friendica/friendica
6
0
Fork 1
mirror of https://github.com/friendica/friendica synced 2024-05-19 04:56:43 +02:00
Code Issues Packages Projects Releases 1 Wiki Activity

block injection vector

Browse source
This commit is contained in:
friendica 2013-02-26 17:33:18 -08:00
parent 6e21534f23
commit 5205a374ee
3 changed files with 16 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
boot.php
View file

@ -12,7 +12,7 @@ require_once('library/Mobile_Detect/Mobile_Detect.php');
require_once('include/features.php'); require_once('include/features.php');
define ( 'FRIENDICA_PLATFORM', 'Friendica'); define ( 'FRIENDICA_PLATFORM', 'Friendica');
define ( 'FRIENDICA_VERSION', '3.1.1619' ); define ( 'FRIENDICA_VERSION', '3.1.1623' );
define ( 'DFRN_PROTOCOL_VERSION', '2.23' ); define ( 'DFRN_PROTOCOL_VERSION', '2.23' );
define ( 'DB_UPDATE_VERSION', 1163 ); define ( 'DB_UPDATE_VERSION', 1163 );
define ( 'EOL', "<br />\r\n" ); define ( 'EOL', "<br />\r\n" );

18
include/bbcode.php
View file

@ -652,20 +652,20 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true, $simplehtml = fal
// Only do it when it has to be done - for performance reasons // Only do it when it has to be done - for performance reasons
// Update: Now it is done every time - since bad structured html can break a whole page // Update: Now it is done every time - since bad structured html can break a whole page
//if (!$tryoembed) { //if (!$tryoembed) {
$doc = new DOMDocument(); // $doc = new DOMDocument();
$doc->preserveWhiteSpace = false; // $doc->preserveWhiteSpace = false;
$Text = mb_convert_encoding($Text, 'HTML-ENTITIES', "UTF-8"); // $Text = mb_convert_encoding($Text, 'HTML-ENTITIES', "UTF-8");
$doctype = '<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">'; // $doctype = '<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">';
@$doc->loadHTML($doctype."<html><body>".$Text."</body></html>"); // @$doc->loadHTML($doctype."<html><body>".$Text."</body></html>");
$Text = $doc->saveHTML(); // $Text = $doc->saveHTML();
$Text = str_replace(array("<html><body>", "</body></html>", $doctype), array("", "", ""), $Text); // $Text = str_replace(array("<html><body>", "</body></html>", $doctype), array("", "", ""), $Text);
$Text = str_replace('<br></li>','</li>', $Text); // $Text = str_replace('<br></li>','</li>', $Text);
$Text = mb_convert_encoding($Text, "UTF-8", 'HTML-ENTITIES'); // $Text = mb_convert_encoding($Text, "UTF-8", 'HTML-ENTITIES');
//} //}
call_hooks('bbcode',$Text); call_hooks('bbcode',$Text);

12
util/messages.po
View file

@ -6,9 +6,9 @@
#, fuzzy #, fuzzy
msgid "" msgid ""
msgstr "" msgstr ""
"Project-Id-Version: 3.1.1619\n" "Project-Id-Version: 3.1.1623\n"
"Report-Msgid-Bugs-To: \n" "Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2013-02-22 00:00-0800\n" "POT-Creation-Date: 2013-02-26 00:00-0800\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n" "Language-Team: LANGUAGE <LL@li.org>\n"
@ -9839,6 +9839,10 @@ msgstr ""
msgid "Textareas font size" msgid "Textareas font size"
msgstr "" msgstr ""
#: ../../index.php:400
msgid "toggle mobile"
msgstr ""
#: ../../boot.php:650 #: ../../boot.php:650
msgid "Delete this item?" msgid "Delete this item?"
msgstr "" msgstr ""
@ -9960,7 +9964,3 @@ msgstr ""
#: ../../boot.php:1895 #: ../../boot.php:1895
msgid "Only You Can See This" msgid "Only You Can See This"
msgstr "" msgstr ""
#: ../../index.php:400
msgid "toggle mobile"
msgstr ""