Official Sponsor: NetworkRedux
PHP-Fusion
February 09 2010 15:05:40
Navigation
Users Online
· Guests Online: 24

· Members Online: 0

· Total Members: 28,327
· Newest Member: darevil
IRC Channel
Got an IRC Client?
Join our new IRC channel at

irc.freenode.com/phpfusion

Free IRC Clients: Wikipedia
Support Sites
Last Seen Users
· Barspin< 5 mins
· Softovick00:06:55
· jikaka00:19:17
· Antonoff77700:21:01
· Gravis00:33:13
· afif02:00:37
· Boxes02:23:38
· Splash02:30:12
· bser02:33:11
· structor03:04:19
Donate
Another XSS exploit fix
SecurityOpen up maincore.php, look for this line in function parseubb (approx 373)

$message = preg_replace('#(<[^>]+[\\"\'])(onmouseover|onmousedown|onmouseup|onmouseout|onmousemove|onclick|ondblclick|onload|xmlns)[^>]*>#iUu',">",$message);



Replace it with
$message = preg_replace('#(<[^>]+[\\"\'\s])(onmouseover|onmousedown|onmouseup|onmouseout|onmousemove|onclick|ondblclick|onload|xmlns)[^>]*>#iUu',">",$message);



Then, Insert this line
$message = preg_replace('#([a-z]*)=([\`\'\"]*)jscript:#iUu','$1=$2nojscript...',$message);



Before
$message = preg_replace('#([a-z]*)=([\`\'\"]*)javascript:#iUu','$1=$2nojavascript...',$message);




Then look for this line in function descript (approx line 406)
$text = preg_replace('#(<[^>]+[\\"\'])(onmouseover|onmousedown|onmouseup|onmouseout|onmousemove|onclick|ondblclick|onload|xmlns)[^>]*>#iUu',">",$text);



Replace it with
$text = preg_replace('#(<[^>]+[\\"\'\s])(onmouseover|onmousedown|onmouseup|onmouseout|onmousemove|onclick|ondblclick|onload|xmlns)[^>]*>#iUu',">",$text);



Then, Insert this line
$text = preg_replace('#([a-z]*)=([\`\'\"]*)jscript:#iUu','$1=$2nojscript...',$text);



Before
$text = preg_replace('#([a-z]*)=([\`\'\"]*)javascript:#iUu','$1=$2nojavascript...',$text);
· Digitanium on Aug 30 2005 at 14:46:44 · Print
Ratings
Rating is available to Members only.

Please login or register to vote.
No Ratings have been Posted.
Login
Username

Password



Not a member yet?
Click here to register.

Forgotten your password?
Request a new one here.
RSS Feeds
- PHP-Fusion News
- SF File Releases
- SF News Releases
Latest Roadmap Items
Shoutbox
You must login to post a message.

afif
09 Feb 2010 13:05:02
My nick is my name! Haha Grin

Splash
09 Feb 2010 12:35:27
What yours nick mean? Mine mean nothing, it's a random nick. Pfft

Splash
09 Feb 2010 12:26:08
Welcome pitbull.

afif
09 Feb 2010 11:06:11
welcome pitbull!

pitbullkmikc
09 Feb 2010 07:02:29
Hello everybody, I'm a new member, have a good day everybody...

Fangree_Craig
08 Feb 2010 17:11:07
Hello Darchangel and erm Darchangel... Grin

Darchangel
08 Feb 2010 16:11:03
Hello guys and erm guys... Grin

Fangree_Craig
08 Feb 2010 15:47:37
@Sampler- English only Please!

Splash
08 Feb 2010 03:32:56
Tell me few, I like to listen bands from various countries. (Is "some", "few" or "a few"?) Pfft

slaughter
07 Feb 2010 22:28:01
Rammstein is nice, but I prefer some scandinavian bands Smile
Render time: 0.29 seconds 58,353,884 unique visits
All content on this site is Copyright © 2003-2009 PHP-Fusion and Nick Jones, all rights reserved.
Logos and trademarks are the property of their respective owners.


Powered by PHP-Fusion copyright © 2002 - 2010 by Nick Jones.
Released as free software without warranties under GNU Affero GPL v3.