[pLog-svn] r6822 - plog/branches/lifetype-1.2/class/data

jondaley at devel.lifetype.net jondaley at devel.lifetype.net
Sat Feb 21 15:19:52 EST 2009


Author: jondaley
Date: 2009-02-21 15:19:52 -0500 (Sat, 21 Feb 2009)
New Revision: 6822

Modified:
   plog/branches/lifetype-1.2/class/data/inputfilter.class.php
Log:
allow = signs inside values

Modified: plog/branches/lifetype-1.2/class/data/inputfilter.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/data/inputfilter.class.php	2009-02-21 19:56:23 UTC (rev 6821)
+++ plog/branches/lifetype-1.2/class/data/inputfilter.class.php	2009-02-21 20:19:52 UTC (rev 6822)
@@ -196,10 +196,20 @@
 		for ($i = 0; $i <count($attrSet); $i++) {
 			// skip blank spaces in tag
 			if (!$attrSet[$i]) continue;
-			// split into attr name and value
-			$attrSubSet = explode('=', trim($attrSet[$i]));
+                // split into attr name and value
+                // jondaley/lifetype, this added bit allows '=' to be inside the value,
+                // ex. name="FlashVars" value="file=blahblah&height=20"
+            $attr = trim($attrSet[$i]);
+            $equals = strpos($attr, "=");
+            if($equals !== false){
+                $attrSubSet = array(substr($attr, 0, $equals), substr($attr, $equals+1));
+            }
+            else{
+                $attrSubSet = array($attr);
+            }                
 			list($attrSubSet[0]) = explode(' ', $attrSubSet[0]);
-			// removes all "non-regular" attr names AND also attr blacklisted
+
+                // removes all "non-regular" attr names AND also attr blacklisted
 			if ((!eregi("^[a-z]*$",$attrSubSet[0])) || (($this->xssAuto) && ((in_array(strtolower($attrSubSet[0]), $this->attrBlacklist)) || (substr($attrSubSet[0], 0, 2) == 'on')))) 
 				continue;
 			// xss attr value filtering



More information about the pLog-svn mailing list