Changeset 75105 in spip-zone

Timestamp:

Aug 29, 2013, 6:54:33 PM (8 years ago)

Author:

fil@…

Message:

supprimer ? et <, pas seulement <? (Michael Meyer)

File:

• _core_/securite/ecran_securite.php (modified) (2 diffs)

_core_/securite/ecran_securite.php

@@ -6 +6 @@
  */
 
-define('_ECRAN_SECURITE', '1.1.7'); // 24 mai 2013
+define('_ECRAN_SECURITE', '1.1.8'); // 2013-08-29
 
 /*
@@ -254 +254 @@
         AND
         // cas qui permettent de sortir d'un commentaire PHP
-        (strpos($_REQUEST['connect'], "?".">")!==false
+        (strpos($_REQUEST['connect'], "?")!==false
+         OR strpos($_REQUEST['connect'], ">")!==false
          OR strpos($_REQUEST['connect'], "\n")!==false
          OR strpos($_REQUEST['connect'], "\r")!==false)
         ) {
-        $_REQUEST['connect'] = str_replace(array("?".">", "\r", "\n"), "", $_REQUEST['connect']);
+        $_REQUEST['connect'] = str_replace(array("?", ">", "\r", "\n"), "", $_REQUEST['connect']);
         if (isset($_GET['connect'])) $_GET['connect'] = $_REQUEST['connect'];
         if (isset($_POST['connect'])) $_POST['connect'] = $_REQUEST['connect'];