{S_HIDDEN_FIELDS}
diff --git a/phpBB/includes/acp/acp_attachments.php b/phpBB/includes/acp/acp_attachments.php
index 1de254f6e2..eceaaa4cb5 100644
--- a/phpBB/includes/acp/acp_attachments.php
+++ b/phpBB/includes/acp/acp_attachments.php
@@ -673,6 +673,11 @@ class acp_attachments
$selected = ($ext_group_row['upload_icon'] == $img) ? ' selected="selected"' : '';
}
+ if (strlen($img) > 255)
+ {
+ continue;
+ }
+
$filename_list .= '';
}
}
@@ -1266,10 +1271,20 @@ class acp_attachments
{
if ($row['site_ip'])
{
+ if (strlen($row['site_ip']) > 40)
+ {
+ continue;
+ }
+
$iplist_tmp[] = "'" . $row['site_ip'] . "'";
}
else if ($row['site_hostname'])
{
+ if (strlen($row['site_hostname']) > 255)
+ {
+ continue;
+ }
+
$hostlist_tmp[] = "'" . $row['site_hostname'] . "'";
}
// break;
diff --git a/phpBB/includes/acp/acp_bbcodes.php b/phpBB/includes/acp/acp_bbcodes.php
index 97a2c92e1c..270fc172ca 100644
--- a/phpBB/includes/acp/acp_bbcodes.php
+++ b/phpBB/includes/acp/acp_bbcodes.php
@@ -148,7 +148,16 @@ class acp_bbcodes
trigger_error($user->lang['BBCODE_OPEN_ENDED_TAG'] . adm_back_link($this->u_action), E_USER_WARNING);
}
- // @todo - bbcode_tag <= 16, bbcode_helpline <= 255, bbcode_match <= 4000
+ if (strlen($data['bbcode_tag']) > 16)
+ {
+ trigger_error($user->lang['BBCODE_TAG_TOO_LONG'] . adm_back_link($this->u_action), E_USER_WARNING);
+ }
+
+ if (strlen($data['bbcode_tag']) > 4000)
+ {
+ trigger_error($user->lang['BBCODE_TAG_TOO_LONG'] . adm_back_link($this->u_action), E_USER_WARNING);
+ }
+
$sql_ary = array(
'bbcode_tag' => $data['bbcode_tag'],
'bbcode_match' => $bbcode_match,
diff --git a/phpBB/includes/acp/acp_forums.php b/phpBB/includes/acp/acp_forums.php
index da60162e33..5ccac5773e 100644
--- a/phpBB/includes/acp/acp_forums.php
+++ b/phpBB/includes/acp/acp_forums.php
@@ -853,6 +853,16 @@ class acp_forums
$errors[] = $user->lang['FORUM_NAME_EMPTY'];
}
+ if (utf8_strlen($forum_data['forum_desc']) > 4000)
+ {
+ $errors[] = $user->lang['FORUM_DESC_TOO_LONG'];
+ }
+
+ if (utf8_strlen($forum_data['forum_rules']) > 4000)
+ {
+ $errors[] = $user->lang['FORUM_RULES_TOO_LONG'];
+ }
+
if ($forum_data['forum_password'] || $forum_data['forum_password_confirm'])
{
if ($forum_data['forum_password'] != $forum_data['forum_password_confirm'])
diff --git a/phpBB/includes/acp/acp_icons.php b/phpBB/includes/acp/acp_icons.php
index 131235ef8d..321df3ecb1 100644
--- a/phpBB/includes/acp/acp_icons.php
+++ b/phpBB/includes/acp/acp_icons.php
@@ -67,7 +67,7 @@ class acp_icons
{
$img_size = @getimagesize($phpbb_root_path . $img_path . '/' . $path . $img);
- if (!$img_size[0] || !$img_size[1])
+ if (!$img_size[0] || !$img_size[1] || strlen($img) > 255)
{
continue;
}
diff --git a/phpBB/includes/acp/acp_permission_roles.php b/phpBB/includes/acp/acp_permission_roles.php
index 581766e9c8..86ac6f60c5 100644
--- a/phpBB/includes/acp/acp_permission_roles.php
+++ b/phpBB/includes/acp/acp_permission_roles.php
@@ -142,6 +142,11 @@ class acp_permission_roles
trigger_error($user->lang['NO_ROLE_NAME_SPECIFIED'] . adm_back_link($this->u_action), E_USER_WARNING);
}
+ if (utf8_strlen($role_description) > 4000)
+ {
+ trigger_error($user->lang['ROLE_DESCRIPTION_LONG'] . adm_back_link($this->u_action), E_USER_WARNING);
+ }
+
// if we add/edit a role we check the name to be unique among the settings...
