diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2017-12-31 16:37:58 +0100 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2017-12-31 16:37:58 +0100 |
| commit | 7dfd57077a31d67dc18af9802f826da6b015d8fe (patch) | |
| tree | 8e4c820119186dbb54bafc54ec755f35e9ccb21d /phpBB/phpbb | |
| parent | 92350db572f3814630f5bb6e609d503ffd2c4bd5 (diff) | |
| parent | 342a7cbd55829283663ad6ba29f924eeb53fca38 (diff) | |
| download | forums-7dfd57077a31d67dc18af9802f826da6b015d8fe.tar forums-7dfd57077a31d67dc18af9802f826da6b015d8fe.tar.gz forums-7dfd57077a31d67dc18af9802f826da6b015d8fe.tar.bz2 forums-7dfd57077a31d67dc18af9802f826da6b015d8fe.tar.xz forums-7dfd57077a31d67dc18af9802f826da6b015d8fe.zip | |
Merge pull request #40 from phpbb/ticket/security/211
[ticket/security/211] Make sure website URL only uses http & https schemes
Diffstat (limited to 'phpBB/phpbb')
| -rw-r--r-- | phpBB/phpbb/profilefields/type/type_url.php | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/phpBB/phpbb/profilefields/type/type_url.php b/phpBB/phpbb/profilefields/type/type_url.php index 375cf5b19a..37815b66a5 100644 --- a/phpBB/phpbb/profilefields/type/type_url.php +++ b/phpBB/phpbb/profilefields/type/type_url.php @@ -64,11 +64,24 @@ class type_url extends type_string return false; } - if (!preg_match('#^' . get_preg_expression('url') . '$#iu', $field_value)) + if (!preg_match('#^' . get_preg_expression('url_http') . '$#iu', $field_value)) { return $this->user->lang('FIELD_INVALID_URL', $this->get_field_name($field_data['lang_name'])); } return false; } + + /** + * {@inheritDoc} + */ + public function get_profile_value($field_value, $field_data) + { + if (!preg_match('#^' . get_preg_expression('url_http') . '$#iu', $field_value)) + { + return null; + } + + return parent::get_profile_value($field_value, $field_data); + } } |