diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html
index 155707a97f..8260477494 100644
--- a/phpBB/docs/CHANGELOG.html
+++ b/phpBB/docs/CHANGELOG.html
@@ -284,7 +284,7 @@ p a {
[Feature] Ability to externally set $phpbb_root_path if wrapping phpBB3 by defining constant PHPBB_ROOT_PATH
[Fix] Implemented correct left/right floating within ACP in regard to RTL languages (Bug #13777)
[Fix] Fixing session problems when using MySQL strict mode in conjunction with very long browser agent string (Bug #13827)
-
+ [Fix] Disallow post/pm subjects entirely made up from non-printable chars and whitespaces (Bug #13800)
diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php
index 56a11afe33..e81c572ddf 100644
--- a/phpBB/includes/ucp/ucp_pm_compose.php
+++ b/phpBB/includes/ucp/ucp_pm_compose.php
@@ -481,7 +481,7 @@ function compose_pm($id, $mode, $action)
}
else
{
- if (!$subject)
+ if (!$subject || !utf8_clean_string($subject))
{
$error[] = $user->lang['EMPTY_MESSAGE_SUBJECT'];
}
@@ -583,7 +583,7 @@ function compose_pm($id, $mode, $action)
// Subject defined
if ($submit)
{
- if (!$subject)
+ if (!$subject || !utf8_clean_string($subject))
{
$error[] = $user->lang['EMPTY_MESSAGE_SUBJECT'];
}
diff --git a/phpBB/posting.php b/phpBB/posting.php
index 7fa97be4c5..c2712009a1 100644
--- a/phpBB/posting.php
+++ b/phpBB/posting.php
@@ -512,7 +512,7 @@ if ($save && $user->data['is_registered'] && $auth->acl_get('u_savedrafts') && (
}
else
{
- if (!$subject)
+ if (!$subject || !utf_clean_string($subject))
{
$error[] = $user->lang['EMPTY_SUBJECT'];
}
@@ -756,7 +756,7 @@ if ($submit || $preview || $refresh)
}
// Parse subject
- if (!$preview && !$refresh && !$post_data['post_subject'] && ($mode == 'post' || ($mode == 'edit' && $post_data['topic_first_post_id'] == $post_id)))
+ if (!$preview && !$refresh && !utf8_clean_string($post_data['post_subject']) && ($mode == 'post' || ($mode == 'edit' && $post_data['topic_first_post_id'] == $post_id)))
{
$error[] = $user->lang['EMPTY_SUBJECT'];
}