makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-08 04:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ticket/9903] Fix XSS in BBcode-parser's Flash-BBcode.

Browse source 
Fix XSS in Flash-BBcode by validating that the supplied argument is a URL.

PHPBB3-9903
This commit is contained in:
Ruslan Uzdenov 2010-11-15 23:27:57 +01:00 committed by Igor Wiedler
parent 7b4cdc94a8
commit 291a1fff1f
1 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
phpBB/includes/message_parser.php
View file

@ -352,6 +352,15 @@ class bbcode_firstpass extends bbcode
return '[flash=' . $width . ',' . $height . ']' . $in . '[/flash]';
}
$in = str_replace(' ', '%20', $in);
// Make sure $in is a URL.
if (!preg_match('#^' . get_preg_expression('url') . '$#i', $in) &&
!preg_match('#^' . get_preg_expression('www_url') . '$#i', $in))
{
return '[flash=' . $width . ',' . $height . ']' . $in . '[/flash]';
}
// Apply the same size checks on flash files as on images
if ($config['max_' . $this->mode . '_img_height'] || $config['max_' . $this->mode . '_img_width'])
{