Improved IE MIME dtection XSS exploit regular expression

This commit is contained in:
Savetheinternet 2011-05-18 16:01:21 +10:00
parent 15f804bcff
commit 88a48c10d5

View File

@ -549,7 +549,7 @@
$config['ipv6_ipv4'] = true; $config['ipv6_ipv4'] = true;
// Regular expression to check for IE MIME type detection XSS exploit. To disable, comment the line out // Regular expression to check for IE MIME type detection XSS exploit. To disable, comment the line out
// https://github.com/savetheinternet/Tinyboard/issues/20 // https://github.com/savetheinternet/Tinyboard/issues/20
$config['ie_mime_type_detection'] = '/<(?:body|head|html|img|plaintext|pre|script|table|title|a href|channel|scriptlet)/'; $config['ie_mime_type_detection'] = '/<(?:body|head|html|img|plaintext|pre|script|table|title|a href|channel|scriptlet)/i';
// Allowed image file extensions // Allowed image file extensions
$config['allowed_ext'] = Array('jpg', 'jpeg', 'bmp', 'gif', 'png'); $config['allowed_ext'] = Array('jpg', 'jpeg', 'bmp', 'gif', 'png');