From 08ca84a3e7fe7f8aa837792be9f3a55e62f77345 Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Sun, 31 Jul 2011 15:34:45 +0200 Subject: [ticket/10299] Fix typo in comment about $max_store_length in truncate_string() PHPBB3-10299 --- phpBB/includes/functions_content.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes/functions_content.php') diff --git a/phpBB/includes/functions_content.php b/phpBB/includes/functions_content.php index faff9dd0de..b7650ecd6a 100644 --- a/phpBB/includes/functions_content.php +++ b/phpBB/includes/functions_content.php @@ -1107,7 +1107,7 @@ function extension_allowed($forum_id, $extension, &$extensions) * @param int $max_length Maximum length of string (multibyte character count as 1 char / Html entity count as 1 char) * @param int $max_store_length Maximum character length of string (multibyte character count as 1 char / Html entity count as entity chars). * @param bool $allow_reply Allow Re: in front of string -* NOTE: This parameter can cause undesired behavior (returning strings longer than $max_store_legnth) and is deprecated. +* NOTE: This parameter can cause undesired behavior (returning strings longer than $max_store_length) and is deprecated. * @param string $append String to be appended */ function truncate_string($string, $max_length = 60, $max_store_length = 255, $allow_reply = false, $append = '') -- cgit v1.2.1 From f9dbe33fa7917b6220a85a01ed9f395f3f1bb888 Mon Sep 17 00:00:00 2001 From: Callum Macrae Date: Thu, 14 Jul 2011 18:05:34 +0100 Subject: [ticket/10240] Added code to strip control characters from messages. It is possible to evade the word filter using control characters. Seeing as control characters have no practical application in a bulletin board software, it doesn't do any harm to remove them entirely. That is what this commit does. PHPBB3-10240 --- phpBB/includes/functions_content.php | 3 +++ 1 file changed, 3 insertions(+) (limited to 'phpBB/includes/functions_content.php') diff --git a/phpBB/includes/functions_content.php b/phpBB/includes/functions_content.php index faff9dd0de..872ee8c7cc 100644 --- a/phpBB/includes/functions_content.php +++ b/phpBB/includes/functions_content.php @@ -691,6 +691,9 @@ function censor_text($text) return ''; } + // Strip control characters + $text = preg_replace('/[\x00-\x0f]/', '', $text); + // We moved the word censor checks in here because we call this function quite often - and then only need to do the check once if (!isset($censors) || !is_array($censors)) { -- cgit v1.2.1