diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2019-08-31 21:31:25 +0200 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2019-08-31 21:31:25 +0200 |
| commit | 01e64dbc9c3a9738f58858a8b22e5d8c8d3f682b (patch) | |
| tree | 99594aa20ff3f586cddb417398660b186afea2c1 /phpBB | |
| parent | b4f9c44b30ff924ef3fdf23525bf22be768738cb (diff) | |
| parent | cc8d6a5a014c994fec8d8bdd61cd1fbc5506de6e (diff) | |
| download | forums-01e64dbc9c3a9738f58858a8b22e5d8c8d3f682b.tar forums-01e64dbc9c3a9738f58858a8b22e5d8c8d3f682b.tar.gz forums-01e64dbc9c3a9738f58858a8b22e5d8c8d3f682b.tar.bz2 forums-01e64dbc9c3a9738f58858a8b22e5d8c8d3f682b.tar.xz forums-01e64dbc9c3a9738f58858a8b22e5d8c8d3f682b.zip | |
Merge pull request #53 from phpbb/ticket/security/243
[ticket/security/243] Fail silently on unsupported values for font size
Diffstat (limited to 'phpBB')
| -rw-r--r-- | phpBB/language/en/posting.php | 1 | ||||
| -rw-r--r-- | phpBB/phpbb/textformatter/s9e/parser.php | 13 |
2 files changed, 1 insertions, 13 deletions
diff --git a/phpBB/language/en/posting.php b/phpBB/language/en/posting.php index 570cf63f17..426475e77a 100644 --- a/phpBB/language/en/posting.php +++ b/phpBB/language/en/posting.php @@ -140,7 +140,6 @@ $lang = array_merge($lang, array( 'IMAGES_ARE_OFF' => '[img] is <em>OFF</em>', 'IMAGES_ARE_ON' => '[img] is <em>ON</em>', 'INVALID_FILENAME' => '%s is an invalid filename.', - 'INVALID_FONT_SIZE' => 'The font size you supplied is invalid: %s', 'LOAD' => 'Load', 'LOAD_DRAFT' => 'Load draft', diff --git a/phpBB/phpbb/textformatter/s9e/parser.php b/phpBB/phpbb/textformatter/s9e/parser.php index 1bc56a8cb4..a36fc63141 100644 --- a/phpBB/phpbb/textformatter/s9e/parser.php +++ b/phpBB/phpbb/textformatter/s9e/parser.php @@ -228,10 +228,6 @@ class parser implements \phpbb\textformatter\parser_interface { $errors[] = array($msg); } - else if ($msg === 'INVALID_FONT_SIZE') - { - $errors[] = [$msg, $context['invalid_size']]; - } } // Deduplicate error messages. array_unique() only works on strings so we have to serialize @@ -339,13 +335,6 @@ class parser implements \phpbb\textformatter\parser_interface */ static public function filter_font_size($size, $max_size, Logger $logger) { - if (!is_numeric($size)) - { - $logger->err('INVALID_FONT_SIZE', ['invalid_size' => htmlspecialchars($size)]); - - return false; - } - if ($max_size && $size > $max_size) { $logger->err('MAX_FONT_SIZE_EXCEEDED', array('max_size' => $max_size)); @@ -353,7 +342,7 @@ class parser implements \phpbb\textformatter\parser_interface return false; } - if ($size < 1) + if ($size < 1 || !is_numeric($size)) { return false; } |