Changeset 4248 for trunk/licqweb

Timestamp:

10/03/05 11:47:34 (3 years ago)

Author:

phatfil

Message:

fix kses input filtering on contacts nicks

Location:

trunk/licqweb

Files:

• push.php (modified) (1 diff)
• rms.php (modified) (2 diffs)

trunk/licqweb/push.php

@@ -118 +118 @@
         <response>
           <method>$method</method>
-          <result>$txt</result>
+          <result>" . kses($txt) . "</result>
         </response>
     ";

trunk/licqweb/rms.php

@@ -123 +123 @@
     // kses input filtering
     $allowed = array('b' => array(),
-                     'i' => array(),
-                     'a' => array('href' => 1, 'title' => 1),
-                     'p' => array('align' => 1),
-                     'br' => array(),
+                     'i' => array(),
+                     'a' => array('href' => 1, 'title' => 1),
+                     'p' => array('align' => 1),
+                     'br' => array(),
                      'font' => array('size' => 1, 'color' => 1, 'face' => 1)
-                     );
+                    );
     
     if (get_magic_quotes_gpc()) {
@@ -250 +250 @@
     }
     $nick = strrev($nick);
-    $nick = trim($nick);
+    $nick = kses(trim($nick));
 
     // Now we have a user, lets build a list struct then display the list