X-Git-Url: https://git.heureux-cyclage.org/?p=lhc%2Fweb%2Fwiklou.git;a=blobdiff_plain;f=includes%2Fparser%2FSanitizer.php;h=f76e3a9c5d85b18e18487206b992d9fe1c5d06d9;hp=abf071414b163a804596b2b2e3c2f17bad0f68b5;hb=214b37ff07f3fde89430297b2a857750a56ae205;hpb=b8c5ec5999af9a79e090a5052b949f7c3ac9c471

diff --git a/includes/parser/Sanitizer.php b/includes/parser/Sanitizer.php
index abf071414b..f76e3a9c5d 100644
--- a/includes/parser/Sanitizer.php
+++ b/includes/parser/Sanitizer.php
@@ -1073,6 +1073,7 @@ class Sanitizer {
 				| image\s*\(
 				| image-set\s*\(
 				| attr\s*\([^)]+[\s,]+url
+				| var\s*\(
 			!ix', $value ) ) {
 			return '/* insecure input */';
 		}