From 920337d1d074bae99e9f4ca00b84d19baa495718 Mon Sep 17 00:00:00 2001
From: skodak <skodak>
Date: Mon, 29 Dec 2008 21:18:02 +0000
Subject: [PATCH] MDL-17637 fixed adobe XSS protection

---
 lib/weblib.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/weblib.php b/lib/weblib.php
index 7b5c7c0e86..313132cb5c 100644
--- a/lib/weblib.php
+++ b/lib/weblib.php
@@ -2007,7 +2007,7 @@ function cleanAttributes2($htmlArray){
             $arreach['value'] = preg_replace("/b\s*i\s*n\s*d\s*i\s*n\s*g/i", "Xbinding", $arreach['value']);
         } else if ($arreach['name'] == 'href') {
             //Adobe Acrobat Reader XSS protection
-            $arreach['value'] = preg_replace('/(\.(pdf|fdf|xfdf|xdp|xfd))[^a-z0-9_\.\-].*$/i', '$1', $arreach['value']);
+            $arreach['value'] = preg_replace('/(\.(pdf|fdf|xfdf|xdp|xfd)[^#]*)#.*$/i', '$1', $arreach['value']);
         }
         $attStr .=  ' '.$arreach['name'].'="'.$arreach['value'].'"';
     }
-- 
2.39.5