check all attribute names for validity

diff --git a/boot.php b/boot.php
index 0e9472c001521a7b80b8ab799f68d9cf848f1dc9..7d9337b2ed1aa0e8822746ddd59b1a3ae3a75e16 100644 (file)
--- a/boot.php
+++ b/boot.php
@@ -9,7 +9,7 @@ require_once('include/nav.php');
 require_once('include/cache.php');
 
 define ( 'FRIENDIKA_PLATFORM',     'Friendica');
-define ( 'FRIENDIKA_VERSION',      '2.3.1166' );
+define ( 'FRIENDIKA_VERSION',      '2.3.1167' );
 define ( 'DFRN_PROTOCOL_VERSION',  '2.22'    );
 define ( 'DB_UPDATE_VERSION',      1104      );
 

diff --git a/library/HTML5/TreeBuilder.php b/library/HTML5/TreeBuilder.php
index 10d446d1eacdfa3c38d145ceb599c28f015bc2fb..578e73682bbd67f08266fc465de735384558917e 100644 (file)
--- a/library/HTML5/TreeBuilder.php
+++ b/library/HTML5/TreeBuilder.php
@@ -3041,9 +3041,13 @@ class HTML5_TreeBuilder {
 
         if (!empty($token['attr'])) {
             foreach($token['attr'] as $attr) {
-                               // mike@macgirvin.com 2011-10-21, stray double quotes and/or numeric tags cause everything to abort
-                               $attr['name'] = str_replace('"','',$attr['name']);
-                if($attr['name'] && (!$el->hasAttribute($attr['name'])) && (! is_numeric($attr['name']))) {
+
+                               // mike@macgirvin.com 2011-11-17, check attribute name for
+                               // validity (ignoring extenders and combiners) as illegal chars in names
+                               // causes everything to abort
+
+                               $valid = preg_match('/^[a-zA-Z\_\:]([\-a-zA-Z0-9\_\:\.]+$)/',$attr['name'],$matches);
+                if($attr['name'] && (!$el->hasAttribute($attr['name'])) && ($valid)) {
                     $el->setAttribute($attr['name'], $attr['value']);
                 }
             }