diff options
| author | JoshyPHP <s9e.dev@gmail.com> | 2017-04-07 08:49:56 +0200 |
|---|---|---|
| committer | Tristan Darricau <github@nicofuma.fr> | 2017-04-18 23:33:35 +0200 |
| commit | ddcd0f243791ea64373b53f077689df0c46c713a (patch) | |
| tree | 363baf97112521a4c1779281282dece0f6001edc | |
| parent | d4f0c79b565f558180225027039ec6494131f85e (diff) | |
| download | forums-ddcd0f243791ea64373b53f077689df0c46c713a.tar forums-ddcd0f243791ea64373b53f077689df0c46c713a.tar.gz forums-ddcd0f243791ea64373b53f077689df0c46c713a.tar.bz2 forums-ddcd0f243791ea64373b53f077689df0c46c713a.tar.xz forums-ddcd0f243791ea64373b53f077689df0c46c713a.zip | |
[ticket/15163] Escape curly braces in smilies HTML attributes
PHPBB3-15163
| -rw-r--r-- | phpBB/phpbb/textformatter/s9e/factory.php | 16 | ||||
| -rw-r--r-- | tests/text_processing/tickets_data/PHPBB3-15163.html | 1 | ||||
| -rw-r--r-- | tests/text_processing/tickets_data/PHPBB3-15163.txt | 1 | ||||
| -rw-r--r-- | tests/text_processing/tickets_data/PHPBB3-15163.xml | 23 |
4 files changed, 40 insertions, 1 deletions
diff --git a/phpBB/phpbb/textformatter/s9e/factory.php b/phpBB/phpbb/textformatter/s9e/factory.php index 5cbf2712f7..7719ce5afa 100644 --- a/phpBB/phpbb/textformatter/s9e/factory.php +++ b/phpBB/phpbb/textformatter/s9e/factory.php @@ -311,7 +311,7 @@ class factory implements \phpbb\textformatter\cache_interface { $configurator->Emoticons->set( $row['code'], - '<img class="smilies" src="{$T_SMILIES_PATH}/' . htmlspecialchars($row['smiley_url']) . '" width="' . $row['smiley_width'] . '" height="' . $row['smiley_height'] . '" alt="{.}" title="' . htmlspecialchars($row['emotion']) . '"/>' + '<img class="smilies" src="{$T_SMILIES_PATH}/' . $this->escape_html_attribute($row['smiley_url']) . '" width="' . $row['smiley_width'] . '" height="' . $row['smiley_height'] . '" alt="{.}" title="' . $this->escape_html_attribute($row['emotion']) . '"/>' ); } @@ -442,6 +442,20 @@ class factory implements \phpbb\textformatter\cache_interface } /** + * Escape a literal to be used in an HTML attribute in an XSL template + * + * Escapes "HTML special chars" for obvious reasons and curly braces to avoid them + * being interpreted as an attribute value template + * + * @param string $value Original string + * @return string Escaped string + */ + protected function escape_html_attribute($value) + { + return htmlspecialchars(strtr($value, ['{' => '{{', '}' => '}}']), ENT_COMPAT | ENT_XML1, 'UTF-8'); + } + + /** * Return the default BBCodes configuration * * @return array 2D array. Each element has a 'usage' key, a 'template' key, and an optional 'options' key diff --git a/tests/text_processing/tickets_data/PHPBB3-15163.html b/tests/text_processing/tickets_data/PHPBB3-15163.html new file mode 100644 index 0000000000..a1af10187c --- /dev/null +++ b/tests/text_processing/tickets_data/PHPBB3-15163.html @@ -0,0 +1 @@ +<img class="smilies" src="phpBB/images/smilies/icon_lol.gif" width="15" height="17" alt="--{E" title="--{E">
\ No newline at end of file diff --git a/tests/text_processing/tickets_data/PHPBB3-15163.txt b/tests/text_processing/tickets_data/PHPBB3-15163.txt new file mode 100644 index 0000000000..126402d66a --- /dev/null +++ b/tests/text_processing/tickets_data/PHPBB3-15163.txt @@ -0,0 +1 @@ +--{E
\ No newline at end of file diff --git a/tests/text_processing/tickets_data/PHPBB3-15163.xml b/tests/text_processing/tickets_data/PHPBB3-15163.xml new file mode 100644 index 0000000000..f3e04c230f --- /dev/null +++ b/tests/text_processing/tickets_data/PHPBB3-15163.xml @@ -0,0 +1,23 @@ +<?xml version="1.0" encoding="UTF-8" ?> +<dataset> + <table name="phpbb_smilies"> + <column>smiley_id</column> + <column>code</column> + <column>emotion</column> + <column>smiley_url</column> + <column>smiley_width</column> + <column>smiley_height</column> + <column>smiley_order</column> + <column>display_on_posting</column> + <row> + <value>1</value> + <value>--{E</value> + <value>--{E</value> + <value>icon_lol.gif</value> + <value>15</value> + <value>17</value> + <value>22</value> + <value>1</value> + </row> + </table> +</dataset> |