|
@@ 2573-2579 (lines=7) @@
|
| 2570 |
|
|
| 2571 |
|
// replace style-attribute, first (if needed) |
| 2572 |
|
if (in_array('style', $this->_evil_attributes, true)) { |
| 2573 |
|
do { |
| 2574 |
|
$count = $temp_count = 0; |
| 2575 |
|
|
| 2576 |
|
$str = preg_replace('/(<[^>]+)(?<!\w)(style="(:?[^"]*?)"|style=\'(:?[^\']*?)\')/i', '$1' . $this->_replacement, $str, -1, $temp_count); |
| 2577 |
|
$count += $temp_count; |
| 2578 |
|
|
| 2579 |
|
} while ($count); |
| 2580 |
|
} |
| 2581 |
|
|
| 2582 |
|
do { |
|
@@ 2582-2589 (lines=8) @@
|
| 2579 |
|
} while ($count); |
| 2580 |
|
} |
| 2581 |
|
|
| 2582 |
|
do { |
| 2583 |
|
$count = $temp_count = 0; |
| 2584 |
|
|
| 2585 |
|
// find occurrences of illegal attribute strings with and without quotes (042 ["] and 047 ['] are octal quotes) |
| 2586 |
|
$str = preg_replace('/(<[^>]+)(?<!\w)(' . $evil_attributes_string . ')\s*=\s*(?:(?:"|\042|\'|\047)(?:[^\\2]*?)(?:\\2)|[^\s>]*)/is', '$1' . $this->_replacement, $str, -1, $temp_count); |
| 2587 |
|
$count += $temp_count; |
| 2588 |
|
|
| 2589 |
|
} while ($count); |
| 2590 |
|
|
| 2591 |
|
return (string)$str; |
| 2592 |
|
} |
nilsteampassnet /
TeamPass
