kashire/lainchan
4
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity

Improved IE MIME dtection XSS exploit regular expression

Browse Source
This commit is contained in:
Savetheinternet 2011-05-18 16:01:21 +10:00
parent 15f804bcff
commit 88a48c10d5
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
inc/config.php
View File

@ -549,7 +549,7 @@
$config['ipv6_ipv4'] = true; $config['ipv6_ipv4'] = true;
// Regular expression to check for IE MIME type detection XSS exploit. To disable, comment the line out // Regular expression to check for IE MIME type detection XSS exploit. To disable, comment the line out
// https://github.com/savetheinternet/Tinyboard/issues/20 // https://github.com/savetheinternet/Tinyboard/issues/20
$config['ie_mime_type_detection'] = '/<(?:body|head|html|img|plaintext|pre|script|table|title|a href|channel|scriptlet)/'; $config['ie_mime_type_detection'] = '/<(?:body|head|html|img|plaintext|pre|script|table|title|a href|channel|scriptlet)/i';
// Allowed image file extensions // Allowed image file extensions
$config['allowed_ext'] = Array('jpg', 'jpeg', 'bmp', 'gif', 'png'); $config['allowed_ext'] = Array('jpg', 'jpeg', 'bmp', 'gif', 'png');