- #27230: Fix XHTML slash in XSS filter

2 files changed, 6 insertions, 4 deletions

diff --git a/modules/filter.module b/modules/filter.module
index b81039879..2aa7398fe 100644
--- a/modules/filter.module
+++ b/modules/filter.module
@@ -1134,13 +1134,14 @@ function _filter_xss_split($m, $store = FALSE) {
     return "</$elem>";
   }
   // Is there a closing XHTML slash at the end of the attributes?
-  $xhtml_slash = preg_match('%\s/\s*$%', $attr) ? '/' : '';
+  $xhtml_slash = preg_match('%\s?/\s*$%', $attrlist) ? ' /' : '';
 
   // Clean up attributes
   $attr2 = implode(' ', _filter_xss_attributes($attrlist));
   $attr2 = preg_replace('/[<>]/', '', $attr2);
+  $attr2 = strlen($attr2) ? ' '. $attr2 : '';
 
-  return "<$elem $attr2$xhtml_slash>";
+  return "<$elem$attr2$xhtml_slash>";
 }
 
 /**
diff --git a/modules/filter/filter.module b/modules/filter/filter.module
index b81039879..2aa7398fe 100644
--- a/modules/filter/filter.module
+++ b/modules/filter/filter.module
@@ -1134,13 +1134,14 @@ function _filter_xss_split($m, $store = FALSE) {
     return "</$elem>";
   }
   // Is there a closing XHTML slash at the end of the attributes?
-  $xhtml_slash = preg_match('%\s/\s*$%', $attr) ? '/' : '';
+  $xhtml_slash = preg_match('%\s?/\s*$%', $attrlist) ? ' /' : '';
 
   // Clean up attributes
   $attr2 = implode(' ', _filter_xss_attributes($attrlist));
   $attr2 = preg_replace('/[<>]/', '', $attr2);
+  $attr2 = strlen($attr2) ? ' '. $attr2 : '';
 
-  return "<$elem $attr2$xhtml_slash>";
+  return "<$elem$attr2$xhtml_slash>";
 }
 
 /**