Improved IE MIME dtection XSS exploit regular expression
This commit is contained in:
parent
15f804bcff
commit
88a48c10d5
@ -549,7 +549,7 @@
|
|||||||
$config['ipv6_ipv4'] = true;
|
$config['ipv6_ipv4'] = true;
|
||||||
// Regular expression to check for IE MIME type detection XSS exploit. To disable, comment the line out
|
// Regular expression to check for IE MIME type detection XSS exploit. To disable, comment the line out
|
||||||
// https://github.com/savetheinternet/Tinyboard/issues/20
|
// https://github.com/savetheinternet/Tinyboard/issues/20
|
||||||
$config['ie_mime_type_detection'] = '/<(?:body|head|html|img|plaintext|pre|script|table|title|a href|channel|scriptlet)/';
|
$config['ie_mime_type_detection'] = '/<(?:body|head|html|img|plaintext|pre|script|table|title|a href|channel|scriptlet)/i';
|
||||||
|
|
||||||
// Allowed image file extensions
|
// Allowed image file extensions
|
||||||
$config['allowed_ext'] = Array('jpg', 'jpeg', 'bmp', 'gif', 'png');
|
$config['allowed_ext'] = Array('jpg', 'jpeg', 'bmp', 'gif', 'png');
|
||||||
|
Loading…
Reference in New Issue
Block a user