MDL-17637 fixed adobe XSS protection

diff --git a/lib/weblib.php b/lib/weblib.php
index 7b5c7c0e8675db9ac1bcd0470cf32158e251a4b4..313132cb5cb45f7e7be74ad668fba81999b6c148 100644 (file)
--- a/lib/weblib.php
+++ b/lib/weblib.php
@@ -2007,7 +2007,7 @@ function cleanAttributes2($htmlArray){
             $arreach['value'] = preg_replace("/b\s*i\s*n\s*d\s*i\s*n\s*g/i", "Xbinding", $arreach['value']);
         } else if ($arreach['name'] == 'href') {
             //Adobe Acrobat Reader XSS protection
-            $arreach['value'] = preg_replace('/(\.(pdf|fdf|xfdf|xdp|xfd))[^a-z0-9_\.\-].*$/i', '$1', $arreach['value']);
+            $arreach['value'] = preg_replace('/(\.(pdf|fdf|xfdf|xdp|xfd)[^#]*)#.*$/i', '$1', $arreach['value']);
         }
         $attStr .=  ' '.$arreach['name'].'="'.$arreach['value'].'"';
     }