$sql = 'SELECT role_id
FROM ' . ACL_ROLES_TABLE . "
diff --git a/phpBB/includes/acp/acp_ranks.php b/phpBB/includes/acp/acp_ranks.php
index a52ff07607..5b593a4d27 100644
--- a/phpBB/includes/acp/acp_ranks.php
+++ b/phpBB/includes/acp/acp_ranks.php
@@ -164,6 +164,11 @@ class acp_ranks
$selected = '';
}
+ if (strlen($img) > 255)
+ {
+ continue;
+ }
+
$filename_list .= '';
}
}
diff --git a/phpBB/includes/acp/acp_reasons.php b/phpBB/includes/acp/acp_reasons.php
index 72419de1ef..d9dc0505d4 100644
--- a/phpBB/includes/acp/acp_reasons.php
+++ b/phpBB/includes/acp/acp_reasons.php
@@ -214,7 +214,7 @@ class acp_reasons
WHERE reason_id = $reason_id";
break;
- // Nearly standard, not quite
+ // Standard? What's that?
case 'mssql':
case 'mssql_odbc':
// Change the reports using this reason to 'other'
diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php
index 910999d5ef..ef5afdecd8 100644
--- a/phpBB/includes/functions_posting.php
+++ b/phpBB/includes/functions_posting.php
@@ -1577,7 +1577,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
);
}
- $sql = 'INSERT INTO ' . POSTS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_data[POSTS_TABLE]['sql']);
+ $sql = 'INSERT INTO ' . POSTS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_data[POSTS_TABLE]['sql']);
$db->sql_query($sql);
$data['post_id'] = $db->sql_nextid();
diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php
index 0c6cf60f0f..25ac6f24eb 100644
--- a/phpBB/includes/functions_user.php
+++ b/phpBB/includes/functions_user.php
@@ -767,6 +767,11 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
{
if ($ip)
{
+ if (strlen($ip) > 40)
+ {
+ continue;
+ }
+
$banlist_ary[] = $ip;
}
}
@@ -788,6 +793,11 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
if (preg_match('#^.*?@*|(([a-z0-9\-]+\.)+([a-z]{2,3}))$#i', $ban_item))
{
+ if (strlen($ban_item) > 100)
+ {
+ continue;
+ }
+
if (!sizeof($founder) || !in_array($ban_item, $founder))
{
$banlist_ary[] = $ban_item;
diff --git a/phpBB/language/en/acp/forums.php b/phpBB/language/en/acp/forums.php
index 48d4374056..f6a2e88d84 100644
--- a/phpBB/language/en/acp/forums.php
+++ b/phpBB/language/en/acp/forums.php
@@ -67,6 +67,7 @@ $lang = array_merge($lang, array(
'FORUM_AUTO_PRUNE_EXPLAIN' => 'Prunes the forum of topics, set the frequency/age parameters below.',
'FORUM_CREATED' => 'Forum created successfully.',
'FORUM_DATA_NEGATIVE' => 'Pruning parameters cannot be negative.',
+ 'FORUM_DESC_TOO_LONG' => 'The forum description is too long, it must be less than 4000 characters.',
'FORUM_DELETE' => 'Delete forum',
'FORUM_DELETE_EXPLAIN' => 'The form below will allow you to delete a forum. If the forum is postable you are able to decide where you want to put all topics (or forums) it contained.',
'FORUM_DELETED' => 'Forum successfully deleted.',
