From 536e99e3c9e3156db98e825384d4793488d9fa84 Mon Sep 17 00:00:00 2001
From: florian HENRY <florian.henry@atm-consuliting.fr>
Date: Thu, 19 Sep 2019 09:59:05 +0200
Subject: [PATCH 1/2] fix regex main.inc.php fatal

---
 htdocs/main.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index 14b1d581986..00110bbe456 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -133,7 +133,7 @@ function testSqlAndScriptInject($val, $type)
 	$inj += preg_match('/onmouse([a-z]*)\s*=/i', $val);       // onmousexxx can be set on img or any html tag like <img title='...' onmouseover=alert(1)>
 	$inj += preg_match('/ondrag([a-z]*)\s*=/i', $val);        //
 	$inj += preg_match('/ontouch([a-z]*)\s*=/i', $val);        //
-	$inj += preg_match('/on(abort|afterprint[beforeprint|beforeunload|blur|canplay|canplaythrough|change|click|contextmenu|copy|cut)\s*=/i', $val);
+	$inj += preg_match('/on(abort|afterprint[beforeprint|beforeunload|blur|canplay|canplaythrough|change|click|contextmenu|copy|cut])\s*=/i', $val);
 	$inj += preg_match('/on(dblclick|drop|durationchange|ended|error|focus|focusin|focusout|hashchange|input|invalid)\s*=/i', $val);
 	$inj += preg_match('/on(keydown|keypress|keyup|load|loadeddata|loadedmetadata|loadstart|offline|online|pagehide|pageshow)\s*=/i', $val);
 	$inj += preg_match('/on(paste|pause|play|playing|progress|ratechange|resize|reset|scroll|search|seeking|select|show|stalled|submit|suspend)\s*=/i', $val);

From 3b555797d1e36b0d8a17f93d1cc701c843537df9 Mon Sep 17 00:00:00 2001
From: florian HENRY <florian.henry@atm-consuliting.fr>
Date: Thu, 19 Sep 2019 12:32:26 +0200
Subject: [PATCH 2/2] fix regex

---
 htdocs/main.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index 00110bbe456..abd07908641 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -133,7 +133,7 @@ function testSqlAndScriptInject($val, $type)
 	$inj += preg_match('/onmouse([a-z]*)\s*=/i', $val);       // onmousexxx can be set on img or any html tag like <img title='...' onmouseover=alert(1)>
 	$inj += preg_match('/ondrag([a-z]*)\s*=/i', $val);        //
 	$inj += preg_match('/ontouch([a-z]*)\s*=/i', $val);        //
-	$inj += preg_match('/on(abort|afterprint[beforeprint|beforeunload|blur|canplay|canplaythrough|change|click|contextmenu|copy|cut])\s*=/i', $val);
+	$inj += preg_match('/on(abort|afterprint|beforeprint|beforeunload|blur|canplay|canplaythrough|change|click|contextmenu|copy|cut)\s*=/i', $val);
 	$inj += preg_match('/on(dblclick|drop|durationchange|ended|error|focus|focusin|focusout|hashchange|input|invalid)\s*=/i', $val);
 	$inj += preg_match('/on(keydown|keypress|keyup|load|loadeddata|loadedmetadata|loadstart|offline|online|pagehide|pageshow)\s*=/i', $val);
 	$inj += preg_match('/on(paste|pause|play|playing|progress|ratechange|resize|reset|scroll|search|seeking|select|show|stalled|submit|suspend)\s*=/i', $val);