From 81140ec8877236050b822517f735b49503bcd44d Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Mon, 3 Jun 2013 12:15:23 +0200 Subject: [ticket/8319] Prepend Board URL to LOCAL_URL links to prevent abuse The description says: "The URL must be relative to the topic page and cannot contain a server name or protocol." We now enforce this and will add a new token with the current behaviour back. PHPBB3-8319 --- phpBB/includes/acp/acp_bbcodes.php | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'phpBB/includes/acp') diff --git a/phpBB/includes/acp/acp_bbcodes.php b/phpBB/includes/acp/acp_bbcodes.php index 0644b38eb1..2cb1390c8e 100644 --- a/phpBB/includes/acp/acp_bbcodes.php +++ b/phpBB/includes/acp/acp_bbcodes.php @@ -427,7 +427,15 @@ class acp_bbcodes $fp_replace = str_replace($token, $replace, $fp_replace); $sp_match = str_replace(preg_quote($token, '!'), $sp_tokens[$token_type], $sp_match); - $sp_replace = str_replace($token, '${' . ($n + 1) . '}', $sp_replace); + if ($token_type === 'LOCAL_URL') + { + // Prepend the board url to local relative links + $sp_replace = str_replace($token, generate_board_url() . '/' . '${' . ($n + 1) . '}', $sp_replace); + } + else + { + $sp_replace = str_replace($token, '${' . ($n + 1) . '}', $sp_replace); + } } $fp_match = '!' . $fp_match . '!' . $modifiers; -- cgit v1.2.1 From c0e0c13cf17bac9256e3acb1ea2d67134d6122dd Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Mon, 3 Jun 2013 11:57:40 +0200 Subject: [ticket/8319] Add new token RELATIVE_URL to allow foreign relative URL parts PHPBB3-8319 --- phpBB/includes/acp/acp_bbcodes.php | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'phpBB/includes/acp') diff --git a/phpBB/includes/acp/acp_bbcodes.php b/phpBB/includes/acp/acp_bbcodes.php index 2cb1390c8e..02ec8af5b9 100644 --- a/phpBB/includes/acp/acp_bbcodes.php +++ b/phpBB/includes/acp/acp_bbcodes.php @@ -345,6 +345,9 @@ class acp_bbcodes 'LOCAL_URL' => array( '!(' . str_replace(array('!', '\#'), array('\!', '#'), get_preg_expression('relative_url')) . ')!e' => "\$this->bbcode_specialchars('$1')" ), + 'RELATIVE_URL' => array( + '!(' . str_replace(array('!', '\#'), array('\!', '#'), get_preg_expression('relative_url')) . ')!e' => "\$this->bbcode_specialchars('$1')" + ), 'EMAIL' => array( '!(' . get_preg_expression('email') . ')!ie' => "\$this->bbcode_specialchars('$1')" ), @@ -371,6 +374,7 @@ class acp_bbcodes $sp_tokens = array( 'URL' => '(?i)((?:' . str_replace(array('!', '\#'), array('\!', '#'), get_preg_expression('url')) . ')|(?:' . str_replace(array('!', '\#'), array('\!', '#'), get_preg_expression('www_url')) . '))(?-i)', 'LOCAL_URL' => '(?i)(' . str_replace(array('!', '\#'), array('\!', '#'), get_preg_expression('relative_url')) . ')(?-i)', + 'RELATIVE_URL' => '(?i)(' . str_replace(array('!', '\#'), array('\!', '#'), get_preg_expression('relative_url')) . ')(?-i)', 'EMAIL' => '(' . get_preg_expression('email') . ')', 'TEXT' => '(.*?)', 'SIMPLETEXT' => '([a-zA-Z0-9-+.,_ ]+)', -- cgit v1.2.1 From 6206d4aa4ea08df513154d8b87d35785f69a9f2a Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Mon, 3 Jun 2013 12:35:57 +0200 Subject: [ticket/8319] Add explanation for RELATIVE_URL and update LOCAL_URL The explanation now states that links are prefixed with the board URL. PHPBB3-8319 --- phpBB/includes/acp/acp_bbcodes.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'phpBB/includes/acp') diff --git a/phpBB/includes/acp/acp_bbcodes.php b/phpBB/includes/acp/acp_bbcodes.php index 02ec8af5b9..ead716b300 100644 --- a/phpBB/includes/acp/acp_bbcodes.php +++ b/phpBB/includes/acp/acp_bbcodes.php @@ -113,8 +113,8 @@ class acp_bbcodes { $template->assign_block_vars('token', array( 'TOKEN' => '{' . $token . '}', - 'EXPLAIN' => $token_explain) - ); + 'EXPLAIN' => ($token === 'LOCAL_URL') ? sprintf($token_explain, generate_board_url() . '/') : $token_explain, + )); } return; -- cgit v1.2.1 From 9210d735a53e3c4a4de042b49dae361c436268e1 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Sat, 6 Jul 2013 19:40:25 +0200 Subject: [ticket/8319] Do not repeat the replacement PHPBB3-8319 --- phpBB/includes/acp/acp_bbcodes.php | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) (limited to 'phpBB/includes/acp') diff --git a/phpBB/includes/acp/acp_bbcodes.php b/phpBB/includes/acp/acp_bbcodes.php index ead716b300..31166a56dc 100644 --- a/phpBB/includes/acp/acp_bbcodes.php +++ b/phpBB/includes/acp/acp_bbcodes.php @@ -431,15 +431,11 @@ class acp_bbcodes $fp_replace = str_replace($token, $replace, $fp_replace); $sp_match = str_replace(preg_quote($token, '!'), $sp_tokens[$token_type], $sp_match); - if ($token_type === 'LOCAL_URL') - { - // Prepend the board url to local relative links - $sp_replace = str_replace($token, generate_board_url() . '/' . '${' . ($n + 1) . '}', $sp_replace); - } - else - { - $sp_replace = str_replace($token, '${' . ($n + 1) . '}', $sp_replace); - } + + // Prepend the board url to local relative links + $replace_prepend = ($token_type === 'LOCAL_URL') ? generate_board_url() . '/' : ''; + + $sp_replace = str_replace($token, $replace_prepend . '${' . ($n + 1) . '}', $sp_replace); } $fp_match = '!' . $fp_match . '!' . $modifiers; -- cgit v1.2.1