diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2019-04-27 13:21:55 +0200 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2019-04-27 13:21:55 +0200 |
| commit | 308dd49bb95b84345efb23e91ea03f9a91c5a2d4 (patch) | |
| tree | f0e676aaa4ef62ce79f08efb89d39b49b2728ba6 /phpBB/includes/functions_acp.php | |
| parent | 3075d2fecc9f5bb780bb478c0851a704c7f9b392 (diff) | |
| parent | f1c2e26f0af688240f915e3d8d2aab428f0ff76f (diff) | |
| download | forums-308dd49bb95b84345efb23e91ea03f9a91c5a2d4.tar forums-308dd49bb95b84345efb23e91ea03f9a91c5a2d4.tar.gz forums-308dd49bb95b84345efb23e91ea03f9a91c5a2d4.tar.bz2 forums-308dd49bb95b84345efb23e91ea03f9a91c5a2d4.tar.xz forums-308dd49bb95b84345efb23e91ea03f9a91c5a2d4.zip | |
Merge pull request #45 from phpbb/ticket/security/234
[ticket/security/234] Add URL validation for input fields & main site URL
Diffstat (limited to 'phpBB/includes/functions_acp.php')
| -rw-r--r-- | phpBB/includes/functions_acp.php | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/phpBB/includes/functions_acp.php b/phpBB/includes/functions_acp.php index 9b7491305c..dd326c3db6 100644 --- a/phpBB/includes/functions_acp.php +++ b/phpBB/includes/functions_acp.php @@ -419,7 +419,7 @@ function build_cfg_template($tpl_type, $key, &$new_ary, $config_key, $vars) */ function validate_config_vars($config_vars, &$cfg_array, &$error) { - global $phpbb_root_path, $user, $phpbb_dispatcher, $phpbb_filesystem; + global $phpbb_root_path, $user, $phpbb_dispatcher, $phpbb_filesystem, $language; $type = 0; $min = 1; @@ -442,6 +442,16 @@ function validate_config_vars($config_vars, &$cfg_array, &$error) // Validate a bit. ;) (0 = type, 1 = min, 2= max) switch ($validator[$type]) { + case 'url': + $cfg_array[$config_name] = trim($cfg_array[$config_name]); + + if (!empty($cfg_array[$config_name]) && !preg_match('#^' . get_preg_expression('url') . '$#iu', $cfg_array[$config_name])) + { + $error[] = $language->lang('URL_INVALID', $language->lang($config_definition['lang'])); + } + + // no break here + case 'string': $length = utf8_strlen($cfg_array[$config_name]); |