@@ -92,6 +93,7 @@ $lang = array_merge($lang, array(
'FORUM_RULES_LINK' => 'Link to forum rules',
'FORUM_RULES_LINK_EXPLAIN' => 'You are able to enter the URL of the page/post containing your forum rules here. This setting will override the forum rules text you specified.',
'FORUM_RULES_PREVIEW' => 'Forum rules preview',
+ 'FORUM_RULES_TOO_LONG' => 'The forum description is too long, it must be less than 4000 characters.',
'FORUM_SETTINGS' => 'Forum settings',
'FORUM_STATUS' => 'Forum status',
'FORUM_STYLE' => 'Forum style',
diff --git a/phpBB/language/en/acp/permissions.php b/phpBB/language/en/acp/permissions.php
index 500325edab..49b4ef108a 100644
--- a/phpBB/language/en/acp/permissions.php
+++ b/phpBB/language/en/acp/permissions.php
@@ -192,6 +192,7 @@ $lang = array_merge($lang, array(
'ROLE_DESCRIPTION_USER_STANDARD' => 'Can access most but not all user features. Cannot change user name or ignore the flood limit, for instance.',
'ROLE_DESCRIPTION_EXPLAIN' => 'You are able to enter a short explanation of what the role is doing or for what it is meant for. The text you enter here will be displayed within the permissions screens too.',
+ 'ROLE_DESCRIPTION_LONG' => 'The role description is too long, please limit it to 4000 characters.',
'ROLE_DETAILS' => 'Role details',
'ROLE_EDIT_SUCCESS' => 'Role successfully edited.',
'ROLE_NAME' => 'Role name',
diff --git a/phpBB/language/en/acp/posting.php b/phpBB/language/en/acp/posting.php
index cb16abfe47..f1aaa7c4b4 100644
--- a/phpBB/language/en/acp/posting.php
+++ b/phpBB/language/en/acp/posting.php
@@ -45,7 +45,8 @@ $lang = array_merge($lang, array(
'BBCODE_INVALID_TAG_NAME' => 'The BBCode tag name that you selected already exists.',
'BBCODE_OPEN_ENDED_TAG' => 'Your custom BBCode must contain both an opening and a closing tag.',
'BBCODE_TAG' => 'Tag',
- 'BBCODE_TAG_TOO_LONG' => 'The tag definition that you have entered is too long, please shorten your tag definition.',
+ 'BBCODE_TAG_TOO_LONG' => 'The tag name you selected is too long.',
+ 'BBCODE_TAG_DEF_TOO_LONG' => 'The tag definition that you have entered is too long, please shorten your tag definition.',
'BBCODE_USAGE' => 'BBCode usage',
'BBCODE_USAGE_EXAMPLE' => '[colour={COLOR}]{TEXT}[/colour]
[font={TEXT1}]{TEXT2}[/font]',
'BBCODE_USAGE_EXPLAIN' => 'Here you define how to use the bbcode. Replace any variable input by the corresponding token (%ssee below%s)',
diff --git a/phpBB/search.php b/phpBB/search.php
index 681d47f0f1..398e46ce7c 100644
--- a/phpBB/search.php
+++ b/phpBB/search.php
@@ -1011,7 +1011,7 @@ $template->assign_vars(array(
'S_SELECT_SORT_DAYS' => $s_limit_days)
);
-// Can't do comparisons w/ TEXT on MSSQL, CAST is good enough
+// Handle large objects differently for Oracle and MSSQL
switch ($db->sql_layer)
{
case 'oracle':