1
0

* [Security] Reject %0D/%0A in exit tracking and other places

(Issue )
This commit is contained in:
Garvin Hicking
2017-01-03 09:21:25 +01:00
parent edfc8bcff1
commit a48708021c
2 changed files with 4 additions and 1 deletions

@ -1023,7 +1023,7 @@ function serendipity_discover_rss($name, $ext) {
* @return boolean Return true on success, false on failure
*/
function serendipity_isResponseClean($d) {
return (strpos($d, "\r") === false && strpos($d, "\n") === false);
return (strpos($d, "\r") === false && strpos($d, "\n") === false && stripos($d, "%0A") === false && stripos($d, "%0D") === false);
}
/**