From b5a997ce183fa655af4c03b5f92a58a1a3e7c2f1 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Tue, 16 Jul 2019 20:44:12 +0200 Subject: [ticket/security/243] Limit size values to supported values SECURITY-243 --- phpBB/phpbb/textformatter/s9e/parser.php | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'phpBB/phpbb/textformatter/s9e/parser.php') diff --git a/phpBB/phpbb/textformatter/s9e/parser.php b/phpBB/phpbb/textformatter/s9e/parser.php index 3698dca224..e30bc2b0d9 100644 --- a/phpBB/phpbb/textformatter/s9e/parser.php +++ b/phpBB/phpbb/textformatter/s9e/parser.php @@ -228,6 +228,10 @@ class parser implements \phpbb\textformatter\parser_interface { $errors[] = array($msg); } + else if ($msg === 'INVALID_FONT_SIZE') + { + $errors[] = [$msg, $context['invalid_size']]; + } } // Deduplicate error messages. array_unique() only works on strings so we have to serialize @@ -335,6 +339,13 @@ class parser implements \phpbb\textformatter\parser_interface */ static public function filter_font_size($size, $max_size, Logger $logger) { + if (!is_int($size)) + { + $logger->err('INVALID_FONT_SIZE', ['invalid_size' => htmlspecialchars($size)]); + + return false; + } + if ($max_size && $size > $max_size) { $logger->err('MAX_FONT_SIZE_EXCEEDED', array('max_size' => $max_size)); -- cgit v1.2.1 From c934d3fcfdaaa1e8c2161577690fef9dcb41b1e1 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Wed, 17 Jul 2019 22:02:32 +0200 Subject: [ticket/security/243] Limit size BBCode to 4 numeric characters SECURITY-243 --- phpBB/phpbb/textformatter/s9e/parser.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/phpbb/textformatter/s9e/parser.php') diff --git a/phpBB/phpbb/textformatter/s9e/parser.php b/phpBB/phpbb/textformatter/s9e/parser.php index e30bc2b0d9..1bc56a8cb4 100644 --- a/phpBB/phpbb/textformatter/s9e/parser.php +++ b/phpBB/phpbb/textformatter/s9e/parser.php @@ -339,7 +339,7 @@ class parser implements \phpbb\textformatter\parser_interface */ static public function filter_font_size($size, $max_size, Logger $logger) { - if (!is_int($size)) + if (!is_numeric($size)) { $logger->err('INVALID_FONT_SIZE', ['invalid_size' => htmlspecialchars($size)]); -- cgit v1.2.1