|
@@ -38,15 +38,15 @@ discard block |
|
|
block discarded – undo |
|
38
|
38
|
function getArrayOfEmoji() |
|
39
|
39
|
{ |
|
40
|
40
|
$arrayofcommonemoji = array( |
|
41
|
|
- 'misc' => array('2600', '26FF'), // Miscellaneous Symbols |
|
42
|
|
- 'ding' => array('2700', '27BF'), // Dingbats |
|
43
|
|
- '????' => array('9989', '9989'), // Variation Selectors |
|
44
|
|
- 'vars' => array('FE00', 'FE0F'), // Variation Selectors |
|
45
|
|
- 'pict' => array('1F300', '1F5FF'), // Miscellaneous Symbols and Pictographs |
|
46
|
|
- 'emot' => array('1F600', '1F64F'), // Emoticons |
|
47
|
|
- 'tran' => array('1F680', '1F6FF'), // Transport and Map Symbols |
|
48
|
|
- 'flag' => array('1F1E0', '1F1FF'), // Flags (note: may be 1F1E6 instead of 1F1E0) |
|
49
|
|
- 'supp' => array('1F900', '1F9FF'), // Supplemental Symbols and Pictographs |
|
|
41
|
+ 'misc' => array('2600', '26FF'), // Miscellaneous Symbols |
|
|
42
|
+ 'ding' => array('2700', '27BF'), // Dingbats |
|
|
43
|
+ '????' => array('9989', '9989'), // Variation Selectors |
|
|
44
|
+ 'vars' => array('FE00', 'FE0F'), // Variation Selectors |
|
|
45
|
+ 'pict' => array('1F300', '1F5FF'), // Miscellaneous Symbols and Pictographs |
|
|
46
|
+ 'emot' => array('1F600', '1F64F'), // Emoticons |
|
|
47
|
+ 'tran' => array('1F680', '1F6FF'), // Transport and Map Symbols |
|
|
48
|
+ 'flag' => array('1F1E0', '1F1FF'), // Flags (note: may be 1F1E6 instead of 1F1E0) |
|
|
49
|
+ 'supp' => array('1F900', '1F9FF'), // Supplemental Symbols and Pictographs |
|
50
|
50
|
); |
|
51
|
51
|
|
|
52
|
52
|
return $arrayofcommonemoji; |
|
@@ -108,7 +108,7 @@ discard block |
|
|
block discarded – undo |
|
108
|
108
|
//print "before decoding $val\n"; |
|
109
|
109
|
do { |
|
110
|
110
|
$oldval = $val; |
|
111
|
|
- $val = html_entity_decode($val, ENT_QUOTES | ENT_HTML5); // Decode ':', ''', '	', '&NewLine', ... |
|
|
111
|
+ $val = html_entity_decode($val, ENT_QUOTES | ENT_HTML5); // Decode ':', ''', '	', '&NewLine', ... |
|
112
|
112
|
// Sometimes we have entities without the ; at end so html_entity_decode does not work but entities is still interpreted by browser. |
|
113
|
113
|
$val = preg_replace_callback( |
|
114
|
114
|
'/&#(x?[0-9][0-9a-f]+;?)/i', |
|
@@ -116,7 +116,7 @@ discard block |
|
|
block discarded – undo |
|
116
|
116
|
* @param string[] $m |
|
117
|
117
|
* @return string |
|
118
|
118
|
*/ |
|
119
|
|
- static function ($m) { |
|
|
119
|
+ static function($m) { |
|
120
|
120
|
// Decode 'n', ... |
|
121
|
121
|
return realCharForNumericEntities($m); |
|
122
|
122
|
}, |
|
@@ -158,7 +158,7 @@ discard block |
|
|
block discarded – undo |
|
158
|
158
|
$inj += preg_match('/user[\/\*\s]*\(/i', $val); // avoid to use function user() or mysql_user() that return current database login |
|
159
|
159
|
$inj += preg_match('/information_schema/i', $val); // avoid to use request that read information_schema database |
|
160
|
160
|
$inj += preg_match('/<svg/i', $val); // <svg can be allowed in POST |
|
161
|
|
- $inj += preg_match('/update[^&=\w].*set.+=/i', $val); // the [^&=\w] test is to avoid error when request is like action=update&...set... or &updatemodule=...set... |
|
|
161
|
+ $inj += preg_match('/update[^&=\w].*set.+=/i', $val); // the [^&=\w] test is to avoid error when request is like action=update&...set... or &updatemodule=...set... |
|
162
|
162
|
$inj += preg_match('/union.+select/i', $val); |
|
163
|
163
|
} |
|
164
|
164
|
if ($type == 3) { |
Dolibarr /
dolibarr
