lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Html tag <marquee are forbidden

Browse Source
This commit is contained in:
Laurent Destailleur 2019-08-30 15:17:13 +02:00
parent e54dbecf6d
commit 55f0051db2
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
htdocs/main.inc.php
View File

@ -108,6 +108,7 @@ function testSqlAndScriptInject($val, $type)
$inj += preg_match('/<script/i', $val);
$inj += preg_match('/<iframe/i', $val);
$inj += preg_match('/<audio/i', $val);
$inj += (stripos('/<marquee/i', $val) === false ? 0 : 1);
$inj += preg_match('/Set\.constructor/i', $val); // ECMA script 6
if (! defined('NOSTYLECHECK')) $inj += preg_match('/<style/i', $val);
$inj += preg_match('/base[\s]+href/si', $val);