dépôts
/
lhc
/
web
/
wiklou.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Merge "registration: Allow custom prefixes for configuration settings"
[lhc/web/wiklou.git]
/
includes
/
Sanitizer.php
diff --git
a/includes/Sanitizer.php
b/includes/Sanitizer.php
index
e8f06c4
..
8179905
100644
(file)
--- a/
includes/Sanitizer.php
+++ b/
includes/Sanitizer.php
@@
-346,12
+346,9
@@
class Sanitizer {
($space*=$space*
(?:
# The attribute value: quoted or alone
($space*=$space*
(?:
# The attribute value: quoted or alone
- \"([^<\"]*)
\"
- | '([^<']*)
'
+ \"([^<\"]*)
(?:\"|\$)
+ | '([^<']*)
(?:'|\$)
| ([a-zA-Z0-9!#$%&()*,\\-.\\/:;<>?@[\\]^_`{|}~]+)
| ([a-zA-Z0-9!#$%&()*,\\-.\\/:;<>?@[\\]^_`{|}~]+)
- | (\#[0-9a-fA-F]+) # Technically wrong, but lots of
- # colors are specified like this.
- # We'll be normalizing it.
)
)?(?=$space|\$)/sx";
}
)
)?(?=$space|\$)/sx";
}
@@
-1264,10
+1261,7
@@
class Sanitizer {
* @return string
*/
private static function getTagAttributeCallback( $set ) {
* @return string
*/
private static function getTagAttributeCallback( $set ) {
- if ( isset( $set[6] ) ) {
- # Illegal #XXXXXX color with no quotes.
- return $set[6];
- } elseif ( isset( $set[5] ) ) {
+ if ( isset( $set[5] ) ) {
# No quotes.
return $set[5];
} elseif ( isset( $set[4] ) ) {
# No quotes.
return $set[5];
} elseif ( isset( $set[4] ) ) {
@@
-1815,7
+1809,7
@@
class Sanitizer {
$host = preg_replace( $strip, '', $host );
// IPv6 host names are bracketed with []. Url-decode these.
$host = preg_replace( $strip, '', $host );
// IPv6 host names are bracketed with []. Url-decode these.
- if ( substr_compare( "//%5B", $host, 0, 5 ) === 0 && preg_match( '!^//%5B(
.*?
)%5D((:\d+)?)$!', $host, $matches ) ) {
+ if ( substr_compare( "//%5B", $host, 0, 5 ) === 0 && preg_match( '!^//%5B(
[0-9A-Fa-f:.]+
)%5D((:\d+)?)$!', $host, $matches ) ) {
$host = '//[' . $matches[1] . ']' . $matches[2];
}
$host = '//[' . $matches[1] . ']' . $matches[2];
}