diff options
author | Marc Alexander <admin@m-a-styles.de> | 2019-12-21 10:34:17 +0100 |
---|---|---|
committer | Marc Alexander <admin@m-a-styles.de> | 2019-12-21 10:34:17 +0100 |
commit | d26622e9921fdabff9186e0a2e47a2f8ed0a1238 (patch) | |
tree | 95dfd71fc22e95776768de6a978548f0adbdb8ac /phpBB/includes | |
parent | 0b3eb2f9eaac66cf76e40703f77f362d1e42e86c (diff) | |
parent | 2733ce07129dceb5b60acdceba1689fa5339a523 (diff) | |
download | forums-d26622e9921fdabff9186e0a2e47a2f8ed0a1238.tar forums-d26622e9921fdabff9186e0a2e47a2f8ed0a1238.tar.gz forums-d26622e9921fdabff9186e0a2e47a2f8ed0a1238.tar.bz2 forums-d26622e9921fdabff9186e0a2e47a2f8ed0a1238.tar.xz forums-d26622e9921fdabff9186e0a2e47a2f8ed0a1238.zip |
Merge pull request #5770 from JoshyPHP/ticket/16250
[ticket/16250] Add a service to check BBCodes safeness in ACP
Diffstat (limited to 'phpBB/includes')
-rw-r--r-- | phpBB/includes/acp/acp_bbcodes.php | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/phpBB/includes/acp/acp_bbcodes.php b/phpBB/includes/acp/acp_bbcodes.php index a67f3c54f9..84dbbf02ba 100644 --- a/phpBB/includes/acp/acp_bbcodes.php +++ b/phpBB/includes/acp/acp_bbcodes.php @@ -157,7 +157,7 @@ class acp_bbcodes * @var string bbcode_tpl The bbcode HTML replacement string * @var string bbcode_helpline The bbcode help line string * @var array hidden_fields Array of hidden fields for use when - * submitting form when $warn_text is true + * submitting form when $warn_unsafe is true * @since 3.1.0-a3 */ $vars = array( @@ -172,14 +172,25 @@ class acp_bbcodes ); extract($phpbb_dispatcher->trigger_event('core.acp_bbcodes_modify_create', compact($vars))); - $warn_text = preg_match('%<[^>]*\{text[\d]*\}[^>]*>%i', $bbcode_tpl); + $acp_utils = $phpbb_container->get('text_formatter.acp_utils'); + $bbcode_info = $acp_utils->analyse_bbcode($bbcode_match, $bbcode_tpl); + $warn_unsafe = ($bbcode_info['status'] === $acp_utils::BBCODE_STATUS_UNSAFE); - if (!$warn_text && !check_form_key($form_key)) + if ($bbcode_info['status'] === $acp_utils::BBCODE_STATUS_INVALID_TEMPLATE) + { + trigger_error($user->lang['BBCODE_INVALID_TEMPLATE'] . adm_back_link($this->u_action), E_USER_WARNING); + } + if ($bbcode_info['status'] === $acp_utils::BBCODE_STATUS_INVALID_DEFINITION) + { + trigger_error($user->lang['BBCODE_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + + if (!$warn_unsafe && !check_form_key($form_key)) { trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); } - if (!$warn_text || confirm_box(true)) + if (!$warn_unsafe || confirm_box(true)) { $data = $this->build_regexp($bbcode_match, $bbcode_tpl); |