makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-27 21:58:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

and again url bbcode changes... fixing one potential security issue.

Browse source 
git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@3632 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen 2003-03-11 01:55:18 +00:00
parent 72fc5decbe
commit 46b24f9337
1 changed files with 11 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
phpBB/includes/bbcode.php
View file

@ -105,7 +105,7 @@ function prepare_bbcode_template($bbcode_tpl)
$bbcode_tpl['url3'] = str_replace('{DESCRIPTION}', '\\2', $bbcode_tpl['url3']); $bbcode_tpl['url3'] = str_replace('{DESCRIPTION}', '\\2', $bbcode_tpl['url3']);
$bbcode_tpl['url4'] = str_replace('{URL}', 'http://\\1', $bbcode_tpl['url']); $bbcode_tpl['url4'] = str_replace('{URL}', 'http://\\1', $bbcode_tpl['url']);
$bbcode_tpl['url4'] = str_replace('{DESCRIPTION}', '\\2', $bbcode_tpl['url4']); $bbcode_tpl['url4'] = str_replace('{DESCRIPTION}', '\\3', $bbcode_tpl['url4']);
$bbcode_tpl['email'] = str_replace('{EMAIL}', '\\1', $bbcode_tpl['email']); $bbcode_tpl['email'] = str_replace('{EMAIL}', '\\1', $bbcode_tpl['email']);
@ -198,20 +198,20 @@ function bbencode_second_pass($text, $uid)
$replacements[] = $bbcode_tpl['img']; $replacements[] = $bbcode_tpl['img'];
// matches a [url]xxxx://www.phpbb.com[/url] code.. // matches a [url]xxxx://www.phpbb.com[/url] code..
$patterns[] = '#\[url\]([\w]+?://.*?[^\t\n\r<"]*)\[/url\]#ie'; $patterns[] = "#\[url\]([\w]+?://*[^\"\n\r\t<]*)\[/url\]#is";
$replacements[] = "'" . $bbcode_tpl['url1'] . "'"; $replacements[] = $bbcode_tpl['url1'];
// [url]www.phpbb.com[/url] code.. (no xxxx:// prefix). // [url]www.phpbb.com[/url] code.. (no xxxx:// prefix).
$patterns[] = '#\[url\]((www|ftp)\.[\w\-]+\.[\w\-.\~]+(?:/[^\t\n\r<"]*)?)\[/url\]#ie'; $patterns[] = "#\[url\]((www|ftp)\.[\w\-]+\.[\w\-.\~]+(?:/[^\"\n\r\t<]*)?)\[/url\]#is";
$replacements[] = "'" . $bbcode_tpl['url2'] . "'"; $replacements[] = $bbcode_tpl['url2'];
// [url=xxxx://www.phpbb.com]phpBB[/url] code.. // [url=xxxx://www.phpbb.com]phpBB[/url] code..
$patterns[] = '#\[url=([\w]+?://.*?[^\t\n\r<"]*)\](.*?)\[/url\]#ie'; $patterns[] = "#\[url=([\w]+?://*[^\"\n\r\t<]*)\](.*?)\[/url\]#is";
$replacements[] = "'" . $bbcode_tpl['url3'] . "'"; $replacements[] = $bbcode_tpl['url3'];
// [url=www.phpbb.com]phpBB[/url] code.. (no xxxx:// prefix). // [url=www.phpbb.com]phpBB[/url] code.. (no xxxx:// prefix).
$patterns[] = '#\[url=((www|ftp)\.[\w\-]+\.[\w\-.\~]+(?:/[^\t\n\r<"]*)?)\](.*?)\[/url\]#ie'; $patterns[] = "#\[url=((www|ftp)\.[\w\-]+\.[\w\-.\~]+(?:/[^\"\n\r\t<]*)?)\](.*?)\[/url\]#is";
$replacements[] = "'" . $bbcode_tpl['url4'] . "'"; $replacements[] = $bbcode_tpl['url4'];
// [email]user@domain.tld[/email] code.. // [email]user@domain.tld[/email] code..
$patterns[] = "#\[email\]([a-z0-9&\-_.]+?@[\w\-]+\.([\w\-\.]+\.)?[\w]+)\[/email\]#si"; $patterns[] = "#\[email\]([a-z0-9&\-_.]+?@[\w\-]+\.([\w\-\.]+\.)?[\w]+)\[/email\]#si";
@ -621,13 +621,13 @@ function make_clickable($text)
// matches an "xxxx://yyyy" URL at the start of a line, or after a space. // matches an "xxxx://yyyy" URL at the start of a line, or after a space.
// xxxx can only be alpha characters. // xxxx can only be alpha characters.
// yyyy is anything up to the first space, newline, comma, double quote or < // yyyy is anything up to the first space, newline, comma, double quote or <
$ret = preg_replace('#(^|[\n ])([\w]+?://.*?[^\t\n\r<"]*)#ie', "'\\1<a href=\"\\2\" target=\"_blank\">\\2</a>'", $ret); $ret = preg_replace("#(^|[\n ])([\w]+?://*[^\"\n\r\t<]*)#is", "\\1<a href=\"\\2\" target=\"_blank\">\\2</a>", $ret);
// matches a "www|ftp.xxxx.yyyy[/zzzz]" kinda lazy URL thing // matches a "www|ftp.xxxx.yyyy[/zzzz]" kinda lazy URL thing
// Must contain at least 2 dots. xxxx contains either alphanum, or "-" // Must contain at least 2 dots. xxxx contains either alphanum, or "-"
// zzzz is optional.. will contain everything up to the first space, newline, // zzzz is optional.. will contain everything up to the first space, newline,
// comma, double quote or <. // comma, double quote or <.
$ret = preg_replace('#(^|[\n ])((www|ftp)\.[\w\-]+\.[\w\-.\~]+(?:/[^\t\n\r<"]*)?)#ie', "'\\1<a href=\"http://\\2\" target=\"_blank\">\\2</a>'", $ret); $ret = preg_replace("#(^|[\n ])((www|ftp)\.[\w\-]+\.[\w\-.\~]+(?:/[^\"\t\n\r<]*)?)#is", "\\1<a href=\"http://\\2\" target=\"_blank\">\\2</a>", $ret);
// matches an email@domain type address at the start of a line, or after a space. // matches an email@domain type address at the start of a line, or after a space.
// Note: Only the followed chars are valid; alphanums, "-", "_" and or ".". // Note: Only the followed chars are valid; alphanums, "-", "_" and or ".".