Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

#105031: Allow both upper and lower case for allowed protocols in XSS checks.

6.x
Steven Wittens 2007-03-12 01:34:28 +00:00
parent d9ece0d575
commit 80646ca6c8
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
modules/filter/filter.module
View File

@ -1475,8 +1475,9 @@ function filter_xss_bad_protocol($string, $decode = TRUE) {
if (preg_match('![/?#]!', $protocol)) {
break;
}
// Per RFC2616, section 3.2.3 (URI Comparison) scheme comparison must be case-insensitive
// Check if this is a disallowed protocol.
if (!isset($allowed_protocols[$protocol])) {
if (!isset($allowed_protocols[strtolower($protocol)])) {
$string = substr($string, $colonpos + 1);
}
}