%PDF- %PDF-
Direktori : /home/bitrix/www/bitrix/modules/main/tools/ |
Current File : /home/bitrix/www/bitrix/modules/main/tools/imagepg.php |
<? //This function will protect against utf-7 xss //on page with no character setting function htmlspecialchars_plus($str) { return str_replace("+","+", htmlspecialchars($str)); } if(!isset($_GET["img"]) || !is_string($_GET["img"])) die(); if(isset($_GET["alt"]) && is_string($_GET["alt"])) $alt = htmlspecialchars_plus($_GET["alt"]); else $alt = ""; $img = $_GET["img"]; if(substr($img, 0, 1) !== "/" && strtolower(substr($img, 0, 4) !== "http")) $img = "/".$img; // some browsers run javascript: in img src tag ?> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <script language="JavaScript"> <!-- function KeyPress() { if(window.event.keyCode == 27) window.close(); } //--> </script> <style type="text/css"> <!-- body {margin-left:0; margin-top:0; margin-right:0; margin-bottom:0;} --> </style> <title><?echo $alt?></title></head> <body topmargin="0" leftmargin="0" marginwidth="0" marginheight="0" onKeyPress="KeyPress()"> <img src="<?echo htmlspecialchars_plus($img)?>" border="0" alt="<?echo $alt?>"> </body> </html>