From 2652a1aba9fc06b8e5fdfca558d5b07422b0982d Mon Sep 17 00:00:00 2001
From: dougk_ff7 <dougk_ff7@users.sourceforge.net>
Date: Fri, 19 Oct 2001 13:28:35 +0000
Subject: Removing traces of global announcements and also fixing a potential
 security hole in bbcode.  Img-based javascript is now stripped.  All images
 have to begin with http://

git-svn-id: file:///svn/phpbb/trunk@1238 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/includes/bbcode.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'phpBB/includes/bbcode.php')

diff --git a/phpBB/includes/bbcode.php b/phpBB/includes/bbcode.php
index 7b2d91da0f..e93158eaac 100644
--- a/phpBB/includes/bbcode.php
+++ b/phpBB/includes/bbcode.php
@@ -263,7 +263,7 @@ function bbencode_first_pass($text, $uid)
 	$text = preg_replace("#\[i\](.*?)\[/i\]#si", "[i:$uid]\\1[/i:$uid]", $text);
 
 	// [img]image_url_here[/img] code..
-	$text = preg_replace("#\[img\](.*?)\[/img\]#si", "[img:$uid]\\1[/img:$uid]", $text);
+	$text = preg_replace("#\[img\](([a-z]+?)://([^, \n\r]+))\[/img\]#si", "[img:$uid]\\1[/img:$uid]", $text);
 
 	// Remove our padding from the string..
 	$text = substr($text, 1);
-- 
cgit v1.2.1