#1 Javascript bug

[simoncpu]

Hello there!

I'm writing this here to provide further details about that
bug I told earlier. The following code would produce a
valid Javascript code: :)

<a href="javajavascript:script\0:alert('simoncpu');">A
Bug!</a>

Inserting this at the beginning of the kses_bad_js()
function should do the trick:

$string = preg_replace('/\0*', '', $string);

BTW, does PHP automatically append a NULL at the end
of the string? Although this code works fine on my
system, I'm not sure if this is compatible with others.
We may need to manually terminate it.

Lastly, the filter.php example doesn't work on my
system, because $SCRIPT_NAME doesn't work. I'm using
a PHP Version 4.2.3, running on Windows XP, IIS 5.1,
BTW.

[ simon.cpu ]

[Ulf Harnhammar]

Logged In: YES
user_id=573278

Sure, I'll test your preg_replace() thing on my machine.

I think PHP treats NULLs more like Perl than C, so you can
have a NULL in the middle of a string and they're not
terminated by them.

SCRIPT_NAME is weird. Try $SERVER['SCRIPT_NAME'] and
$SERVER['PHP_SELF']. We could write filter.php instead, but
then it wouldn't work if someone would rename the script :)

I'm using Linux.

// metaur

[Ulf Harnhammar]

Logged In: YES
user_id=573278

Both the NULL bug and the $SCRIPT_NAME bug is fixed in
0.2.0.