Friendica/friendica-github
1
0
Fork 0
mirror of https://github.com/friendica/friendica synced 2025-04-24 07:10:11 +00:00
Code Issues Projects Releases Packages Wiki Activity

block injection vector

Browse source
This commit is contained in:
friendica 2013-02-26 17:33:18 -08:00
parent 6e21534f23
commit 5205a374ee
3 changed files with 16 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

18
include/bbcode.php
View file

@ -652,20 +652,20 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true, $simplehtml = fal
// Only do it when it has to be done - for performance reasons
// Update: Now it is done every time - since bad structured html can break a whole page
//if (!$tryoembed) {
$doc = new DOMDocument();
$doc->preserveWhiteSpace = false;
// $doc = new DOMDocument();
// $doc->preserveWhiteSpace = false;
$Text = mb_convert_encoding($Text, 'HTML-ENTITIES', "UTF-8");
// $Text = mb_convert_encoding($Text, 'HTML-ENTITIES', "UTF-8");
$doctype = '<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">';
@$doc->loadHTML($doctype."<html><body>".$Text."</body></html>");
// $doctype = '<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">';
// @$doc->loadHTML($doctype."<html><body>".$Text."</body></html>");
$Text = $doc->saveHTML();
$Text = str_replace(array("<html><body>", "</body></html>", $doctype), array("", "", ""), $Text);
// $Text = $doc->saveHTML();
// $Text = str_replace(array("<html><body>", "</body></html>", $doctype), array("", "", ""), $Text);
$Text = str_replace('<br></li>','</li>', $Text);
// $Text = str_replace('<br></li>','</li>', $Text);
$Text = mb_convert_encoding($Text, "UTF-8", 'HTML-ENTITIES');
// $Text = mb_convert_encoding($Text, "UTF-8", 'HTML-ENTITIES');
//}
call_hooks('bbcode',$Text);