diff options
| author | Nils Adermann <naderman@naderman.de> | 2010-11-19 11:33:14 +0100 |
|---|---|---|
| committer | Nils Adermann <naderman@naderman.de> | 2010-11-19 11:33:14 +0100 |
| commit | 2831a3a9a97c1ee8b714c8034c64379eff90faa0 (patch) | |
| tree | 403bc050aff21699f0d9e3781212fce7d1dd8467 /phpBB/includes/message_parser.php | |
| parent | bce138ca14ed2c0a461ba9598464b3db91dc37ab (diff) | |
| parent | 49b639dd953746bdd6f77644e471b09545960f8a (diff) | |
| download | forums-2831a3a9a97c1ee8b714c8034c64379eff90faa0.tar forums-2831a3a9a97c1ee8b714c8034c64379eff90faa0.tar.gz forums-2831a3a9a97c1ee8b714c8034c64379eff90faa0.tar.bz2 forums-2831a3a9a97c1ee8b714c8034c64379eff90faa0.tar.xz forums-2831a3a9a97c1ee8b714c8034c64379eff90faa0.zip | |
Merge branch 'ticket/9903' into prep-release-3.0.8
* ticket/9903:
[ticket/9903] Script for detecting potentially malicious flash bbcodes
[ticket/9903] Fix XSS in BBcode-parser's Flash-BBcode.
Diffstat (limited to 'phpBB/includes/message_parser.php')
| -rw-r--r-- | phpBB/includes/message_parser.php | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index 952b55cc8c..b2d0b6c566 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -352,6 +352,15 @@ class bbcode_firstpass extends bbcode return '[flash=' . $width . ',' . $height . ']' . $in . '[/flash]'; } + $in = str_replace(' ', '%20', $in); + + // Make sure $in is a URL. + if (!preg_match('#^' . get_preg_expression('url') . '$#i', $in) && + !preg_match('#^' . get_preg_expression('www_url') . '$#i', $in)) + { + return '[flash=' . $width . ',' . $height . ']' . $in . '[/flash]'; + } + // Apply the same size checks on flash files as on images if ($config['max_' . $this->mode . '_img_height'] || $config['max_' . $this->mode . '_img_width']) { |