makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 14:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ticket/8319] Prepend Board URL to LOCAL_URL links to prevent abuse

Browse source 
The description says:
"The URL must be relative to the topic page and cannot contain a server name
or protocol."
We now enforce this and will add a new token with the current behaviour back.

PHPBB3-8319
This commit is contained in:
Joas Schilling 2013-06-03 12:15:23 +02:00
parent 96b4066368
commit 81140ec887
1 changed files with 9 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
phpBB/includes/acp/acp_bbcodes.php
View file

@ -427,8 +427,16 @@ class acp_bbcodes
$fp_replace = str_replace($token, $replace, $fp_replace);
$sp_match = str_replace(preg_quote($token, '!'), $sp_tokens[$token_type], $sp_match);
if ($token_type === 'LOCAL_URL')
{
// Prepend the board url to local relative links
$sp_replace = str_replace($token, generate_board_url() . '/' . '${' . ($n + 1) . '}', $sp_replace);
}
else
{
$sp_replace = str_replace($token, '${' . ($n + 1) . '}', $sp_replace);
}
}
$fp_match = '!' . $fp_match . '!' . $modifiers;
$sp_match = '!' . $sp_match . '!s' . (($utf8) ? 'u' : '');