diff options
| author | thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2006-12-29 21:06:39 +0000 |
|---|---|---|
| committer | thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2006-12-29 21:06:39 +0000 |
| commit | f4f322ec568a54b6e8b3a2f3eb581484543898e6 (patch) | |
| tree | b319ce048f0ac5a35781b68170a53df81c4c249d /roundcubemail/program/steps/mail/func.inc | |
| parent | 097e3924383ff388060e5639dbd53ea1a93da923 (diff) | |
Error handling for attachment uploads; multibyte-safe string functions; XSS improvements
git-svn-id: https://svn.roundcube.net/trunk@440 208e9e7b-5314-0410-a742-e7e81cd9613c
Diffstat (limited to 'roundcubemail/program/steps/mail/func.inc')
| -rw-r--r-- | roundcubemail/program/steps/mail/func.inc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/roundcubemail/program/steps/mail/func.inc b/roundcubemail/program/steps/mail/func.inc index dea6c040e..b8c391aae 100644 --- a/roundcubemail/program/steps/mail/func.inc +++ b/roundcubemail/program/steps/mail/func.inc @@ -1214,7 +1214,7 @@ function rcmail_mod_html_body($body, $container_id) while ($body != $prev_body) { $prev_body = $body; - $body = preg_replace('/(<[^!][^>]*?\s)(on\w+?)(=[^>]*?>)/im', '$1__removed=$3', $body); + $body = preg_replace('/(<[^!][^>]*?\s)(on[^=]+)(=[^>]*?>)/im', '$1__removed=$3', $body); $body = preg_replace('/(<[^!][^>]*?\shref=["\']?)(javascript:)([^>]*?>)/im', '$1null:$3', $body); } |