# HG changeset patch # User Dan # Date 1262037161 18000 # Node ID 59fee40b4644c460d3f3954efa63971fccf16b49 # Parent 80c903b0ec9cb782cc78e2face863ffd944b785c Fixed a couple non-security sanitizer and editor bugs diff -r 80c903b0ec9c -r 59fee40b4644 includes/clientside/static/ajax.js --- a/includes/clientside/static/ajax.js Mon Dec 28 12:19:47 2009 -0500 +++ b/includes/clientside/static/ajax.js Mon Dec 28 16:52:41 2009 -0500 @@ -165,13 +165,14 @@
\ ' + switcher + '
\
\ -
\ +
\ Edit summary:
\
\ save changes | preview changes | revert changes | discard changes\
\ '+editNotice+'\
'; + document.getElementById('ajaxEditArea').value = ajax.responseText; // initTextareas(); if(readCookie('enano_editor_mode') == 'tinymce') { diff -r 80c903b0ec9c -r 59fee40b4644 includes/functions.php --- a/includes/functions.php Mon Dec 28 12:19:47 2009 -0500 +++ b/includes/functions.php Mon Dec 28 16:52:41 2009 -0500 @@ -1852,8 +1852,8 @@ // Vulnerability reported by fuzion from nukeit.org: // XSS in closing HTML tag style attribute // Fix: escape all closing tags with non-whitelisted characters - $html = preg_replace('!!', '</\\1>', $html); - + $html = preg_replace('!]*)([^a-z0-9_:>-]+)(?:[^>]*))>!i', '</\\1>', $html); + // Restore stripped comments $i = 0; foreach ( $comment_match[0] as $comment ) @@ -1870,8 +1870,9 @@ $i++; } + // debug + // return '
' . htmlspecialchars($html) . '
'; return $html; - } /**