From 1a5413275978a307d200d0b52cc30c75da003669 Mon Sep 17 00:00:00 2001 From: Henry Sudhof Date: Fri, 27 Jul 2007 14:55:48 +0000 Subject: [PATCH] #13800 git-svn-id: file:///svn/phpbb/trunk@7958 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/docs/CHANGELOG.html | 2 +- phpBB/includes/ucp/ucp_pm_compose.php | 4 ++-- phpBB/posting.php | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index 155707a97f..8260477494 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -284,7 +284,7 @@ p a {
  • [Feature] Ability to externally set $phpbb_root_path if wrapping phpBB3 by defining constant PHPBB_ROOT_PATH
  • [Fix] Implemented correct left/right floating within ACP in regard to RTL languages (Bug #13777)
  • [Fix] Fixing session problems when using MySQL strict mode in conjunction with very long browser agent string (Bug #13827)
    • - +
  • [Fix] Disallow post/pm subjects entirely made up from non-printable chars and whitespaces (Bug #13800)
    • diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index 56a11afe33..e81c572ddf 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -481,7 +481,7 @@ function compose_pm($id, $mode, $action) } else { - if (!$subject) + if (!$subject || !utf8_clean_string($subject)) { $error[] = $user->lang['EMPTY_MESSAGE_SUBJECT']; } @@ -583,7 +583,7 @@ function compose_pm($id, $mode, $action) // Subject defined if ($submit) { - if (!$subject) + if (!$subject || !utf8_clean_string($subject)) { $error[] = $user->lang['EMPTY_MESSAGE_SUBJECT']; } diff --git a/phpBB/posting.php b/phpBB/posting.php index 7fa97be4c5..c2712009a1 100644 --- a/phpBB/posting.php +++ b/phpBB/posting.php @@ -512,7 +512,7 @@ if ($save && $user->data['is_registered'] && $auth->acl_get('u_savedrafts') && ( } else { - if (!$subject) + if (!$subject || !utf_clean_string($subject)) { $error[] = $user->lang['EMPTY_SUBJECT']; } @@ -756,7 +756,7 @@ if ($submit || $preview || $refresh) } // Parse subject - if (!$preview && !$refresh && !$post_data['post_subject'] && ($mode == 'post' || ($mode == 'edit' && $post_data['topic_first_post_id'] == $post_id))) + if (!$preview && !$refresh && !utf8_clean_string($post_data['post_subject']) && ($mode == 'post' || ($mode == 'edit' && $post_data['topic_first_post_id'] == $post_id))) { $error[] = $user->lang['EMPTY_SUBJECT']; }