diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2005-10-18 23:34:36 +0200 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2005-10-18 23:34:36 +0200 |
| commit | 453493f24ca09d6d213a95e42de8d91bb5577458 (patch) | |
| tree | b05546940eabe71156efbffdb597eed3a32a6ba8 | |
| parent | 0773871451ff132a1facfc32e30bf3e81a4e759a (diff) | |
| download | rpg-453493f24ca09d6d213a95e42de8d91bb5577458.tar.gz rpg-453493f24ca09d6d213a95e42de8d91bb5577458.tar.bz2 | |
another XSS bugfix for #595
darcs-hash:20051018213436-7ad00-63e2b361e358729cb90a6126f9cc842e4904c3ec.gz
| -rw-r--r-- | inc/parser/xhtml.php | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/inc/parser/xhtml.php b/inc/parser/xhtml.php index f58b52029..d1e7a2354 100644 --- a/inc/parser/xhtml.php +++ b/inc/parser/xhtml.php @@ -878,6 +878,11 @@ class Doku_Renderer_xhtml extends Doku_Renderer { //remove double encodings in titles $link['title'] = str_replace('&amp;','&',$link['title']); + // be sure there are no bad chars in url or title + // (we can't do this for name because it can contain an img tag) + $link['url'] = strtr($link['url'],array('>'=>'%3E','<'=>'%3C','"'=>'%22')); + $link['title'] = strtr($link['title'],array('>'=>'>','<'=>'<','"'=>'"')); + $ret = ''; $ret .= $link['pre']; $ret .= '<a href="'.$link['url'].'"'; |