check all attribute names for validity
This commit is contained in:
parent
fb8dbfa1bb
commit
ede25aabce
2
boot.php
2
boot.php
|
@ -9,7 +9,7 @@ require_once('include/nav.php');
|
||||||
require_once('include/cache.php');
|
require_once('include/cache.php');
|
||||||
|
|
||||||
define ( 'FRIENDIKA_PLATFORM', 'Friendica');
|
define ( 'FRIENDIKA_PLATFORM', 'Friendica');
|
||||||
define ( 'FRIENDIKA_VERSION', '2.3.1166' );
|
define ( 'FRIENDIKA_VERSION', '2.3.1167' );
|
||||||
define ( 'DFRN_PROTOCOL_VERSION', '2.22' );
|
define ( 'DFRN_PROTOCOL_VERSION', '2.22' );
|
||||||
define ( 'DB_UPDATE_VERSION', 1104 );
|
define ( 'DB_UPDATE_VERSION', 1104 );
|
||||||
|
|
||||||
|
|
|
@ -3041,9 +3041,13 @@ class HTML5_TreeBuilder {
|
||||||
|
|
||||||
if (!empty($token['attr'])) {
|
if (!empty($token['attr'])) {
|
||||||
foreach($token['attr'] as $attr) {
|
foreach($token['attr'] as $attr) {
|
||||||
// mike@macgirvin.com 2011-10-21, stray double quotes and/or numeric tags cause everything to abort
|
|
||||||
$attr['name'] = str_replace('"','',$attr['name']);
|
// mike@macgirvin.com 2011-11-17, check attribute name for
|
||||||
if($attr['name'] && (!$el->hasAttribute($attr['name'])) && (! is_numeric($attr['name']))) {
|
// validity (ignoring extenders and combiners) as illegal chars in names
|
||||||
|
// causes everything to abort
|
||||||
|
|
||||||
|
$valid = preg_match('/^[a-zA-Z\_\:]([\-a-zA-Z0-9\_\:\.]+$)/',$attr['name'],$matches);
|
||||||
|
if($attr['name'] && (!$el->hasAttribute($attr['name'])) && ($valid)) {
|
||||||
$el->setAttribute($attr['name'], $attr['value']);
|
$el->setAttribute($attr['name'], $attr['value']);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue