From 0a6219212383f1bef7a924373459f7cddda55ac1 Mon Sep 17 00:00:00 2001 From: tianya Date: Mon, 30 Dec 2024 22:27:08 +0800 Subject: [PATCH] =?UTF-8?q?CNVD-C-2024-690565=E9=97=AE=E9=A2=98=E4=BF=AE?= =?UTF-8?q?=E5=A4=8D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/system/helpers/filter.helper.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/system/helpers/filter.helper.php b/src/system/helpers/filter.helper.php index c7129858..6d07405e 100755 --- a/src/system/helpers/filter.helper.php +++ b/src/system/helpers/filter.helper.php @@ -24,6 +24,9 @@ if (!defined('DEDEINC')) exit ('dedebiz'); if (!function_exists('HtmlReplace')) { function HtmlReplace($str, $rptype = 0) { + if (!is_string($str)) { + return ''; + } $str = stripslashes($str); $str = preg_replace("/<[\/]{0,1}style([^>]*)>(.*)<\/style>/i", '', $str); if ($rptype == 0) { @@ -39,7 +42,8 @@ if (!function_exists('HtmlReplace')) { } else { $str = preg_replace("/[\r\n\t ]{1,}/", ' ', $str); $str = preg_replace('/script/i', 'script', $str); - $str = preg_replace("/<[\/]{0,1}(link|meta|ifr|fra)[^>]*>/i", '', $str); + $str = preg_replace("/<[\/]{0,1}(link|meta|iframe|frame|object|embed|form|input|button|textarea|select)[^>]*>/i", '', $str); + $str = preg_replace('/\son\w+\s*=\s*["\'][^"\']*["\']/i', '', $str); } return addslashes($str); }