3 files changed, 48 insertions, 19 deletions
diff --git a/phpBB/includes/acp/acp_groups.php b/phpBB/includes/acp/acp_groups.php
index 37c49d7d72..c740ff7ddc 100644
--- a/phpBB/includes/acp/acp_groups.php
+++ b/phpBB/includes/acp/acp_groups.php
@@ -386,13 +386,21 @@ class acp_groups
 						$error = array_merge($error, $phpbb_avatar_manager->localize_errors($user, $avatar_error));
 					}
 
-					// Validate the length of "Maximum number of allowed recipients per private message" setting.
-					// We use 16777215 as a maximum because it matches MySQL unsigned mediumint maximum value
-					// which is the lowest amongst DBMSes supported by phpBB3
-					if ($max_recipients_error = validate_data($submit_ary, array('max_recipients' => array('num', false, 0, 16777215))))
+					/*
+					* Validate the length of "Maximum number of allowed recipients per
+					* private message" setting. We use 16777215 as a maximum because it matches
+					* MySQL unsigned mediumint maximum value which is the lowest amongst DBMSes
+					* supported by phpBB3. Also validate the submitted colour value.
+					*/
+					$validation_checks = array(
+						'max_recipients' => array('num', false, 0, 16777215),
+						'colour'	=> array('hex_colour', true),
+					);
+
+					if ($validation_error = validate_data($submit_ary, $validation_checks))
 					{
 						// Replace "error" string with its real, localised form
-						$error = array_merge($error, array_map(array(&$user, 'lang'), $max_recipients_error));
+						$error = array_merge($error, array_map(array(&$user, 'lang'), $validation_error));
 					}
 
 					if (!sizeof($error))
diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php
index 599cb24f75..9a2ad4c25f 100644
--- a/phpBB/includes/functions_user.php
+++ b/phpBB/includes/functions_user.php
@@ -1330,22 +1330,12 @@ function validate_data($data, $val_ary)
 		{
 			$function = array_shift($validate);
 			array_unshift($validate, $data[$var]);
+			$function_prefix = (function_exists('phpbb_validate_' . $function)) ? 'phpbb_validate_' : 'validate';
 
-			if (function_exists('phpbb_validate_' . $function))
+			if ($result = call_user_func_array($function_prefix . $function, $validate))
 			{
-				if ($result = call_user_func_array('phpbb_validate_' . $function, $validate))
-				{
-					// Since errors are checked later for their language file existence, we need to make sure custom errors are not adjusted.
-					$error[] = (empty($user->lang[$result . '_' . strtoupper($var)])) ? $result : $result . '_' . strtoupper($var);
-				}
-			}
-			else
-			{
-				if ($result = call_user_func_array('validate_' . $function, $validate))
-				{
-					// Since errors are checked later for their language file existence, we need to make sure custom errors are not adjusted.
-					$error[] = (empty($user->lang[$result . '_' . strtoupper($var)])) ? $result : $result . '_' . strtoupper($var);
-				}
+				// Since errors are checked later for their language file existence, we need to make sure custom errors are not adjusted.
+				$error[] = (empty($user->lang[$result . '_' . strtoupper($var)])) ? $result : $result . '_' . strtoupper($var);
 			}
 		}
 	}
@@ -2009,6 +1999,30 @@ function validate_jabber($jid)
 }
 
 /**
+* Validate hex colour value
+*
+* @param string $colour The hex colour value
+* @param bool $optional Whether the colour value is optional. True if an empty
+*			string will be accepted as correct input, false if not.
+* @return bool|string Error message if colour value is incorrect, false if it
+*			fits the hex colour code
+*/
+function phpbb_validate_hex_colour($colour, $optional = false)
+{
+	if (empty($colour))
+	{
+		return (($optional) ? false : 'WRONG_DATA');
+	}
+
+	if (!preg_match('/^([0-9a-fA-F]{6}|[0-9a-fA-F]{3})$/', $colour))
+	{
+		return 'WRONG_DATA';
+	}
+
+	return false;
+}
+
+/**
 * Verifies whether a style ID corresponds to an active style.
 *
 * @param int $style_id The style_id of a style which should be checked if activated or not.
diff --git a/phpBB/includes/ucp/ucp_groups.php b/phpBB/includes/ucp/ucp_groups.php
index a633ce448c..efc88e6e37 100644
--- a/phpBB/includes/ucp/ucp_groups.php
+++ b/phpBB/includes/ucp/ucp_groups.php
@@ -557,6 +557,13 @@ class ucp_groups
 								$error[] = $user->lang['FORM_INVALID'];
 							}
 
+							// Validate submitted colour value
+							if ($colour_error = validate_data($submit_ary, array('colour'	=> array('hex_colour', true))))
+							{
+								// Replace "error" string with its real, localised form
+								$error = array_merge($error, array_map(array(&$user, 'lang'), $colour_error));
+							}
+
 							if (!sizeof($error))
 							{
 								// Only set the rank, colour, etc. if it's changed or if we're adding a new