adulau/cakephp2-php8
1
0
Fork 0
mirror of https://github.com/kamilwylegala/cakephp2-php8.git synced 2025-01-19 02:56:15 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fixing greedy Sanitize::stripTags(). Fixes #5758.

Browse source 
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@7876 3807eeeb-6ff5-0310-8944-8be069107fe0
This commit is contained in:
mark_story 2008-11-16 05:00:41 +00:00
parent 6806b895cb
commit 6c2d6dbc0e
2 changed files with 21 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
cake/libs/sanitize.php
View file

@ -162,7 +162,7 @@ class Sanitize {
$str = $params[0]; $str = $params[0];
for ($i = 1; $i < count($params); $i++) { for ($i = 1; $i < count($params); $i++) {
$str = preg_replace('/<' . $params[$i] . '[^>]*>/i', '', $str); $str = preg_replace('/<' . $params[$i] . '\b[^>]*>/i', '', $str);
$str = preg_replace('/<\/' . $params[$i] . '[^>]*>/i', '', $str); $str = preg_replace('/<\/' . $params[$i] . '[^>]*>/i', '', $str);
} }
return $str; return $str;

20
cake/tests/cases/libs/sanitize.test.php
View file

@ -375,6 +375,26 @@ class SanitizeTest extends CakeTestCase {
$expected = 'Important<p>Additional information here <img src="/img/test.png" />. Read even more here</p>'; $expected = 'Important<p>Additional information here <img src="/img/test.png" />. Read even more here</p>';
$result = Sanitize::stripTags($string, 'h2', 'a'); $result = Sanitize::stripTags($string, 'h2', 'a');
$this->assertEqual($result, $expected); $this->assertEqual($result, $expected);
$string = '<h2>Important</h2><p>Additional information here <a href="/about"><img src="/img/test.png" /></a>. Read even more here</p>';
$expected = 'Important<p>Additional information here . Read even more here</p>';
$result = Sanitize::stripTags($string, 'h2', 'a', 'img');
$this->assertEqual($result, $expected);
$string = '<b>Important message!</b><br>This message will self destruct!';
$expected = 'Important message!<br>This message will self destruct!';
$result = Sanitize::stripTags($string, 'b');
$this->assertEqual($result, $expected);
$string = '<b>Important message!</b><br />This message will self destruct!';
$expected = 'Important message!<br />This message will self destruct!';
$result = Sanitize::stripTags($string, 'b');
$this->assertEqual($result, $expected);
$string = '<h2 onclick="alert(\'evil\'); onmouseover="badness()">Important</h2><p>Additional information here <a href="/about"><img src="/img/test.png" /></a>. Read even more here</p>';
$expected = 'Important<p>Additional information here . Read even more here</p>';
$result = Sanitize::stripTags($string, 'h2', 'a', 'img');
$this->assertEqual($result, $expected);
} }
/** /**
* testFormatColumns method * testFormatColumns method