diff options
| author | dougk_ff7 <dougk_ff7@users.sourceforge.net> | 2001-10-19 13:28:35 +0000 |
|---|---|---|
| committer | dougk_ff7 <dougk_ff7@users.sourceforge.net> | 2001-10-19 13:28:35 +0000 |
| commit | 2652a1aba9fc06b8e5fdfca558d5b07422b0982d (patch) | |
| tree | 155e36bbdced96d3562ff5e9d0b7246abb134ff6 /phpBB/includes/bbcode.php | |
| parent | 43025a0dbb08d8ddea029b89f645dadc313d092d (diff) | |
| download | forums-2652a1aba9fc06b8e5fdfca558d5b07422b0982d.tar forums-2652a1aba9fc06b8e5fdfca558d5b07422b0982d.tar.gz forums-2652a1aba9fc06b8e5fdfca558d5b07422b0982d.tar.bz2 forums-2652a1aba9fc06b8e5fdfca558d5b07422b0982d.tar.xz forums-2652a1aba9fc06b8e5fdfca558d5b07422b0982d.zip | |
Removing traces of global announcements and also fixing a potential security hole in bbcode. Img-based javascript is now stripped. All images have to begin with http://
git-svn-id: file:///svn/phpbb/trunk@1238 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes/bbcode.php')
| -rw-r--r-- | phpBB/includes/bbcode.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/phpBB/includes/bbcode.php b/phpBB/includes/bbcode.php index 7b2d91da0f..e93158eaac 100644 --- a/phpBB/includes/bbcode.php +++ b/phpBB/includes/bbcode.php @@ -263,7 +263,7 @@ function bbencode_first_pass($text, $uid) $text = preg_replace("#\[i\](.*?)\[/i\]#si", "[i:$uid]\\1[/i:$uid]", $text); // [img]image_url_here[/img] code.. - $text = preg_replace("#\[img\](.*?)\[/img\]#si", "[img:$uid]\\1[/img:$uid]", $text); + $text = preg_replace("#\[img\](([a-z]+?)://([^, \n\r]+))\[/img\]#si", "[img:$uid]\\1[/img:$uid]", $text); // Remove our padding from the string.. $text = substr($text, 1); |