---MOQ10857456597831fd43535a29503c43ef65cb98871c
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Hello,
I found a little bug in imp/lib/MIME/Viewer/html.php (RELENG). The code that
trys to comment out style-tags runs after the code, that converts malicious
tags to "<cleaned_tag>", where the style-tag is included. I did not look into
HEAD, but I assume it is the same there.
This is my patch. It just removes the style-tag from the malicious tags:
--- html.php.orig Fri May 28 13:35:41 2004
+++ html.php Fri May 28 13:53:40 2004
@@ -101,8 +101,7 @@
'|<([^>]*)meta|i',
'|<([^>]*)j\sa\sv\sa|i',
'|<([^>]*)object|i',
- '|<([^>]*)iframe|i',
- '|<(\s*)style|i');
+ '|<([^>]*)iframe|i');
$data = preg_replace($malicious, '<cleaned_tag', $data);
/* Comment out style/link tags. */
Regards,
Malte
---MOQ10857456597831fd43535a29503c43ef65cb98871c
Content-Type: text/plain; name="html.php.patch"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="html.php.patch"
LS0tIGh0bWwucGhwLm9yaWcgICAgICAgRnJpIE1heSAyOCAxMzozNTo0MSAyMDA0DQorKysgaHRt
bC5waHAgICAgRnJpIE1heSAyOCAxMzo1Mzo0MCAyMDA0DQpAQCAtMTAxLDggKzEwMSw3IEBADQog
ICAgICAgICAgICAgICAgICAgICAgICAgICAgJ3w8KFtePl0qKW1ldGF8aScsDQogICAgICAgICAg
ICAgICAgICAgICAgICAgICAgJ3w8KFtePl0qKWpcc2Fcc3Zcc2F8aScsDQogICAgICAgICAgICAg
ICAgICAgICAgICAgICAgJ3w8KFtePl0qKW9iamVjdHxpJywNCi0gICAgICAgICAgICAgICAgICAg
ICAgICAgICAnfDwoW14+XSopaWZyYW1lfGknLA0KLSAgICAgICAgICAgICAgICAgICAgICAgICAg
ICd8PChccyopc3R5bGV8aScpOw0KKyAgICAgICAgICAgICAgICAgICAgICAgICAgICd8PChbXj5d
KilpZnJhbWV8aScpOw0KICAgICAgICAgJGRhdGEgPSBwcmVnX3JlcGxhY2UoJG1hbGljaW91cywg
JzxjbGVhbmVkX3RhZycsICRkYXRhKTsNCg0KICAgICAgICAgLyogQ29tbWVudCBvdXQgc3R5bGUv
bGluayB0YWdzLiAqLw0K
---MOQ10857456597831fd43535a29503c43ef65cb98871c
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
--
Horde developers mailing list - Join the hunt: http://horde.org/bounties/
Frequently Asked Questions: http://horde.org/faq/
To unsubscribe, mail: dev-uns...@lists.horde.org
---MOQ10857456597831fd43535a29503c43ef65cb98871c--
> I found a little bug in imp/lib/MIME/Viewer/html.php (RELENG). The code that
> trys to comment out style-tags runs after the code, that converts malicious
> tags to "<cleaned_tag>", where the style-tag is included. I did not look into
> HEAD, but I assume it is the same there.
>
> This is my patch. It just removes the style-tag from the malicious tags:
Why do you assume this is an error?
-chuck
--
"Regard my poor demoralized mule!" - Juan Valdez