Better input checking on GET and POST vars

git-svn-id: https://svn.roundcube.net/trunk@483 208e9e7b-5314-0410-a742-e7e81cd9613c
author: thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c> 2007-02-16 19:35:03 +0000
committer: thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c> 2007-02-16 19:35:03 +0000
commit: 521051c553407d1417f648f8ad69448de9183f29 (patch)
tree: 6edf689001936110789a4870ff496dd8207b944b /roundcubemail/program/include
parent: aee4f14da9e66092723bfea6ab8c0ca12abbfc44 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/roundcubemail/program/include/main.inc b/roundcubemail/program/include/main.inc
index d914e3ecb..88c22b85e 100644
--- a/roundcubemail/program/include/main.inc
+++ b/roundcubemail/program/include/main.inc
@@ -1689,12 +1689,12 @@ function create_attrib_string($attrib, $allowed_attribs=array('id', 'class', 'st
 function parse_attrib_string($str)
   {
   $attrib = array();
-  preg_match_all('/\s*([-_a-z]+)=["]([^"]+)["]?/i', stripslashes($str), $regs, PREG_SET_ORDER);
+  preg_match_all('/\s*([-_a-z]+)=(["\'])([^"]+)\2/Ui', stripslashes($str), $regs, PREG_SET_ORDER);
 
   // convert attributes to an associative array (name => value)
   if ($regs)
     foreach ($regs as $attr)
-      $attrib[strtolower($attr[1])] = $attr[2];
+      $attrib[strtolower($attr[1])] = $attr[3];
 
   return $attrib;
   }
author	thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c>	2007-02-16 19:35:03 +0000
committer	thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c>	2007-02-16 19:35:03 +0000
commit	521051c553407d1417f648f8ad69448de9183f29 (patch)
tree	6edf689001936110789a4870ff496dd8207b944b /roundcubemail/program/include
parent	aee4f14da9e66092723bfea6ab8c0ca12abbfc44 (diff)