mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-30 21:40:43 +02:00
Code Issues Releases Wiki Activity

[ticket/security/211] Do not match javascript URIs with URL regexes

Browse Source 
SECURITY-211
This commit is contained in:
Marc Alexander
2017-07-26 21:14:05 +02:00
parent 91f9050a70
commit 0aba1faa08
3 changed files with 11 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
tests/functions/make_clickable_test.php
View File

@@ -55,6 +55,10 @@ class phpbb_functions_make_clickable_test extends phpbb_test_case
'http://testhost/viewtopic.php?t=1',
'<!-- l --><a class="postlink-local" href="http://testhost/viewtopic.php?t=1">viewtopic.php?t=1</a><!-- l -->'
),
array(
'javascript://testhost/viewtopic.php?t=1',
'javascript://testhost/viewtopic.php?t=1'
),
array(
'email@domain.com',
'<!-- e --><a href="mailto:email@domain.com">email@domain.com</a><!-- e -->'
@@ -92,6 +96,10 @@ class phpbb_functions_make_clickable_test extends phpbb_test_case
'ftp://ftp.täst.de/',
'<!-- m --><a class="postlink" href="ftp://ftp.täst.de/">ftp://ftp.täst.de/</a><!-- m -->'
),
array(
'javascript://täst.de/',
'javascript://täst.de/'
),
array(
'sip://bantu@täst.de',
'<!-- m --><a class="postlink" href="sip://bantu@täst.de">sip://bantu@täst.de</a><!-- m -->'