mirror of
https://github.com/joomla/joomla-cms.git
synced 2024-06-28 16:13:42 +00:00
# Fixed [artf4976] : htaccess file instructions confusing users
* A4 - Secured SEF from XSS vulnerability git-svn-id: http://joomlacode.org/svn/joomla/development/trunk@4096 6f6e1ebd-4c2b-0410-823f-f34bde69bce9
This commit is contained in:
parent
d42e197b44
commit
93179befa3
21
htaccess.txt
21
htaccess.txt
|
@ -62,7 +62,8 @@ RewriteEngine On
|
|||
# RewriteBase /
|
||||
|
||||
|
||||
########## Begin Standard SEF Section
|
||||
########## Begin - Joomla! core SEF Section
|
||||
############# Use this section if using ONLY Joomla! core SEF
|
||||
## ALL (RewriteCond) lines in this section are only required if you actually
|
||||
## have directories named 'content' or 'component' on your server
|
||||
## If you do not have directories with these names, comment them out.
|
||||
|
@ -73,10 +74,12 @@ RewriteCond %{REQUEST_FILENAME} !-d
|
|||
RewriteCond %{REQUEST_URI} (/|\.htm|\.php|\.html|/[^.]*)$ [NC]
|
||||
RewriteRule ^(content/|component/) index.php
|
||||
#
|
||||
########## End Standard SEF Section
|
||||
########## End - Joomla! core SEF Section
|
||||
|
||||
|
||||
########## Begin 3rd Party or Core SEF Section
|
||||
|
||||
########## Begin - 3rd Party SEF Section
|
||||
############# Use this section if you are using a 3rd party (Non Joomla! core) SEF extension - e.g. OpenSEF, 404_SEF, 404SEFx, SEF Advance, etc
|
||||
#
|
||||
#RewriteCond %{REQUEST_URI} ^(/component/option,com) [NC,OR] ##optional - see notes##
|
||||
#RewriteCond %{REQUEST_URI} (/|\.htm|\.php|\.html|/[^.]*)$ [NC]
|
||||
|
@ -84,14 +87,4 @@ RewriteRule ^(content/|component/) index.php
|
|||
#RewriteCond %{REQUEST_FILENAME} !-d
|
||||
#RewriteRule (.*) index.php
|
||||
#
|
||||
########## End 3rd Party or Core SEF Section
|
||||
|
||||
########## Begin mbstring section
|
||||
## UNCOMMENT THE APPROPRIATE SETTING WHEN SETTINGS IN php.ini CAN'T BE CHANGED
|
||||
## THIS WILL PROVIDE LOCAL SETTINGS WITHOUT DISTURBING SITE DEFAULTS
|
||||
#
|
||||
# php_value mbstring.func_overload 0
|
||||
# php_value mbstring.language neutral
|
||||
#
|
||||
########## End mbstring section
|
||||
|
||||
########## End - 3rd Party SEF Section
|
|
@ -447,6 +447,8 @@ function sefRelToAbs( $string )
|
|||
if ( isset($url['query']) ) {
|
||||
// special handling for javascript
|
||||
$url['query'] = stripslashes( str_replace( '+', '%2b', $url['query'] ) );
|
||||
// clean possible xss attacks
|
||||
$url['query'] = preg_replace( "'%3Cscript[^%3E]*%3E.*?%3C/script%3E'si", '', $url['query'] );
|
||||
|
||||
// Initialize variables
|
||||
$parts = null;
|
||||
|
|
Loading…
Reference in New Issue
Block a user