makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-10 13:28:55 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ticket/security/211] Only run make_clickable() on URL type profile fields

Browse source 
SECURITY-211
This commit is contained in:
Marc Alexander 2017-07-23 10:40:30 +02:00
parent 882a3c3831
commit 2749bfe26c
No known key found for this signature in database
GPG key ID: 50E0D2423696F995
2 changed files with 15 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
phpBB/phpbb/profilefields/type/type_string_common.php
View file

@ -108,7 +108,6 @@ abstract class type_string_common extends type_base
return null; return null;
} }
$field_value = make_clickable($field_value);
$field_value = censor_text($field_value); $field_value = censor_text($field_value);
$field_value = bbcode_nl2br($field_value); $field_value = bbcode_nl2br($field_value);
return $field_value; return $field_value;

15
phpBB/phpbb/profilefields/type/type_url.php
View file

@ -71,4 +71,19 @@ class type_url extends type_string
return false; return false;
} }
/**
* {@inheritDoc}
*/
public function get_profile_value($field_value, $field_data)
{
if (!preg_match('#^' . get_preg_expression('url_http') . '$#iu', $field_value))
{
return null;
}
$field_value = make_clickable($field_value);
return parent::get_profile_value($field_value, $field_data);
}
} }