diff options
| author | Dries Buytaert <dries@buytaert.net> | 2003-06-29 18:21:47 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2003-06-29 18:21:47 +0000 |
| commit | da80e6204252b78c3cbe380df54c056df438a1d0 (patch) | |
| tree | 47638b2b2c0ec57e083e0d31675380f687336b8a | |
| parent | 4d29898a9638a30451e6fb53c1429bfa4ed43ee7 (diff) | |
| download | brdo-da80e6204252b78c3cbe380df54c056df438a1d0.tar.gz brdo-da80e6204252b78c3cbe380df54c056df438a1d0.tar.bz2 | |
- Removed "link" from the XSS check as well as "font".
| -rw-r--r-- | includes/common.inc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/includes/common.inc b/includes/common.inc index 4b7fb4e2e..a60265314 100644 --- a/includes/common.inc +++ b/includes/common.inc @@ -490,7 +490,7 @@ function xss_check_input_data($data) { $match += preg_match("/\W(src|href)\s*=[\s'\"]*javascript[^>]+?>/i", $data); // check tags: - $match += preg_match("/<\s*(applet|script|object|style|embed|form|blink|meta|font|html|link|frame|iframe|layer|ilayer|head|frameset|xml)/i", $data); + $match += preg_match("/<\s*(applet|script|object|style|embed|form|blink|meta|html|frame|iframe|layer|ilayer|head|frameset|xml)/i", $data); if ($match) { watchdog("warning", "terminated request because of suspicious input data: ". drupal_specialchars($data)); |