--- a/includes/functions.php Sat Jan 17 11:31:45 2009 -0500
+++ b/includes/functions.php Sat Jan 17 11:32:18 2009 -0500
@@ -1854,6 +1854,11 @@
// <
// The rule is so specific because everything else will have been filtered by now
$html = preg_replace('/<(script|iframe)(.+?)src=([^>]*)</i', '<\\1\\2src=\\3<', $html);
+
+ // Vulnerability reported by fuzion from nukeit.org:
+ // XSS in closing HTML tag style attribute
+ // Fix: escape all closing tags with non-whitelisted characters
+ $html = preg_replace('!</((?:.*)([^a-z0-9-_:]+)(?:.*))>!', '</\\1>', $html);
// Restore stripped comments
$i = 0;