diff --git a/lib/kses.php b/lib/kses.php index bd6b19de28b..0c379d8d552 100644 --- a/lib/kses.php +++ b/lib/kses.php @@ -470,7 +470,7 @@ function kses_bad_protocol_once($string, $allowed_protocols) ############################################################################### { return preg_replace('/^((&[^;]*;|[\sA-Za-z0-9])*)'. - '(:|:|&#[Xx]3[Aa];)\s*/e', + '(:|�*58;|&#[Xx]3[Aa];)\s*/e', 'kses_bad_protocol_once2("\\1", $allowed_protocols)', $string); } # function kses_bad_protocol_once diff --git a/lib/weblib.php b/lib/weblib.php index e18eef47627..26c9e3e6c42 100644 --- a/lib/weblib.php +++ b/lib/weblib.php @@ -1456,6 +1456,10 @@ function clean_text($text, $format=FORMAT_MOODLE) { default: + /// Fix non standard entity notations + $text = preg_replace('/(&#[0-9]+)(;?)/', "\\1;", $text); + $text = preg_replace('/(&#x[0-9a-fA-F]+)(;?)/', "\\1;", $text); + /// Remove tags that are not allowed $text = strip_tags($text, $ALLOWED_TAGS); @@ -1518,7 +1522,25 @@ function cleanAttributes2($htmlArray){ $attStr = ''; foreach ($attrArray as $arreach) { - $attStr .= ' '.strtolower($arreach['name']).'="'.$arreach['value'].'" '; + $arreach['name'] = strtolower($arreach['name']); + if ($arreach['name'] == 'style') { + $value = $arreach['value']; + while (true) { + $prevvalue = $value; + $value = kses_no_null($value); + $value = preg_replace("/\/\*.*\*\//Us", '', $value); + $value = kses_decode_entities($value); + $value = preg_replace('/(&#[0-9]+)(;?)/', "\\1;", $value); + $value = preg_replace('/(&#x[0-9a-fA-F]+)(;?)/', "\\1;", $value); + if ($value === $prevvalue) { + $arreach['value'] = $value; + break; + } + } + $arreach['value'] = preg_replace("/j\s*a\s*v\s*a\s*s\s*c\s*r\s*i\s*p\s*t/i", "Xjavascript", $arreach['value']); + $arreach['value'] = preg_replace("/e\s*x\s*p\s*r\s*e\s*s\s*s\s*i\s*o\s*n/i", "Xexpression", $arreach['value']); + } + $attStr .= ' '.$arreach['name'].'="'.$arreach['value'].'" '; } // Remove last space from attribute list