Revision 14928,
559 bytes
checked in by adati, 17 years ago
(diff) |
XSS:置換候補に「javascript:」を追加
|
Rev | Line | |
---|
[14393] | 1 | <?php
|
---|
| 2 | /**
|
---|
[14525] | 3 | * Script¥¿¥°¤ò¥¨¥¹¥±¡¼¥×¤¹¤ë
|
---|
[14393] | 4 | *
|
---|
[14525] | 5 | * @param string $value ÆþÎÏ
|
---|
| 6 | * @return string $value ¥Þ¥Ã¥Á¤·¤¿¾ì¹ç¤ÏÊÑ´¹¸å¤Îʸ»úÎ󡢤·¤Ê¤¤¾ì¹ç¤ÏÆþÎϤµ¤ì¤¿Ê¸»úÎó¤ò¤½¤Î¤Þ¤ÞÊÖ¤¹¡£
|
---|
[14393] | 7 | */
|
---|
| 8 | function smarty_modifier_script_escape($value) {
|
---|
| 9 |
|
---|
[14928] | 10 | if (is_array($value)) return $value;
|
---|
[14464] | 11 |
|
---|
[14928] | 12 | $pattern = "/<script.*?>|<\/script>|javascript:/";
|
---|
| 13 | $convert = "#script tag escaped#";
|
---|
[14525] | 14 |
|
---|
[14529] | 15 | if ( preg_match_all($pattern, $value, $matches) ) {
|
---|
[14525] | 16 | return preg_replace($pattern, $convert, $value);
|
---|
| 17 | } else {
|
---|
| 18 | return $value;
|
---|
| 19 | }
|
---|
[14393] | 20 | }
|
---|
| 21 | ?>
|
---|
Note: See
TracBrowser
for help on using the repository browser.