diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2018-01-07 10:28:59 +0100 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2018-01-07 10:28:59 +0100 |
| commit | 2a939fa779059b2eedc5eaf33706b4a1627ed30e (patch) | |
| tree | 12aa20249ca31f91fa3c8ab6795a2bce6f55f3a4 /phpBB/phpbb | |
| parent | 39b142077478876b4c2ef270c081681070f264d7 (diff) | |
| parent | bf5f11e11ac0f25441ba891fc16d5a780e4450e2 (diff) | |
| download | forums-2a939fa779059b2eedc5eaf33706b4a1627ed30e.tar forums-2a939fa779059b2eedc5eaf33706b4a1627ed30e.tar.gz forums-2a939fa779059b2eedc5eaf33706b4a1627ed30e.tar.bz2 forums-2a939fa779059b2eedc5eaf33706b4a1627ed30e.tar.xz forums-2a939fa779059b2eedc5eaf33706b4a1627ed30e.zip | |
Merge pull request #41 from phpbb/ticket/security/211-rhea
[ticket/security/211] Rhea version of security fix
Diffstat (limited to 'phpBB/phpbb')
| -rw-r--r-- | phpBB/phpbb/profilefields/type/type_string_common.php | 1 | ||||
| -rw-r--r-- | phpBB/phpbb/profilefields/type/type_url.php | 17 |
2 files changed, 16 insertions, 2 deletions
diff --git a/phpBB/phpbb/profilefields/type/type_string_common.php b/phpBB/phpbb/profilefields/type/type_string_common.php index f5e1992044..2648d03930 100644 --- a/phpBB/phpbb/profilefields/type/type_string_common.php +++ b/phpBB/phpbb/profilefields/type/type_string_common.php @@ -108,7 +108,6 @@ abstract class type_string_common extends type_base return null; } - $field_value = make_clickable($field_value); $field_value = censor_text($field_value); $field_value = bbcode_nl2br($field_value); return $field_value; diff --git a/phpBB/phpbb/profilefields/type/type_url.php b/phpBB/phpbb/profilefields/type/type_url.php index 375cf5b19a..7bdd60e19d 100644 --- a/phpBB/phpbb/profilefields/type/type_url.php +++ b/phpBB/phpbb/profilefields/type/type_url.php @@ -64,11 +64,26 @@ class type_url extends type_string return false; } - if (!preg_match('#^' . get_preg_expression('url') . '$#iu', $field_value)) + if (!preg_match('#^' . get_preg_expression('url_http') . '$#iu', $field_value)) { return $this->user->lang('FIELD_INVALID_URL', $this->get_field_name($field_data['lang_name'])); } return false; } + + /** + * {@inheritDoc} + */ + public function get_profile_value($field_value, $field_data) + { + if (!preg_match('#^' . get_preg_expression('url_http') . '$#iu', $field_value)) + { + return null; + } + + $field_value = make_clickable($field_value); + + return parent::get_profile_value($field_value, $field_data); + } } |