makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 14:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #5772 from JoshyPHP/ticket/16252

Browse source 
[ticket/16252] Ignore non-BBCodes when looking for unauthorized markup
This commit is contained in:
Marc Alexander 2019-12-12 18:16:55 +01:00
commit 4a950750f4
No known key found for this signature in database
GPG key ID: 50E0D2423696F995
5 changed files with 56 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
phpBB/phpbb/textformatter/s9e/parser.php
View file

@ -15,6 +15,7 @@ namespace phpbb\textformatter\s9e;
use s9e\TextFormatter\Parser\AttributeFilters\UrlFilter; use s9e\TextFormatter\Parser\AttributeFilters\UrlFilter;
use s9e\TextFormatter\Parser\Logger; use s9e\TextFormatter\Parser\Logger;
use s9e\TextFormatter\Parser\Tag;
/** /**
* s9e\TextFormatter\Parser adapter * s9e\TextFormatter\Parser adapter
@ -219,7 +220,7 @@ class parser implements \phpbb\textformatter\parser_interface
{ {
$errors[] = array($msg, $context['max_' . strtolower($m[1])]); $errors[] = array($msg, $context['max_' . strtolower($m[1])]);
} }
else if ($msg === 'Tag is disabled') else if ($msg === 'Tag is disabled' && $this->is_a_bbcode($context['tag']))
{ {
$name = strtolower($context['tag']->getName()); $name = strtolower($context['tag']->getName());
$errors[] = array('UNAUTHORISED_BBCODE', '[' . $name . ']'); $errors[] = array('UNAUTHORISED_BBCODE', '[' . $name . ']');
@ -396,4 +397,21 @@ class parser implements \phpbb\textformatter\parser_interface
return $url; return $url;
} }
/**
* Test whether given tag consumes text that looks like BBCode-styled markup
*
* @param Tag $tag Original tag
* @return bool
*/
protected function is_a_bbcode(Tag $tag)
{
if ($tag->getLen() < 3)
{
return false;
}
$markup = substr($this->parser->getText(), $tag->getPos(), $tag->getLen());
return (bool) preg_match('(^\\[\\w++.*?\\]$)s', $markup);
}
} }

18
tests/text_processing/tickets_data/PHPBB3-16252.after.php Normal file
View file

@ -0,0 +1,18 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
function after_assert_phpbb3_16252($vars)
{
extract($vars);
$test->assertEmpty($parser->get_errors());
}

17
tests/text_processing/tickets_data/PHPBB3-16252.before.php Normal file
View file

@ -0,0 +1,17 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
function before_assert_phpbb3_16252($vars)
{
$vars['parser']->disable_bbcode('url');
}

1
tests/text_processing/tickets_data/PHPBB3-16252.html Normal file
View file

@ -0,0 +1 @@
http://localhost/

1
tests/text_processing/tickets_data/PHPBB3-16252.txt Normal file
View file

@ -0,0 +1 @@
http://localhost/