aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--boot.php2
-rw-r--r--library/HTML5/TreeBuilder.php10
2 files changed, 8 insertions, 4 deletions
diff --git a/boot.php b/boot.php
index 0e9472c00..7d9337b2e 100644
--- a/boot.php
+++ b/boot.php
@@ -9,7 +9,7 @@ require_once('include/nav.php');
require_once('include/cache.php');
define ( 'FRIENDIKA_PLATFORM', 'Friendica');
-define ( 'FRIENDIKA_VERSION', '2.3.1166' );
+define ( 'FRIENDIKA_VERSION', '2.3.1167' );
define ( 'DFRN_PROTOCOL_VERSION', '2.22' );
define ( 'DB_UPDATE_VERSION', 1104 );
diff --git a/library/HTML5/TreeBuilder.php b/library/HTML5/TreeBuilder.php
index 10d446d1e..578e73682 100644
--- a/library/HTML5/TreeBuilder.php
+++ b/library/HTML5/TreeBuilder.php
@@ -3041,9 +3041,13 @@ class HTML5_TreeBuilder {
if (!empty($token['attr'])) {
foreach($token['attr'] as $attr) {
- // mike@macgirvin.com 2011-10-21, stray double quotes and/or numeric tags cause everything to abort
- $attr['name'] = str_replace('"','',$attr['name']);
- if($attr['name'] && (!$el->hasAttribute($attr['name'])) && (! is_numeric($attr['name']))) {
+
+ // mike@macgirvin.com 2011-11-17, check attribute name for
+ // validity (ignoring extenders and combiners) as illegal chars in names
+ // causes everything to abort
+
+ $valid = preg_match('/^[a-zA-Z\_\:]([\-a-zA-Z0-9\_\:\.]+$)/',$attr['name'],$matches);
+ if($attr['name'] && (!$el->hasAttribute($attr['name'])) && ($valid)) {
$el->setAttribute($attr['name'], $attr['value']);
}
}