diff options
| -rw-r--r-- | phpBB/docs/CHANGELOG.html | 2 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_pm_compose.php | 4 | ||||
| -rw-r--r-- | phpBB/posting.php | 4 |
3 files changed, 5 insertions, 5 deletions
diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index 155707a97f..8260477494 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -284,7 +284,7 @@ p a { <li>[Feature] Ability to externally set $phpbb_root_path if wrapping phpBB3 by defining constant PHPBB_ROOT_PATH</li> <li>[Fix] Implemented correct left/right floating within ACP in regard to RTL languages (Bug #13777)</li> <li>[Fix] Fixing session problems when using MySQL strict mode in conjunction with very long browser agent string (Bug #13827)</li> - + <li>[Fix] Disallow post/pm subjects entirely made up from non-printable chars and whitespaces (Bug #13800)</li> </ul> </div> diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index 56a11afe33..e81c572ddf 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -481,7 +481,7 @@ function compose_pm($id, $mode, $action) } else { - if (!$subject) + if (!$subject || !utf8_clean_string($subject)) { $error[] = $user->lang['EMPTY_MESSAGE_SUBJECT']; } @@ -583,7 +583,7 @@ function compose_pm($id, $mode, $action) // Subject defined if ($submit) { - if (!$subject) + if (!$subject || !utf8_clean_string($subject)) { $error[] = $user->lang['EMPTY_MESSAGE_SUBJECT']; } diff --git a/phpBB/posting.php b/phpBB/posting.php index 7fa97be4c5..c2712009a1 100644 --- a/phpBB/posting.php +++ b/phpBB/posting.php @@ -512,7 +512,7 @@ if ($save && $user->data['is_registered'] && $auth->acl_get('u_savedrafts') && ( } else { - if (!$subject) + if (!$subject || !utf_clean_string($subject)) { $error[] = $user->lang['EMPTY_SUBJECT']; } @@ -756,7 +756,7 @@ if ($submit || $preview || $refresh) } // Parse subject - if (!$preview && !$refresh && !$post_data['post_subject'] && ($mode == 'post' || ($mode == 'edit' && $post_data['topic_first_post_id'] == $post_id))) + if (!$preview && !$refresh && !utf8_clean_string($post_data['post_subject']) && ($mode == 'post' || ($mode == 'edit' && $post_data['topic_first_post_id'] == $post_id))) { $error[] = $user->lang['EMPTY_SUBJECT']; } |