From c4f42c1573a1c28de8e34cbe6abf587bcbe050c6 Mon Sep 17 00:00:00 2001
From: Derky <derky@phpbb.com>
Date: Thu, 21 Sep 2023 15:41:20 +0200
Subject: [PATCH] [ticket/security/279] Use rawurlencode for escaping smilie
 URLs

SECURITY-279
---
 phpBB/includes/acp/acp_icons.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/phpBB/includes/acp/acp_icons.php b/phpBB/includes/acp/acp_icons.php
index 642e9cf06e..e577762506 100644
--- a/phpBB/includes/acp/acp_icons.php
+++ b/phpBB/includes/acp/acp_icons.php
@@ -654,7 +654,7 @@ class acp_icons
 							{
 								$replace_sql = ($mode == 'smilies') ? $code : $img;
 								$sql = array(
-									$fields . '_url'		=> utf8_substr(htmlspecialchars($img, ENT_COMPAT), 0, 50),
+									$fields . '_url'		=> utf8_substr(rawurlencode($img), 0, 50),
 									$fields . '_height'		=> (int) $height,
 									$fields . '_width'		=> (int) $width,
 									'display_on_posting'	=> (int) $display_on_posting,
@@ -676,7 +676,7 @@ class acp_icons
 								++$order;
 
 								$sql = array(
-									$fields . '_url'	=> utf8_substr(htmlspecialchars($img, ENT_COMPAT), 0, 50),
+									$fields . '_url'	=> utf8_substr(rawurlencode($img), 0, 50),
 									$fields . '_height'	=> (int) $height,
 									$fields . '_width'	=> (int) $width,
 									$fields . '_order'	=> (int) $order,