25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-11-26 16:26:24 +01:00

Merge 1879 from trunk.

* src/mod_muc/mod_muc_log.erl: Prevent XSS in MUC logs by
linkifying only a few known protocols (EJAB-850)

SVN Revision: 1945
This commit is contained in:
Badlop 2009-03-03 19:03:56 +00:00
parent f0c0b2230a
commit fe297e1dea
2 changed files with 5 additions and 1 deletions

View File

@ -1,5 +1,8 @@
2009-03-03 Badlop <badlop@process-one.net> 2009-03-03 Badlop <badlop@process-one.net>
* src/mod_muc/mod_muc_log.erl: Prevent XSS in MUC logs by
linkifying only a few known protocols (EJAB-850)
* src/mod_muc/mod_muc.erl: Export function to create MUC * src/mod_muc/mod_muc.erl: Export function to create MUC
room (thanks to Eric Cestari) (EJAB-729) room (thanks to Eric Cestari) (EJAB-729)

View File

@ -767,7 +767,8 @@ htmlize2(S1, NoFollow) ->
S2 = element(2, regexp:gsub(S1, "\\&", "\\&amp;")), S2 = element(2, regexp:gsub(S1, "\\&", "\\&amp;")),
S3 = element(2, regexp:gsub(S2, "<", "\\&lt;")), S3 = element(2, regexp:gsub(S2, "<", "\\&lt;")),
S4 = element(2, regexp:gsub(S3, ">", "\\&gt;")), S4 = element(2, regexp:gsub(S3, ">", "\\&gt;")),
S5 = element(2, regexp:gsub(S4, "[-+.a-zA-Z0-9]+://[^] )\'\"}]+", link_regexp(NoFollow))), S5 = element(2, regexp:gsub(S4, "(http|https|ftp|mailto|xmpp)://[^] )\'\"}]+",
link_regexp(NoFollow))),
%% Remove 'right-to-left override' unicode character 0x202e %% Remove 'right-to-left override' unicode character 0x202e
element(2, regexp:gsub(S5, [226,128,174], "[RLO]")). element(2, regexp:gsub(S5, [226,128,174], "[RLO]")).