We use cookies to ensure you get the best experience on our website
首页 发现 帮助
注册 登录
0ct0pu5
/
squirrelmail
1
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
浏览代码

also need to get u\rl outside of style blocks;
do not try to correct them since they are obviously malicious

Thijs Kinkhorst 19 年之前
父节点
bc760f36ad
当前提交
6d6ac0cbec
共有 1 个文件被更改,包括 2 次插入0 次删除
合并视图 显示文件统计
  1. 2 0
      functions/mime.php

+ 2 - 0
functions/mime.php
查看文件 

@@ -2164,6 +2164,7 @@ function magicHTML($body, $id, $message, $mailbox = 'INBOX', $take_mailto_links
 
                     "/behaviou*r/i",
 
                     "/behaviou*r/i",
 
                     "/include-source/i",
 
                     "/include-source/i",
 
                     "/position\s*:\s*absolute/i",
 
                     "/position\s*:\s*absolute/i",
 
+                    "/(\\\\)?u(\\\\)?r(\\\\)?l(\\\\)?/i",
 
                     "/url\s*\(\s*([\'\"])\s*\S+script\s*:.*([\'\"])\s*\)/si",
 
                     "/url\s*\(\s*([\'\"])\s*\S+script\s*:.*([\'\"])\s*\)/si",
 
                     "/url\s*\(\s*([\'\"])\s*mocha\s*:.*([\'\"])\s*\)/si",
 
                     "/url\s*\(\s*([\'\"])\s*mocha\s*:.*([\'\"])\s*\)/si",
 
                     "/url\s*\(\s*([\'\"])\s*about\s*:.*([\'\"])\s*\)/si",
 
                     "/url\s*\(\s*([\'\"])\s*about\s*:.*([\'\"])\s*\)/si",
 
@@ -2176,6 +2177,7 @@ function magicHTML($body, $id, $message, $mailbox = 'INBOX', $take_mailto_links
 
                     "idiocy",
 
                     "idiocy",
 
                     "idiocy",
 
                     "idiocy",
 
                     "",
 
                     "",
 
+                    "idiocy",
 
                     "url(\\1#\\1)",
 
                     "url(\\1#\\1)",
 
                     "url(\\1#\\1)",
 
                     "url(\\1#\\1)",
 
                     "url(\\1#\\1)",
 
                     "url(\\1#\\1)",

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5