--- a/includes/functions.php Mon Dec 28 12:19:47 2009 -0500
+++ b/includes/functions.php Mon Dec 28 16:52:41 2009 -0500
@@ -1852,8 +1852,8 @@
// Vulnerability reported by fuzion from nukeit.org:
// XSS in closing HTML tag style attribute
// Fix: escape all closing tags with non-whitelisted characters
- $html = preg_replace('!</((?:.*)([^a-z0-9-_:]+)(?:.*))>!', '</\\1>', $html);
-
+ $html = preg_replace('!</((?:[^>]*)([^a-z0-9_:>-]+)(?:[^>]*))>!i', '</\\1>', $html);
+
// Restore stripped comments
$i = 0;
foreach ( $comment_match[0] as $comment )
@@ -1870,8 +1870,9 @@
$i++;
}
+ // debug
+ // return '<pre>' . htmlspecialchars($html) . '</pre>';
return $html;
-
}
/**