mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-17 06:25:33 +02:00
Code Issues Projects Releases Wiki Activity

MDL-2684: kses strips out CSS from style tags unless the first property is on 'allowed' list, this is silly

Browse Source
This commit is contained in:
Sam Marshall 2009-12-02 17:59:43 +00:00
parent 640bb8c1b6
commit 6c37c4c6c8
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lib/kses.php
View File

@ -311,7 +311,12 @@ function kses_hair($attr, $allowed_protocols)
if (preg_match('/^"([^"]*)"(\s+|$)/', $attr, $match))
# "value"
{
$thisval = kses_bad_protocol($match[1], $allowed_protocols);
// MDL-2684 - kses stripping CSS styles that it thinks look like protocols
if ($attrname == 'style') {
$thisval = $match[1];
} else {
$thisval = kses_bad_protocol($match[1], $allowed_protocols);
}
$attrarr[] = array
('name' => $attrname,