diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2017-07-23 10:40:30 +0200 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2017-07-23 10:40:30 +0200 |
| commit | 2749bfe26ccae7db4174cdd83453d79366113c28 (patch) | |
| tree | 89668d54d65512ddd791b82906804bbffb17b0ca /phpBB/phpbb/profilefields | |
| parent | 882a3c383103802c491404032c5d267e4f5271a0 (diff) | |
| download | forums-2749bfe26ccae7db4174cdd83453d79366113c28.tar forums-2749bfe26ccae7db4174cdd83453d79366113c28.tar.gz forums-2749bfe26ccae7db4174cdd83453d79366113c28.tar.bz2 forums-2749bfe26ccae7db4174cdd83453d79366113c28.tar.xz forums-2749bfe26ccae7db4174cdd83453d79366113c28.zip | |
[ticket/security/211] Only run make_clickable() on URL type profile fields
SECURITY-211
Diffstat (limited to 'phpBB/phpbb/profilefields')
| -rw-r--r-- | phpBB/phpbb/profilefields/type/type_string_common.php | 1 | ||||
| -rw-r--r-- | phpBB/phpbb/profilefields/type/type_url.php | 15 |
2 files changed, 15 insertions, 1 deletions
diff --git a/phpBB/phpbb/profilefields/type/type_string_common.php b/phpBB/phpbb/profilefields/type/type_string_common.php index f5e1992044..2648d03930 100644 --- a/phpBB/phpbb/profilefields/type/type_string_common.php +++ b/phpBB/phpbb/profilefields/type/type_string_common.php @@ -108,7 +108,6 @@ abstract class type_string_common extends type_base return null; } - $field_value = make_clickable($field_value); $field_value = censor_text($field_value); $field_value = bbcode_nl2br($field_value); return $field_value; diff --git a/phpBB/phpbb/profilefields/type/type_url.php b/phpBB/phpbb/profilefields/type/type_url.php index 2bc0002262..7bdd60e19d 100644 --- a/phpBB/phpbb/profilefields/type/type_url.php +++ b/phpBB/phpbb/profilefields/type/type_url.php @@ -71,4 +71,19 @@ class type_url extends type_string return false; } + + /** + * {@inheritDoc} + */ + public function get_profile_value($field_value, $field_data) + { + if (!preg_match('#^' . get_preg_expression('url_http') . '$#iu', $field_value)) + { + return null; + } + + $field_value = make_clickable($field_value); + + return parent::get_profile_value($field_value, $field_data); + } } |