diff options
| author | dougk_ff7 <dougk_ff7@users.sourceforge.net> | 2001-10-19 13:28:35 +0000 |
|---|---|---|
| committer | dougk_ff7 <dougk_ff7@users.sourceforge.net> | 2001-10-19 13:28:35 +0000 |
| commit | 2652a1aba9fc06b8e5fdfca558d5b07422b0982d (patch) | |
| tree | 155e36bbdced96d3562ff5e9d0b7246abb134ff6 | |
| parent | 43025a0dbb08d8ddea029b89f645dadc313d092d (diff) | |
| download | forums-2652a1aba9fc06b8e5fdfca558d5b07422b0982d.tar forums-2652a1aba9fc06b8e5fdfca558d5b07422b0982d.tar.gz forums-2652a1aba9fc06b8e5fdfca558d5b07422b0982d.tar.bz2 forums-2652a1aba9fc06b8e5fdfca558d5b07422b0982d.tar.xz forums-2652a1aba9fc06b8e5fdfca558d5b07422b0982d.zip | |
Removing traces of global announcements and also fixing a potential security hole in bbcode. Img-based javascript is now stripped. All images have to begin with http://
git-svn-id: file:///svn/phpbb/trunk@1238 89ea8834-ac86-4346-8a33-228a782c2dd0
| -rw-r--r-- | phpBB/db/mysql_basic.sql | 1 | ||||
| -rw-r--r-- | phpBB/includes/bbcode.php | 2 |
2 files changed, 1 insertions, 2 deletions
diff --git a/phpBB/db/mysql_basic.sql b/phpBB/db/mysql_basic.sql index 7dbf99abb9..62b01e4247 100644 --- a/phpBB/db/mysql_basic.sql +++ b/phpBB/db/mysql_basic.sql @@ -61,7 +61,6 @@ INSERT INTO phpbb_categories (cat_id, cat_title, cat_order) VALUES (1, 'Test cat # -- Forums INSERT INTO phpbb_forums (forum_id, forum_name, forum_desc, cat_id, forum_order, forum_posts, forum_topics, forum_last_post_id, auth_view, auth_read, auth_post, auth_reply, auth_edit, auth_delete, auth_announce, auth_sticky, auth_pollcreate, auth_vote, auth_attachments) VALUES (1, 'Test Forum 1', 'This is just a test forum.', 1, 1, 1, 1, 1, 0, 0, 0, 0, 1, 1, 3, 1, 1, 1, 3); -INSERT INTO phpbb_forums (forum_id, forum_name, forum_desc, cat_id, forum_order, forum_posts, forum_topics, forum_last_post_id, auth_view, auth_read, auth_post, auth_reply, auth_edit, auth_delete, auth_announce, auth_sticky, auth_pollcreate, auth_vote, auth_attachments) VALUES (-1, 'Global Announcements', 'This forum is required for the global announcements to function properly. DO NOT DELETE IT UNDER ANY CIRCUMSTANCES!', 6, 1, 1, 1, 1, 0, 0, 0, 0, 1, 1, 3, 1, 1, 1, 3); # -- Users INSERT INTO phpbb_users (user_id, username, user_level, user_regdate, user_password, user_autologin_key, user_email, user_icq, user_website, user_occ, user_from, user_interests, user_sig, user_viewemail, user_style, user_aim, user_yim, user_msnm, user_posts, user_attachsig, user_allowsmile, user_allowhtml, user_allowbbcode, user_allow_pm, user_notify_pm, user_allow_viewonline, user_rank, user_avatar, user_lang, user_timezone, user_dateformat, user_actkey, user_newpasswd, user_notify, user_active) VALUES ( '-1', 'Anonymous', '0', '', '', '', '', '', '', '', '', '', '', '0', '0', '', '', '', '', '', '', '', '0', '0', '1', '', '', '', '', '', '', '', '', '0', '0'); diff --git a/phpBB/includes/bbcode.php b/phpBB/includes/bbcode.php index 7b2d91da0f..e93158eaac 100644 --- a/phpBB/includes/bbcode.php +++ b/phpBB/includes/bbcode.php @@ -263,7 +263,7 @@ function bbencode_first_pass($text, $uid) $text = preg_replace("#\[i\](.*?)\[/i\]#si", "[i:$uid]\\1[/i:$uid]", $text); // [img]image_url_here[/img] code.. - $text = preg_replace("#\[img\](.*?)\[/img\]#si", "[img:$uid]\\1[/img:$uid]", $text); + $text = preg_replace("#\[img\](([a-z]+?)://([^, \n\r]+))\[/img\]#si", "[img:$uid]\\1[/img:$uid]", $text); // Remove our padding from the string.. $text = substr($text, 1); |