Fixed bug #10759: RemoveXSS is incompatible with PHP >= 5.2.8
authorSteffen Kamper <info@sk-typo3.de>
Mon, 20 Apr 2009 08:48:40 +0000 (08:48 +0000)
committerSteffen Kamper <info@sk-typo3.de>
Mon, 20 Apr 2009 08:48:40 +0000 (08:48 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/branches/TYPO3_4-2@5330 709f56b5-9817-0410-a4d7-c38de5d9e867

ChangeLog
t3lib/class.t3lib_div.php
typo3/contrib/RemoveXSS/RemoveXSS.php

index ff074e8..af9c4b3 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2009-04-16  Steffen Kamper  <info@sk-typo3.de>
+
+       * Fixed bug #10759: RemoveXSS is incompatible with PHP >= 5.2.8
+
 2009-04-17  Christian Kuhn  <lolli@schwarzbu.ch>
 
        * Fixed bug #2178: template::getTabMenu doubles ampersands (thanks to Stefano Kowalke)
index d2a6915..fe6caf3 100755 (executable)
@@ -390,7 +390,7 @@ final class t3lib_div {
         */
        public function removeXSS($string)      {
                require_once(PATH_typo3.'contrib/RemoveXSS/RemoveXSS.php');
-               $string = RemoveXSS::RemoveXSS($string);
+               $string = RemoveXSS::process($string);
                return $string;
        }
 
index ca48f3b..d7151c2 100644 (file)
  * @package RemoveXSS
  */
 class RemoveXSS {
-
+       
+       /**
+        * Removes potential XSS code from an input string.
+        * Wrapper for RemoveXSS::process().
+        *
+        * Using an external class by Travis Puderbaugh <kallahar@quickwired.com>
+        *
+        * @param       string          Input string
+        * @param       string          replaceString for inserting in keywords (which destroyes the tags)
+        * @return      string          Input string with potential XSS code removed
+        */
+       public function RemoveXSS($val) {
+               return self::process($val);
+       }
+       
        /**
         * Wrapper for the RemoveXSS function.
         * Removes potential XSS code from an input string.
@@ -30,7 +44,7 @@ class RemoveXSS {
         * @param       string          Input string
         * @return      string          Input string with potential XSS code removed
         */
-       function RemoveXSS($val)        {
+       function process($val)  {
                // remove all non-printable characters. CR(0a) and LF(0b) and TAB(9) are allowed
                // this prevents some character re-spacing such as <java\0script>
                // note that you have to handle splits with \n, \r, and \t later since they *are* allowed in some inputs