1
0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-01 06:20:46 +02:00

several security fixes in admin pages

changed bbcode to only allow jpg, jpeg, gif and png


git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@4876 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen
2004-03-25 15:57:20 +00:00
parent 79c15bd7c1
commit 234b1f13de
21 changed files with 1038 additions and 48 deletions

View File

@@ -281,7 +281,7 @@ function bbencode_first_pass($text, $uid)
$text = preg_replace("#\[i\](.*?)\[/i\]#si", "[i:$uid]\\1[/i:$uid]", $text);
// [img]image_url_here[/img] code..
$text = preg_replace("#\[img\]((ht|f)tp://)([^ \?&=\"\n\r\t<])[/img\]#sie", "'[img:$uid]\\1' . str_replace(' ', '%20', '\\3') . '[/img:$uid]'", $text);
$text = preg_replace("#\[img\]((ht|f)tp://)([^ \?&=\"\n\r\t<]*?(\.(jpg|jpeg|gif|png)))\[/img\]#sie", "'[img:$uid]\\1' . str_replace(' ', '%20', '\\3') . '[/img:$uid]'", $text);
// Remove our padding from the string..
return substr($text, 1);;