Removing traces of global announcements and also fixing a potential security hole in bbcode. Img-based javascript is now stripped. All images have to begin with http://

git-svn-id: file:///svn/phpbb/trunk@1238 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-07-31 22:10:45 +02:00 · 2001-10-19 13:28:35 +00:00
parent 43025a0dbb
commit 2652a1aba9
2 changed files with 1 additions and 2 deletions
--- a/phpBB/includes/bbcode.php
+++ b/phpBB/includes/bbcode.php
@@ -263,7 +263,7 @@ function bbencode_first_pass($text, $uid)
 	$text = preg_replace("#\[i\](.*?)\[/i\]#si", "[i:$uid]\\1[/i:$uid]", $text);

 	// [img]image_url_here[/img] code..
-	$text = preg_replace("#\[img\](.*?)\[/img\]#si", "[img:$uid]\\1[/img:$uid]", $text);
+	$text = preg_replace("#\[img\](([a-z]+?)://([^, \n\r]+))\[/img\]#si", "[img:$uid]\\1[/img:$uid]", $text);

 	// Remove our padding from the string..
 	$text = substr($text, 1);