1
0
mirror of https://github.com/phpbb/phpbb.git synced 2025-05-07 16:15:22 +02:00

fix the html issue...

git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@5369 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen 2005-12-22 11:34:02 +00:00
parent 8c5431cc68
commit 90a093fc5f
2 changed files with 4 additions and 3 deletions

@ -75,7 +75,8 @@ p,ul,td {font-size:10pt;}
<li>[Fix] change truncation of username length in usercp_register.php - BFUK</li>
<li>[Fix] incorrect path to avatars in admin_users.php (Bug #667)</li>
<li>[Fix] fixed get_userdata to support correct sql escaping (non-mysql dbs) - jarnaez</li>
<li>[Sec] fixed XSS issue in IE within the url bbcode</li>
<li>[Sec] fixed XSS issue (only valid for Internet Explorer) within the url bbcode</li>
<li>[Sec] fixed XSS issue (only valid for Internet Explorer) if html tags are allowed and enabled</li>
</ul>

@ -25,8 +25,8 @@ if (!defined('IN_PHPBB'))
die('Hacking attempt');
}
$html_entities_match = array('#&(?!(\#[0-9]+;))#', '#<#', '#>#');
$html_entities_replace = array('&amp;', '&lt;', '&gt;');
$html_entities_match = array('#&(?!(\#[0-9]+;))#', '#<#', '#>#', '#"#');
$html_entities_replace = array('&amp;', '&lt;', '&gt;', '&quot;');
$unhtml_specialchars_match = array('#&gt;#', '#&lt;#', '#&quot;#', '#&amp;#');
$unhtml_specialchars_replace = array('>', '<', '"', '&');