We use cookies to ensure you get the best experience on our website
Inicio Explorar Ayuda
Registro Iniciar sesión
0ct0pu5
/
squirrelmail
1
0
Fork 0
Archivos Incidencias 0 Pull Requests 0 Wiki
Explorar el Código

also need to get u\rl outside of style blocks;
do not try to correct them since they are obviously malicious

Thijs Kinkhorst hace 19 años
padre
bc760f36ad
commit
6d6ac0cbec
Se han modificado 1 ficheros con 2 adiciones y 0 borrados
Dividir vista Mostrar estadísticas de diff
  1. 2 0
      functions/mime.php

+ 2 - 0
functions/mime.php
Ver fichero 

@@ -2164,6 +2164,7 @@ function magicHTML($body, $id, $message, $mailbox = 'INBOX', $take_mailto_links
 
                     "/behaviou*r/i",
 
                     "/include-source/i",
 
                     "/position\s*:\s*absolute/i",
 
+                    "/(\\\\)?u(\\\\)?r(\\\\)?l(\\\\)?/i",
 
                     "/url\s*\(\s*([\'\"])\s*\S+script\s*:.*([\'\"])\s*\)/si",
 
                     "/url\s*\(\s*([\'\"])\s*mocha\s*:.*([\'\"])\s*\)/si",
 
                     "/url\s*\(\s*([\'\"])\s*about\s*:.*([\'\"])\s*\)/si",
 
@@ -2176,6 +2177,7 @@ function magicHTML($body, $id, $message, $mailbox = 'INBOX', $take_mailto_links
 
                     "idiocy",
 
                     "idiocy",
 
                     "",
 
+                    "idiocy",
 
                     "url(\\1#\\1)",
 
                     "url(\\1#\\1)",
 
                     "url(\\1#\\1)",

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5