leftypol
/
leftypol
4
5
Fork 2
Code Issues 57 Pull Requests 1 Projects Releases Wiki Activity
Browse Source

Improved IE MIME dtection XSS exploit regular expression

pull/40/head
Savetheinternet 13 years ago
parent
15f804bcff
commit
88a48c10d5
1 changed files with 1 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      inc/config.php

2
inc/config.php
View File

@ -549,7 +549,7 @@
$config['ipv6_ipv4'] = true; $config['ipv6_ipv4'] = true;
// Regular expression to check for IE MIME type detection XSS exploit. To disable, comment the line out // Regular expression to check for IE MIME type detection XSS exploit. To disable, comment the line out
// https://github.com/savetheinternet/Tinyboard/issues/20 // https://github.com/savetheinternet/Tinyboard/issues/20
$config['ie_mime_type_detection'] = '/<(?:body|head|html|img|plaintext|pre|script|table|title|a href|channel|scriptlet)/'; $config['ie_mime_type_detection'] = '/<(?:body|head|html|img|plaintext|pre|script|table|title|a href|channel|scriptlet)/i';
// Allowed image file extensions // Allowed image file extensions
$config['allowed_ext'] = Array('jpg', 'jpeg', 'bmp', 'gif', 'png'); $config['allowed_ext'] = Array('jpg', 'jpeg', 'bmp', 'gif', 'png');

Write Preview
Loading…
Cancel
Save