From 453493f24ca09d6d213a95e42de8d91bb5577458 Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Tue, 18 Oct 2005 23:34:36 +0200
Subject: another XSS bugfix for #595

darcs-hash:20051018213436-7ad00-63e2b361e358729cb90a6126f9cc842e4904c3ec.gz
---
 inc/parser/xhtml.php | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'inc/parser')

diff --git a/inc/parser/xhtml.php b/inc/parser/xhtml.php
index f58b52029..d1e7a2354 100644
--- a/inc/parser/xhtml.php
+++ b/inc/parser/xhtml.php
@@ -878,6 +878,11 @@ class Doku_Renderer_xhtml extends Doku_Renderer {
         //remove double encodings in titles
         $link['title'] = str_replace('&amp;amp;','&amp;',$link['title']);
 
+        // be sure there are no bad chars in url or title
+        // (we can't do this for name because it can contain an img tag)
+        $link['url']   = strtr($link['url'],array('>'=>'%3E','<'=>'%3C','"'=>'%22'));
+        $link['title'] = strtr($link['title'],array('>'=>'&gt;','<'=>'&lt;','"'=>'&quot;'));
+
         $ret  = '';
         $ret .= $link['pre'];
         $ret .= '<a href="'.$link['url'].'"';
-- 
cgit v1.2.3