace = Array('idiocy', 'idiocy', 'idiocy'); $content = preg_replace($match, $replace, $content); return $content; @@ -1644,10 +1644,10 @@ function magicHTML($body, $id, $message, $mailbox = 'INBOX') { "/^src|background/i" => Array( Array( - "|^([\'\"])\s*\.\./.*([\'\"])|i", - "/^([\'\"])\s*\S+script\s*:.*([\'\"])/i", - "/^([\'\"])\s*mocha\s*:*.*([\'\"])/i", - "/^([\'\"])\s*about\s*:.*([\'\"])/i" + "|^([\'\"])\s*\.\./.*([\'\"])|si", + "/^([\'\"])\s*\S+script\s*:.*([\'\"])/si", + "/^([\'\"])\s*mocha\s*:*.*([\'\"])/si", + "/^([\'\"])\s*about\s*:.*([\'\"])/si" ), Array( "\\1$secremoveimg\\2", @@ -1659,10 +1659,10 @@ function magicHTML($body, $id, $message, $mailbox = 'INBOX') { "/^href|action/i" => Array( Array( - "|^([\'\"])\s*\.\./.*([\'\"])|i", - "/^([\'\"])\s*\S+script\s*:.*([\'\"])/i", - "/^([\'\"])\s*mocha\s*:*.*([\'\"])/i", - "/^([\'\"])\s*about\s*:.*([\'\"])/i" + "|^([\'\"])\s*\.\./.*([\'\"])|si", + "/^([\'\"])\s*\S+script\s*:.*([\'\"])/si", + "/^([\'\"])\s*mocha\s*:*.*([\'\"])/si", + "/^([\'\"])\s*about\s*:.*([\'\"])/si" ), Array( "\\1#\\2", @@ -1671,16 +1671,16 @@ function magicHTML($body, $id, $message, $mailbox = 'INBOX') { "\\1#\\2" ) ), - "/^style/si" => + "/^style/i" => Array( Array( - "/expression/si", - "/binding/si", - "/behaviou*r/si", - "|url\(([\'\"])\s*\.\./.*([\'\"])\)|i", - "/url\(([\'\"])\s*\S+script\s*:.*([\'\"])\)/i", - "/url\(([\'\"])\s*mocha\s*:.*([\'\"])\)/i", - "/url\(([\'\"])\s*about\s*:.*([\'\"])\)/i" + "/expression/i", + "/binding/i", + "/behaviou*r/i", + "|url\(([\'\"])\s*\.\./.*([\'\"])\)|si", + "/url\(([\'\"])\s*\S+script\s*:.*([\'\"])\)/si", + "/url\(([\'\"])\s*mocha\s*:.*([\'\"])\)/si", + "/url\(([\'\"])\s*about\s*:.*([\'\"])\)/si" ), Array( "idiocy", @@ -1703,7 +1703,7 @@ function magicHTML($body, $id, $message, $mailbox = 'INBOX') { * to false. */ array_push($bad_attvals{'/.*/'}{'/^src|background/i'}[0], - '/^([\'\"])\s*https*:.*([\'\"])/i'); + '/^([\'\"])\s*https*:.*([\'\"])/si'); array_push($bad_attvals{'/.*/'}{'/^src|background/i'}[1], "\\1$secremoveimg\\2"); array_push($bad_attvals{'/.*/'}{'/^style/i'}[0], @@ -1713,7 +1713,7 @@ function magicHTML($body, $id, $message, $mailbox = 'INBOX') { } $add_attr_to_tag = Array( - "/^a$/si" => Array('target'=>'"_new"') + "/^a$/i" => Array('target'=>'"_new"') ); $trusted = sq_sanitize($body, $tag_list, @@ -1727,7 +1727,7 @@ function magicHTML($body, $id, $message, $mailbox = 'INBOX') { $id, $mailbox ); - if (preg_match("|$secremoveimg|si", $trusted)){ + if (preg_match("|$secremoveimg|i", $trusted)){ $has_unsafe_images = true; } return $trusted;