From 5d680986af4379f55eab5eb3a2421d1ed34285f8 Mon Sep 17 00:00:00 2001
From: Fil <fil@rezo.net>
Date: Fri, 16 Sep 2005 23:41:52 +0000
Subject: [PATCH] amelioration de interdire_script pour eviter les hacks par
 "base href" (Stephane Laurent)

---
 ecrire/inc_texte.php3 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ecrire/inc_texte.php3 b/ecrire/inc_texte.php3
index 4bef547622..98fc1c4c8c 100644
--- a/ecrire/inc_texte.php3
+++ b/ecrire/inc_texte.php3
@@ -380,7 +380,7 @@ function couper_intro($texte, $long) {
 
 // Securite : empecher l'execution de code PHP
 function interdire_scripts($source) {
-	$source = preg_replace(",<(\%|\?|([[:space:]]*)script),", "&lt;\\1", $source);
+	$source = preg_replace(",<(\%|\?|[[:space:]]*(script|base)),ims", "&lt;\\1", $source);
 	return $source;
 }
 
-- 
GitLab