From: Thijs K. <ki...@us...> - 2006-02-23 13:50:14
|
Update of /cvsroot/squirrelmail/squirrelmail/functions In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv23286 Modified Files: mime.php Log Message: also need to get u\rl outside of style blocks; do not try to correct them since they are obviously malicious Index: mime.php =================================================================== RCS file: /cvsroot/squirrelmail/squirrelmail/functions/mime.php,v retrieving revision 1.365 retrieving revision 1.366 diff -u -w -r1.365 -r1.366 --- mime.php 23 Feb 2006 13:10:58 -0000 1.365 +++ mime.php 23 Feb 2006 13:50:08 -0000 1.366 @@ -2164,6 +2164,7 @@ "/behaviou*r/i", "/include-source/i", "/position\s*:\s*absolute/i", + "/(\\\\)?u(\\\\)?r(\\\\)?l(\\\\)?/i", "/url\s*\(\s*([\'\"])\s*\S+script\s*:.*([\'\"])\s*\)/si", "/url\s*\(\s*([\'\"])\s*mocha\s*:.*([\'\"])\s*\)/si", "/url\s*\(\s*([\'\"])\s*about\s*:.*([\'\"])\s*\)/si", @@ -2176,6 +2177,7 @@ "idiocy", "idiocy", "", + "idiocy", "url(\\1#\\1)", "url(\\1#\\1)", "url(\\1#\\1)", |