summaryrefslogtreecommitdiff
path: root/program
diff options
context:
space:
mode:
authorthomascube <thomas@roundcube.net>2008-09-12 16:00:25 +0000
committerthomascube <thomas@roundcube.net>2008-09-12 16:00:25 +0000
commit85a9130647fff8ffafbd35117705f3ec7ec98ce0 (patch)
treeb5de0539095dcca8e6a6d29b11ab39fe1efec5e6 /program
parentdc5b83d188737c1ce18909f185669a0a0f1c1f4a (diff)
Fix xss entitiy decoding
Diffstat (limited to 'program')
-rw-r--r--program/include/main.inc4
1 files changed, 2 insertions, 2 deletions
diff --git a/program/include/main.inc b/program/include/main.inc
index 0453b14ad..77074a0bd 100644
--- a/program/include/main.inc
+++ b/program/include/main.inc
@@ -643,8 +643,8 @@ function rcmail_mod_css_styles($source, $container_id, $base_url = '')
function rcmail_xss_entitiy_decode($content)
{
$out = html_entity_decode(html_entity_decode($content));
- $out = preg_replace('/\\\00([a-z0-9]{2})/ie', "chr(hexdec('\\1'))", $out);
- $out = preg_replace('#/\*.+\*/#Um', '', $out);
+ $out = preg_replace('/\\\([a-z0-9]{4})/ie', "chr(hexdec('\\1'))", $out);
+ $out = preg_replace('#/\*.*\*/#Um', '', $out);
return $out;
}