aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/includes')
-rw-r--r--phpBB/includes/acp/acp_attachments.php15
-rw-r--r--phpBB/includes/acp/acp_bbcodes.php11
-rw-r--r--phpBB/includes/acp/acp_forums.php10
-rw-r--r--phpBB/includes/acp/acp_icons.php2
-rw-r--r--phpBB/includes/acp/acp_permission_roles.php5
-rw-r--r--phpBB/includes/acp/acp_ranks.php5
-rw-r--r--phpBB/includes/acp/acp_reasons.php2
-rw-r--r--phpBB/includes/functions_posting.php2
-rw-r--r--phpBB/includes/functions_user.php10
9 files changed, 58 insertions, 4 deletions
diff --git a/phpBB/includes/acp/acp_attachments.php b/phpBB/includes/acp/acp_attachments.php
index 1de254f6e2..eceaaa4cb5 100644
--- a/phpBB/includes/acp/acp_attachments.php
+++ b/phpBB/includes/acp/acp_attachments.php
@@ -673,6 +673,11 @@ class acp_attachments
$selected = ($ext_group_row['upload_icon'] == $img) ? ' selected="selected"' : '';
}
+ if (strlen($img) > 255)
+ {
+ continue;
+ }
+
$filename_list .= '<option value="' . htmlspecialchars($img) . '"' . $selected . '>' . htmlspecialchars($img) . '</option>';
}
}
@@ -1266,10 +1271,20 @@ class acp_attachments
{
if ($row['site_ip'])
{
+ if (strlen($row['site_ip']) > 40)
+ {
+ continue;
+ }
+
$iplist_tmp[] = "'" . $row['site_ip'] . "'";
}
else if ($row['site_hostname'])
{
+ if (strlen($row['site_hostname']) > 255)
+ {
+ continue;
+ }
+
$hostlist_tmp[] = "'" . $row['site_hostname'] . "'";
}
// break;
diff --git a/phpBB/includes/acp/acp_bbcodes.php b/phpBB/includes/acp/acp_bbcodes.php
index 97a2c92e1c..270fc172ca 100644
--- a/phpBB/includes/acp/acp_bbcodes.php
+++ b/phpBB/includes/acp/acp_bbcodes.php
@@ -148,7 +148,16 @@ class acp_bbcodes
trigger_error($user->lang['BBCODE_OPEN_ENDED_TAG'] . adm_back_link($this->u_action), E_USER_WARNING);
}
- // @todo - bbcode_tag <= 16, bbcode_helpline <= 255, bbcode_match <= 4000
+ if (strlen($data['bbcode_tag']) > 16)
+ {
+ trigger_error($user->lang['BBCODE_TAG_TOO_LONG'] . adm_back_link($this->u_action), E_USER_WARNING);
+ }
+
+ if (strlen($data['bbcode_tag']) > 4000)
+ {
+ trigger_error($user->lang['BBCODE_TAG_TOO_LONG'] . adm_back_link($this->u_action), E_USER_WARNING);
+ }
+
$sql_ary = array(
'bbcode_tag' => $data['bbcode_tag'],
'bbcode_match' => $bbcode_match,
diff --git a/phpBB/includes/acp/acp_forums.php b/phpBB/includes/acp/acp_forums.php
index da60162e33..5ccac5773e 100644
--- a/phpBB/includes/acp/acp_forums.php
+++ b/phpBB/includes/acp/acp_forums.php
@@ -853,6 +853,16 @@ class acp_forums
$errors[] = $user->lang['FORUM_NAME_EMPTY'];
}
+ if (utf8_strlen($forum_data['forum_desc']) > 4000)
+ {
+ $errors[] = $user->lang['FORUM_DESC_TOO_LONG'];
+ }
+
+ if (utf8_strlen($forum_data['forum_rules']) > 4000)
+ {
+ $errors[] = $user->lang['FORUM_RULES_TOO_LONG'];
+ }
+
if ($forum_data['forum_password'] || $forum_data['forum_password_confirm'])
{
if ($forum_data['forum_password'] != $forum_data['forum_password_confirm'])
diff --git a/phpBB/includes/acp/acp_icons.php b/phpBB/includes/acp/acp_icons.php
index 131235ef8d..321df3ecb1 100644
--- a/phpBB/includes/acp/acp_icons.php
