makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 14:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Some alterations to the new HTML code to eliminate the need for us to increase the minimum version requirements.

Browse source 
Min. requirement remains at 4.0.3


git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@5582 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Graham Eames 2006-02-24 21:14:54 +00:00
parent 0cc02fd1b0
commit e5f594466d
2 changed files with 70 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
phpBB/docs/CHANGELOG.html
View file

@ -74,6 +74,9 @@ p,ul,td {font-size:10pt;}
<li>[Fix] retrieving category rows in index.php (Bug #90)</li>
<li>[Fix] improved index performance by determining the permissions before iterating through all forums (Bug #91)</li>
<li>[Fix] Better handling of short usernames within the search (bug #105)</li>
<li>[Fix] Send a no-cache header on admin pages as well as normal board pages (Bug #149)</li>
<li>[Fix] Apply word censors to the message when quoting it (Bug #405)</li>
<li>[Fix] Improved performance of query in admin_groups (Bug #753)</li>
<li>[Fix] Workaround for an issue in either PHP or MSSQL resulting in a space being returned instead of an empty string (bug #830)</li>
<li>[Fix] Correct use of default_style config value (Bug #861)</li>
<li>[Fix] Replace unneeded unset calls in admin_db_utilities.php - vanderaj</li>
@ -83,10 +86,13 @@ p,ul,td {font-size:10pt;}
<li>[Fix] Assorted fixes and cleanup of admin_words.php, now requires confirmation of deletions</li>
<li>[Fix] Addition and editing of smilies can no longer be performed via GET, now requires confirmation of deletions</li>
<li>[Fix] Escape group names in admin_groups.php</li>
<li>[Sec] Replace strip_tags with htmlspecialchars in private message subject</li>
<li>[Sec] Some changes to HTML handling if enabled</li>
<li>[Sec] Escape any special characters in reverse dns - Anthrax101</i>
<li>[Sec] Escape any special characters in reverse dns - Anthrax101</li>
<li>[Sec] Typecast poll id values - Anthrax101</li>
<li>[Sec] Added configurable search flood control to reduce the effect of DoS style attacks</li>
<li>[Change] Changed handling of the case where a selected style doesn't exist in the database</li>
<li>[Change] <strong>PHP requirements are now 4.0.5</strong> as a result of changes to HTML parsing</li>
<li>[Change] Changed handling of topic pruning to improve performance</li>
</ul>

69
phpBB/includes/functions_post.php
View file

@ -46,7 +46,25 @@ function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid
if ($html_on)
{
$message = addslashes(preg_replace_callback('/<\/?(\w+)((?:[^\w>]+\w+(?:\s*=\s*(?:"[^"]*"|\'[^\']*\'|`[^`]*`|´[^´]*´|[^`´\'">]*))?)*)[\W]*?\/?>/', 'clean_html', stripslashes($message)));
// If HTML is on, we try to make it safe
// This approach is quite agressive and anything that does not look like a valid tag
// is going to get converted to HTML entities
$message = stripslashes($message);
$html_match = '#<[^\w<]*(\w+)((?:"[^"]*"|\'[^\']*\'|[^<>\'"])+)?>#';
$matches = array();
$message_split = preg_split($html_match, $message);
preg_match_all($html_match, $message, $matches);
$message = '';
foreach ($message_split as $part)
{
$tag = array(array_shift($matches[0]), array_shift($matches[1]), array_shift($matches[2]));
$message .= htmlspecialchars($part) . clean_html($tag);
}
$message = addslashes($message);
}
else
{
@ -809,38 +827,57 @@ function clean_html($tag)
{
global $board_config;
if (empty($tag[0]))
{
return '';
}
$allowed_html_tags = preg_split('/, */', strtolower($board_config['allow_html_tags']));
$disallowed_attributes = '/^(?:style|on)/';
// Check if this is an end tag
preg_match('/<[^\w\/]*\/[\W]*(\w+)/', $tag[0], $matches);
if (sizeof($matches))
{
if (in_array(strtolower($matches[1]), $allowed_html_tags))
{
return '</' . $matches[1] . '>';
}
else
{
return htmlspecialchars('</' . $matches[1] . '>');
}
}
// Check if this is an allowed tag
if (in_array(strtolower($tag[1]), $allowed_html_tags))
{
$attributes = '';
if (!empty($tag[2]))
{
// Get all the elements of a tag so that they can be checked in turn
$matches = array();
preg_match_all('/[\W]+(\w+)(?:\s*=\s*("[^"]*"|\'[^\']*\'|`[^`]*`|´[^´]*´|[^\'"`´]*))?/', $tag[2], $matches);
foreach ($matches[1] as $key => $value)
preg_match_all('/[\W]*?(\w+)[\W]*?=[\W]*?(["\'])((?:(?!\2).)*)\2/', $tag[2], $test);
for ($i = 0; $i < sizeof($test[0]); $i++)
{
// Remove any attributes which are not allowed
if (preg_match($disallowed_attributes, strtolower($value)) || (!preg_match('/([\'´`"]).*\\1/', $matches[2][$key]) && preg_match('/[^0-9a-zA-Z\\x2D\\x2E\\\x3A\\x5F]+/', $matches[2][$key])))
if (preg_match($disallowed_attributes, $test[1][$i]))
{
continue;
}
// Build a string containing the allowed attributes, strip out anything that could harm the parser
$attributes .= ' ' . $value . '="' . htmlentities(preg_replace('/^[´`"\']?(.*?)[´`"\']?$/', '\1', $matches[2][$key])) . '"';
$attributes .= ' ' . $test[1][$i] . '=' . $test[2][$i] . str_replace(array('[', ']'), array('&#91;', '&#93;'), htmlspecialchars($test[3][$i])) . $test[2][$i];
}
}
if (in_array(strtolower($tag[1]), $allowed_html_tags))
{
return '<' . $tag[1] . $attributes . '>';
}
else
{
// This is a closing tag or one without any attributes, it is safe
return strtolower($tag[0]);
return htmlspecialchars('<' . $tag[1] . $attributes . '>');
}
// Build the HTML tag from the tag name and the allowed attributes
return '<' . strtolower($tag[1]) . $attributes . '>';
}
// This tag is not allowed so escape it
return htmlentities($tag[0]);
// Finally, this is not an allowed tag so strip all the attibutes and escape it
else
{
return htmlspecialchars('<' . $tag[1] . '>');
}
}
?>