makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 06:08:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Removing traces of global announcements and also fixing a potential security hole in bbcode. Img-based javascript is now stripped. All images have to begin with http://

Browse source 
git-svn-id: file:///svn/phpbb/trunk@1238 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
dougk_ff7 2001-10-19 13:28:35 +00:00
parent 43025a0dbb
commit 2652a1aba9
2 changed files with 1 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
phpBB/db/mysql_basic.sql
View file

@ -61,7 +61,6 @@ INSERT INTO phpbb_categories (cat_id, cat_title, cat_order) VALUES (1, 'Test cat
# -- Forums # -- Forums
INSERT INTO phpbb_forums (forum_id, forum_name, forum_desc, cat_id, forum_order, forum_posts, forum_topics, forum_last_post_id, auth_view, auth_read, auth_post, auth_reply, auth_edit, auth_delete, auth_announce, auth_sticky, auth_pollcreate, auth_vote, auth_attachments) VALUES (1, 'Test Forum 1', 'This is just a test forum.', 1, 1, 1, 1, 1, 0, 0, 0, 0, 1, 1, 3, 1, 1, 1, 3); INSERT INTO phpbb_forums (forum_id, forum_name, forum_desc, cat_id, forum_order, forum_posts, forum_topics, forum_last_post_id, auth_view, auth_read, auth_post, auth_reply, auth_edit, auth_delete, auth_announce, auth_sticky, auth_pollcreate, auth_vote, auth_attachments) VALUES (1, 'Test Forum 1', 'This is just a test forum.', 1, 1, 1, 1, 1, 0, 0, 0, 0, 1, 1, 3, 1, 1, 1, 3);
INSERT INTO phpbb_forums (forum_id, forum_name, forum_desc, cat_id, forum_order, forum_posts, forum_topics, forum_last_post_id, auth_view, auth_read, auth_post, auth_reply, auth_edit, auth_delete, auth_announce, auth_sticky, auth_pollcreate, auth_vote, auth_attachments) VALUES (-1, 'Global Announcements', 'This forum is required for the global announcements to function properly. DO NOT DELETE IT UNDER ANY CIRCUMSTANCES!', 6, 1, 1, 1, 1, 0, 0, 0, 0, 1, 1, 3, 1, 1, 1, 3);
# -- Users # -- Users
INSERT INTO phpbb_users (user_id, username, user_level, user_regdate, user_password, user_autologin_key, user_email, user_icq, user_website, user_occ, user_from, user_interests, user_sig, user_viewemail, user_style, user_aim, user_yim, user_msnm, user_posts, user_attachsig, user_allowsmile, user_allowhtml, user_allowbbcode, user_allow_pm, user_notify_pm, user_allow_viewonline, user_rank, user_avatar, user_lang, user_timezone, user_dateformat, user_actkey, user_newpasswd, user_notify, user_active) VALUES ( '-1', 'Anonymous', '0', '', '', '', '', '', '', '', '', '', '', '0', '0', '', '', '', '', '', '', '', '0', '0', '1', '', '', '', '', '', '', '', '', '0', '0'); INSERT INTO phpbb_users (user_id, username, user_level, user_regdate, user_password, user_autologin_key, user_email, user_icq, user_website, user_occ, user_from, user_interests, user_sig, user_viewemail, user_style, user_aim, user_yim, user_msnm, user_posts, user_attachsig, user_allowsmile, user_allowhtml, user_allowbbcode, user_allow_pm, user_notify_pm, user_allow_viewonline, user_rank, user_avatar, user_lang, user_timezone, user_dateformat, user_actkey, user_newpasswd, user_notify, user_active) VALUES ( '-1', 'Anonymous', '0', '', '', '', '', '', '', '', '', '', '', '0', '0', '', '', '', '', '', '', '', '0', '0', '1', '', '', '', '', '', '', '', '', '0', '0');

2
phpBB/includes/bbcode.php
View file

@ -263,7 +263,7 @@ function bbencode_first_pass($text, $uid)
$text = preg_replace("#\[i\](.*?)\[/i\]#si", "[i:$uid]\\1[/i:$uid]", $text); $text = preg_replace("#\[i\](.*?)\[/i\]#si", "[i:$uid]\\1[/i:$uid]", $text);
// [img]image_url_here[/img] code.. // [img]image_url_here[/img] code..
$text = preg_replace("#\[img\](.*?)\[/img\]#si", "[img:$uid]\\1[/img:$uid]", $text); $text = preg_replace("#\[img\](([a-z]+?)://([^, \n\r]+))\[/img\]#si", "[img:$uid]\\1[/img:$uid]", $text);
// Remove our padding from the string.. // Remove our padding from the string..
$text = substr($text, 1); $text = substr($text, 1);