+++ b/phpBB/includes/acp/acp_icons.php
@@ -67,7 +67,7 @@ class acp_icons
{
$img_size = @getimagesize($phpbb_root_path . $img_path . '/' . $path . $img);
- if (!$img_size[0] || !$img_size[1])
+ if (!$img_size[0] || !$img_size[1] || strlen($img) > 255)
{
continue;
}
diff --git a/phpBB/includes/acp/acp_permission_roles.php b/phpBB/includes/acp/acp_permission_roles.php
index 581766e9c8..86ac6f60c5 100644
--- a/phpBB/includes/acp/acp_permission_roles.php
+++ b/phpBB/includes/acp/acp_permission_roles.php
@@ -142,6 +142,11 @@ class acp_permission_roles
trigger_error($user->lang['NO_ROLE_NAME_SPECIFIED'] . adm_back_link($this->u_action), E_USER_WARNING);
}
+ if (utf8_strlen($role_description) > 4000)
+ {
+ trigger_error($user->lang['ROLE_DESCRIPTION_LONG'] . adm_back_link($this->u_action), E_USER_WARNING);
+ }
+
// if we add/edit a role we check the name to be unique among the settings...
$sql = 'SELECT role_id
FROM ' . ACL_ROLES_TABLE . "
diff --git a/phpBB/includes/acp/acp_ranks.php b/phpBB/includes/acp/acp_ranks.php
index a52ff07607..5b593a4d27 100644
--- a/phpBB/includes/acp/acp_ranks.php
+++ b/phpBB/includes/acp/acp_ranks.php
@@ -164,6 +164,11 @@ class acp_ranks
$selected = '';
}
+ if (strlen($img) > 255)
+ {
+ continue;
+ }
+
$filename_list .= '<option value="' . htmlspecialchars($img) . '"' . $selected . '>' . $img . '</option>';
}
}
diff --git a/phpBB/includes/acp/acp_reasons.php b/phpBB/includes/acp/acp_reasons.php
index 72419de1ef..d9dc0505d4 100644
--- a/phpBB/includes/acp/acp_reasons.php
+++ b/phpBB/includes/acp/acp_reasons.php
@@ -214,7 +214,7 @@ class acp_reasons
WHERE reason_id = $reason_id";
break;
- // Nearly standard, not quite
+ // Standard? What's that?
case 'mssql':
case 'mssql_odbc':
// Change the reports using this reason to 'other'
diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php
index 910999d5ef..ef5afdecd8 100644
--- a/phpBB/includes/functions_posting.php
+++ b/phpBB/includes/functions_posting.php
@@ -1577,7 +1577,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
);
}
- $sql = 'INSERT INTO ' . POSTS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_data[POSTS_TABLE]['sql']);
+ $sql = 'INSERT INTO ' . POSTS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_data[POSTS_TABLE]['sql']);
$db->sql_query($sql);
$data['post_id'] = $db->sql_nextid();
diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php
index 0c6cf60f0f..25ac6f24eb 100644
--- a/phpBB/includes/functions_user.php
+++ b/phpBB/includes/functions_user.php
@@ -767,6 +767,11 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
{
if ($ip)
{
+ if (strlen($ip) > 40)
+ {
+ continue;
+ }
+
$banlist_ary[] = $ip;
}
}
@@ -788,6 +793,11 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
if (preg_match('#^.*?@*|(([a-z0-9\-]+\.)+([a-z]{2,3}))$#i', $ban_item))
{
+ if (strlen($ban_item) > 100)
+ {
+ continue;
+ }
+
if (!sizeof($founder) || !in_array($ban_item, $founder))
{
$banlist_ary[] = $ban_item;
generated by cgit v1.2.1 (git 2.21.0) at 2025-02-17 05:53:53 +0000