diff options
| author | JoshyPHP <s9e.dev@gmail.com> | 2019-12-13 01:46:09 +0100 |
|---|---|---|
| committer | JoshyPHP <s9e.dev@gmail.com> | 2019-12-13 01:46:09 +0100 |
| commit | 2926ceba6a06a2f0f95452ae838a89247c493c93 (patch) | |
| tree | c37fb3d6bc24a678fe788cfc6fc2b87eb23b1dcd /phpBB/includes | |
| parent | 5be4cca4083e3f2611f7725058afa127ef701ef1 (diff) | |
| download | forums-2926ceba6a06a2f0f95452ae838a89247c493c93.tar forums-2926ceba6a06a2f0f95452ae838a89247c493c93.tar.gz forums-2926ceba6a06a2f0f95452ae838a89247c493c93.tar.bz2 forums-2926ceba6a06a2f0f95452ae838a89247c493c93.tar.xz forums-2926ceba6a06a2f0f95452ae838a89247c493c93.zip | |
[ticket/16250] Add a service to check BBCodes safeness
PHPBB3-16250
Diffstat (limited to 'phpBB/includes')
| -rw-r--r-- | phpBB/includes/acp/acp_bbcodes.php | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/phpBB/includes/acp/acp_bbcodes.php b/phpBB/includes/acp/acp_bbcodes.php index a67f3c54f9..9583f9a869 100644 --- a/phpBB/includes/acp/acp_bbcodes.php +++ b/phpBB/includes/acp/acp_bbcodes.php @@ -157,7 +157,7 @@ class acp_bbcodes * @var string bbcode_tpl The bbcode HTML replacement string * @var string bbcode_helpline The bbcode help line string * @var array hidden_fields Array of hidden fields for use when - * submitting form when $warn_text is true + * submitting form when $warn_unsafe is true * @since 3.1.0-a3 */ $vars = array( @@ -172,14 +172,25 @@ class acp_bbcodes ); extract($phpbb_dispatcher->trigger_event('core.acp_bbcodes_modify_create', compact($vars))); - $warn_text = preg_match('%<[^>]*\{text[\d]*\}[^>]*>%i', $bbcode_tpl); + $acp_utils = $phpbb_container->get('text_formatter.acp_utils'); + $bbcode_info = $acp_utils->analyse_bbcode($bbcode_match, $bbcode_tpl); + $warn_unsafe = ($bbcode_info['status'] === 'unsafe'); - if (!$warn_text && !check_form_key($form_key)) + if ($bbcode_info['status'] === 'invalid_definition') + { + trigger_error($user->lang['BBCODE_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + if ($bbcode_info['status'] === 'invalid_template') + { + trigger_error($user->lang['BBCODE_INVALID_TEMPLATE'] . adm_back_link($this->u_action), E_USER_WARNING); + } + + if (!$warn_unsafe && !check_form_key($form_key)) { trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); } - if (!$warn_text || confirm_box(true)) + if (!$warn_unsafe || confirm_box(true)) { $data = $this->build_regexp($bbcode_match, $bbcode_tpl); |