diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2019-04-14 14:07:22 +0200 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2019-04-14 14:07:22 +0200 |
| commit | 84ea5d71481c450dfe1f4a70a10877d4469c1329 (patch) | |
| tree | e75869c4e3b1517c9210886dad10f95a4c151d43 /phpBB/includes/functions_acp.php | |
| parent | 507efee633fee769e7e2af4a2b298c951193f800 (diff) | |
| download | forums-84ea5d71481c450dfe1f4a70a10877d4469c1329.tar forums-84ea5d71481c450dfe1f4a70a10877d4469c1329.tar.gz forums-84ea5d71481c450dfe1f4a70a10877d4469c1329.tar.bz2 forums-84ea5d71481c450dfe1f4a70a10877d4469c1329.tar.xz forums-84ea5d71481c450dfe1f4a70a10877d4469c1329.zip | |
[ticket/security/234] Add URL validation for input fields
SECURITY-234
Diffstat (limited to 'phpBB/includes/functions_acp.php')
| -rw-r--r-- | phpBB/includes/functions_acp.php | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/phpBB/includes/functions_acp.php b/phpBB/includes/functions_acp.php index 9b7491305c..dd326c3db6 100644 --- a/phpBB/includes/functions_acp.php +++ b/phpBB/includes/functions_acp.php @@ -419,7 +419,7 @@ function build_cfg_template($tpl_type, $key, &$new_ary, $config_key, $vars) */ function validate_config_vars($config_vars, &$cfg_array, &$error) { - global $phpbb_root_path, $user, $phpbb_dispatcher, $phpbb_filesystem; + global $phpbb_root_path, $user, $phpbb_dispatcher, $phpbb_filesystem, $language; $type = 0; $min = 1; @@ -442,6 +442,16 @@ function validate_config_vars($config_vars, &$cfg_array, &$error) // Validate a bit. ;) (0 = type, 1 = min, 2= max) switch ($validator[$type]) { + case 'url': + $cfg_array[$config_name] = trim($cfg_array[$config_name]); + + if (!empty($cfg_array[$config_name]) && !preg_match('#^' . get_preg_expression('url') . '$#iu', $cfg_array[$config_name])) + { + $error[] = $language->lang('URL_INVALID', $language->lang($config_definition['lang'])); + } + + // no break here + case 'string': $length = utf8_strlen($cfg_array[$config_name]); |