From b8151b1299c02506ffa0d665461d85e32cd4cd10 Mon Sep 17 00:00:00 2001
From: Marc Alexander <admin@m-a-styles.de>
Date: Mon, 9 Jun 2014 18:56:13 +0200
Subject: [PATCH] [ticket/11711] Improve checks for unsupported characters and
 check subject

PHPBB3-11711
---
 phpBB/includes/message_parser.php | 10 +++-------
 phpBB/language/en/posting.php     |  3 ++-
 phpBB/posting.php                 |  8 ++++++++
 3 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php
index eed892986e..8965b50667 100644
--- a/phpBB/includes/message_parser.php
+++ b/phpBB/includes/message_parser.php
@@ -1198,13 +1198,9 @@ class parse_message extends bbcode_firstpass
 		// not supported by utf8_bin
 		if (preg_match_all('/[\x{10000}-\x{10FFFF}]/u', $this->message, $matches))
 		{
-			$character_list = '';
-			foreach ($matches[0] as $cur_match)
-			{
-				$character_list .= $cur_match . '<br />';
-			}
-			$this->warn_msg[] = $user->lang('UNSUPPORTED_CHARACTERS', $character_list);
-			return (!$update_this_message) ? $return_message : $this->warn_msg;
+			$character_list = implode('<br />', $matches[0]);
+			$this->warn_msg[] = $user->lang('UNSUPPORTED_CHARACTERS_MESSAGE', $character_list);
+			return $update_this_message ? $this->warn_msg : $return_message;
 		}
 
 		// Check for "empty" message. We do not check here for maximum length, because bbcode, smilies, etc. can add to the length.
diff --git a/phpBB/language/en/posting.php b/phpBB/language/en/posting.php
index ac08b27943..e8a8643cfd 100644
--- a/phpBB/language/en/posting.php
+++ b/phpBB/language/en/posting.php
@@ -256,7 +256,8 @@ $lang = array_merge($lang, array(
 
 	'UNAUTHORISED_BBCODE'		=> 'You cannot use certain BBCodes: %s.',
 	'UNGLOBALISE_EXPLAIN'		=> 'To switch this topic back from being global to a normal topic, you need to select the forum you wish this topic to be displayed.',
-	'UNSUPPORTED_CHARACTERS'	=> 'Your message contains the following unsupported characters:<br />%s',
+	'UNSUPPORTED_CHARACTERS_MESSAGE'	=> 'Your message contains the following unsupported characters:<br />%s',
+	'UNSUPPORTED_CHARACTERS_SUBJECT'	=> 'Your subject contains the following unsupported characters:<br />%s',
 	'UPDATE_COMMENT'			=> 'Update comment',
 	'URL_INVALID'				=> 'The URL you specified is invalid.',
 	'URL_NOT_FOUND'				=> 'The file specified could not be found.',
diff --git a/phpBB/posting.php b/phpBB/posting.php
index 60bb595da6..fc407caf69 100644
--- a/phpBB/posting.php
+++ b/phpBB/posting.php
@@ -1028,6 +1028,14 @@ if ($submit || $preview || $refresh)
 		$error[] = $user->lang['EMPTY_SUBJECT'];
 	}
 
+	// Check for out-of-bounds characters that are currently
+	// not supported by utf8_bin
+	if (preg_match_all('/[\x{10000}-\x{10FFFF}]/u', $post_data['post_subject'], $matches))
+	{
+		$character_list = implode('<br />', $matches[0]);
+		$error[] = $user->lang('UNSUPPORTED_CHARACTERS_SUBJECT', $character_list);
+	}
+
 	$post_data['poll_last_vote'] = (isset($post_data['poll_last_vote'])) ? $post_data['poll_last_vote'] : 0;
 
 	if ($post_data['poll_option_text'] &&