From 2926ceba6a06a2f0f95452ae838a89247c493c93 Mon Sep 17 00:00:00 2001
From: JoshyPHP <s9e.dev@gmail.com>
Date: Fri, 13 Dec 2019 01:46:09 +0100
Subject: [ticket/16250] Add a service to check BBCodes safeness

PHPBB3-16250
---
 phpBB/includes/acp/acp_bbcodes.php | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

(limited to 'phpBB/includes')

diff --git a/phpBB/includes/acp/acp_bbcodes.php b/phpBB/includes/acp/acp_bbcodes.php
index a67f3c54f9..9583f9a869 100644
--- a/phpBB/includes/acp/acp_bbcodes.php
+++ b/phpBB/includes/acp/acp_bbcodes.php
@@ -157,7 +157,7 @@ class acp_bbcodes
 				* @var	string	bbcode_tpl			The bbcode HTML replacement string
 				* @var	string	bbcode_helpline		The bbcode help line string
 				* @var	array	hidden_fields		Array of hidden fields for use when
-				*									submitting form when $warn_text is true
+				*									submitting form when $warn_unsafe is true
 				* @since 3.1.0-a3
 				*/
 				$vars = array(
@@ -172,14 +172,25 @@ class acp_bbcodes
 				);
 				extract($phpbb_dispatcher->trigger_event('core.acp_bbcodes_modify_create', compact($vars)));
 
-				$warn_text = preg_match('%<[^>]*\{text[\d]*\}[^>]*>%i', $bbcode_tpl);
+				$acp_utils   = $phpbb_container->get('text_formatter.acp_utils');
+				$bbcode_info = $acp_utils->analyse_bbcode($bbcode_match, $bbcode_tpl);
+				$warn_unsafe = ($bbcode_info['status'] === 'unsafe');
 
-				if (!$warn_text && !check_form_key($form_key))
+				if ($bbcode_info['status'] === 'invalid_definition')
+				{
+					trigger_error($user->lang['BBCODE_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+				}
+				if ($bbcode_info['status'] === 'invalid_template')
+				{
+					trigger_error($user->lang['BBCODE_INVALID_TEMPLATE'] . adm_back_link($this->u_action), E_USER_WARNING);
+				}
+
+				if (!$warn_unsafe && !check_form_key($form_key))
 				{
 					trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
 				}
 
-				if (!$warn_text || confirm_box(true))
+				if (!$warn_unsafe || confirm_box(true))
 				{
 					$data = $this->build_regexp($bbcode_match, $bbcode_tpl);
 
-- 
cgit v1.2.1


From 2733ce07129dceb5b60acdceba1689fa5339a523 Mon Sep 17 00:00:00 2001
From: JoshyPHP <s9e.dev@gmail.com>
Date: Mon, 16 Dec 2019 01:34:26 +0100
Subject: [ticket/16250] Reworked status as constants

PHPBB3-16250
---
 phpBB/includes/acp/acp_bbcodes.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'phpBB/includes')

diff --git a/phpBB/includes/acp/acp_bbcodes.php b/phpBB/includes/acp/acp_bbcodes.php
index 9583f9a869..84dbbf02ba 100644
--- a/phpBB/includes/acp/acp_bbcodes.php
+++ b/phpBB/includes/acp/acp_bbcodes.php
@@ -174,15 +174,15 @@ class acp_bbcodes
 
 				$acp_utils   = $phpbb_container->get('text_formatter.acp_utils');
 				$bbcode_info = $acp_utils->analyse_bbcode($bbcode_match, $bbcode_tpl);
-				$warn_unsafe = ($bbcode_info['status'] === 'unsafe');
+				$warn_unsafe = ($bbcode_info['status'] === $acp_utils::BBCODE_STATUS_UNSAFE);
 
-				if ($bbcode_info['status'] === 'invalid_definition')
+				if ($bbcode_info['status'] === $acp_utils::BBCODE_STATUS_INVALID_TEMPLATE)
 				{
-					trigger_error($user->lang['BBCODE_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+					trigger_error($user->lang['BBCODE_INVALID_TEMPLATE'] . adm_back_link($this->u_action), E_USER_WARNING);
 				}
-				if ($bbcode_info['status'] === 'invalid_template')
+				if ($bbcode_info['status'] === $acp_utils::BBCODE_STATUS_INVALID_DEFINITION)
 				{
-					trigger_error($user->lang['BBCODE_INVALID_TEMPLATE'] . adm_back_link($this->u_action), E_USER_WARNING);
+					trigger_error($user->lang['BBCODE_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
 				}
 
 				if (!$warn_unsafe && !check_form_key($form_key))
-- 
cgit v1.2.1