Makes check for script tag case insensitive

picandocodigo · Dec 18, 2024 · e646bb2 · e646bb2
1 parent a61728a
commit e646bb2
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/include/lcp-wrapper.php b/include/lcp-wrapper.php
@@ -35,7 +35,7 @@ private function assign_style($info, $tag = null, $css_class = null){
     # e.g. If a post has this excerpt: alert(/XSS/) another post could use:
     # [catlist excerpt_tag='script' excerpt=yes]
     # and the XSS would be triggered.
-    if ( !empty( $tag ) && tag_escape( $tag ) == 'script' ) {
+    if ( !empty( $tag ) && strtolower( tag_escape( $tag ) ) == 'script' ) {
       $tag = null;
     }
     if (!empty($info)):