From f96f2a9e23b41106c6a8ed71ad3538141c648c2f Mon Sep 17 00:00:00 2001 From: Bruno Ais Date: Mon, 15 Jul 2013 20:06:54 +0100 Subject: [PATCH 1/6] [ticket/11639] generate_text_for_display on functions_posting.php sub-task of ticket PHPBB3-11635: find and fix all bypasses of generate_text_for_* PHPBB3-11639 --- phpBB/includes/functions_posting.php | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index b9b518ad32..d277ef06a3 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -1104,14 +1104,12 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id $decoded_message = bbcode_nl2br($decoded_message); } - - if ($row['bbcode_bitfield']) - { - $bbcode->bbcode_second_pass($message, $row['bbcode_uid'], $row['bbcode_bitfield']); - } - - $message = bbcode_nl2br($message); - $message = smiley_text($message, !$row['enable_smilies']); + $parse_flags = ($row['bbcode_bitfield'] ? OPTION_FLAG_BBCODE : 0); + $parse_flags |= ($row['enable_smilies'] ? OPTION_FLAG_SMILIES : 0); + + $message = generate_text_for_display($message, $row['bbcode_uid'], $row['bbcode_bitfield'], $parse_flags , false); + + unset($parse_flags); if (!empty($attachments[$row['post_id']])) { From dde9a1fb27e6db3c1b4cd41d8848496a3ef8d363 Mon Sep 17 00:00:00 2001 From: Bruno Ais Date: Mon, 15 Jul 2013 20:08:17 +0100 Subject: [PATCH 2/6] [ticket/11639] Added an useful comment. sub-task of ticket PHPBB3-11635: find and fix all bypasses of generate_text_for_* PHPBB3-11639 --- phpBB/includes/functions_posting.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index d277ef06a3..49fbe92256 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -1104,9 +1104,10 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id $decoded_message = bbcode_nl2br($decoded_message); } + $parse_flags = ($row['bbcode_bitfield'] ? OPTION_FLAG_BBCODE : 0); $parse_flags |= ($row['enable_smilies'] ? OPTION_FLAG_SMILIES : 0); - + // Do not censor text because it has already been censored before $message = generate_text_for_display($message, $row['bbcode_uid'], $row['bbcode_bitfield'], $parse_flags , false); unset($parse_flags); From 5f19ca6a6f3ad6641954c58c44ef0c94d1609e5a Mon Sep 17 00:00:00 2001 From: Bruno Ais Date: Mon, 15 Jul 2013 20:09:59 +0100 Subject: [PATCH 3/6] [ticket/11639] Whitespace fixing sub-task of ticket PHPBB3-11635: find and fix all bypasses of generate_text_for_* PHPBB3-11639 --- phpBB/includes/functions_posting.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index 49fbe92256..ad75ed1079 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -1104,12 +1104,12 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id $decoded_message = bbcode_nl2br($decoded_message); } - + $parse_flags = ($row['bbcode_bitfield'] ? OPTION_FLAG_BBCODE : 0); $parse_flags |= ($row['enable_smilies'] ? OPTION_FLAG_SMILIES : 0); // Do not censor text because it has already been censored before $message = generate_text_for_display($message, $row['bbcode_uid'], $row['bbcode_bitfield'], $parse_flags , false); - + unset($parse_flags); if (!empty($attachments[$row['post_id']])) From 0ef1bcac2b3152bbf389b512fd373987a7d0edce Mon Sep 17 00:00:00 2001 From: Bruno Ais Date: Sat, 20 Jul 2013 16:31:08 +0100 Subject: [PATCH 4/6] [ticket/11639] Whitespace fixing sub-task of ticket PHPBB3-11635: find and fix all bypasses of generate_text_for_* PHPBB3-11639 --- phpBB/includes/functions_posting.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index ad75ed1079..49a1797321 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -1108,7 +1108,7 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id $parse_flags = ($row['bbcode_bitfield'] ? OPTION_FLAG_BBCODE : 0); $parse_flags |= ($row['enable_smilies'] ? OPTION_FLAG_SMILIES : 0); // Do not censor text because it has already been censored before - $message = generate_text_for_display($message, $row['bbcode_uid'], $row['bbcode_bitfield'], $parse_flags , false); + $message = generate_text_for_display($message, $row['bbcode_uid'], $row['bbcode_bitfield'], $parse_flags, false); unset($parse_flags); From 1372b4f20801d6079798832f15caf38949fe9333 Mon Sep 17 00:00:00 2001 From: Bruno Ais Date: Wed, 24 Jul 2013 10:33:06 +0100 Subject: [PATCH 5/6] [ticket/11639] Removed a non-needed unset sub-task of ticket PHPBB3-11635: find and fix all bypasses of generate_text_for_* PHPBB3-11639 --- phpBB/includes/functions_posting.php | 2 -- 1 file changed, 2 deletions(-) diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index 49a1797321..acf0cc874b 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -1110,8 +1110,6 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id // Do not censor text because it has already been censored before $message = generate_text_for_display($message, $row['bbcode_uid'], $row['bbcode_bitfield'], $parse_flags, false); - unset($parse_flags); - if (!empty($attachments[$row['post_id']])) { $update_count = array(); From 28a0a9e0b1cf77f1be64934f98e4c607d6098362 Mon Sep 17 00:00:00 2001 From: brunoais Date: Sat, 3 Aug 2013 21:46:06 +0100 Subject: [PATCH 6/6] [ticket/11639] Changing how censorship is handled. sub-task of ticket PHPBB3-11635: find and fix all bypasses of generate_text_for_* PHPBB3-11639 --- phpBB/includes/functions_posting.php | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index acf0cc874b..c528d36fef 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -1093,13 +1093,12 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id $poster_id = $row['user_id']; $post_subject = $row['post_subject']; - $message = censor_text($row['post_text']); $decoded_message = false; if ($show_quote_button && $auth->acl_get('f_reply', $forum_id)) { - $decoded_message = $message; + $decoded_message = censor_text($row['post_text']); decode_message($decoded_message, $row['bbcode_uid']); $decoded_message = bbcode_nl2br($decoded_message); @@ -1107,8 +1106,7 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id $parse_flags = ($row['bbcode_bitfield'] ? OPTION_FLAG_BBCODE : 0); $parse_flags |= ($row['enable_smilies'] ? OPTION_FLAG_SMILIES : 0); - // Do not censor text because it has already been censored before - $message = generate_text_for_display($message, $row['bbcode_uid'], $row['bbcode_bitfield'], $parse_flags, false); + $message = generate_text_for_display($row['post_text'], $row['bbcode_uid'], $row['bbcode_bitfield'], $parse_flags, true); if (!empty($attachments[$row['post_id']])) {