From 35e91d29d5ccfcdff21da032a66f2a6fc7b71496 Mon Sep 17 00:00:00 2001
From: dougk_ff7 <dougk_ff7@users.sourceforge.net>
Date: Sun, 23 Jun 2002 02:47:56 +0000
Subject: [PATCH] Ok, I've done so much here, I can hardly remember what I've
 done... There are various security updates throughout the commit, along with
 a few bug fixes; I'll try to name them here. --- Bug #453: Fixed. Bug #485:
 Duplicate of #453, but still fixed. Bug #476: Ok, the typo is fixed. --- That
 should be it, but I'll have more fixes tomorrow. (Finally, I have figured out
 regular expressions!!!)

--Doug


git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@2645 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/admin/admin_smilies.php             | 2 +-
 phpBB/includes/bbcode.php                 | 6 +++---
 phpBB/includes/functions.php              | 1 -
 phpBB/includes/functions_post.php         | 8 ++------
 phpBB/includes/usercp_avatar.php          | 3 ++-
 phpBB/includes/usercp_register.php        | 5 +++++
 phpBB/language/lang_english/lang_main.php | 4 ++--
 7 files changed, 15 insertions(+), 14 deletions(-)

diff --git a/phpBB/admin/admin_smilies.php b/phpBB/admin/admin_smilies.php
index b499291577..4962e4ff4e 100644
--- a/phpBB/admin/admin_smilies.php
+++ b/phpBB/admin/admin_smilies.php
@@ -265,7 +265,7 @@ else if( isset($HTTP_POST_VARS['export_pack']) || isset($HTTP_GET_VARS['export_p
 	message_die(GENERAL_MESSAGE, $message);
 
 }
-else if( isset($HTTP_POST_VARS['add']) || isset($HTTP_GET_VARS['add'] )
+else if( isset($HTTP_POST_VARS['add']) || isset($HTTP_GET_VARS['add']) )
 {
 	//
 	// Admin has selected to add a smiley.
diff --git a/phpBB/includes/bbcode.php b/phpBB/includes/bbcode.php
index 198843efd4..fb027199f4 100644
--- a/phpBB/includes/bbcode.php
+++ b/phpBB/includes/bbcode.php
@@ -282,7 +282,7 @@ function bbencode_first_pass($text, $uid)
 	$text = preg_replace("#\[i\](.*?)\[/i\]#si", "[i:$uid]\\1[/i:$uid]", $text);
 
 	// [img]image_url_here[/img] code..
-	$text = preg_replace("#\[img\]([http|https]+?://)([a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+]+)\[/img\]#si", "[img:$uid]\\1\\2[/img:$uid]", $text);
+	$text = preg_replace("#\[img\](http(s)?://)([a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+]+)\[/img\]#si", "[img:$uid]\\1\\3[/img:$uid]", $text);
 
 	// Remove our padding from the string..
 	$text = substr($text, 1);
@@ -620,7 +620,7 @@ function make_clickable($text)
 	// matches an "xxxx://yyyy" URL at the start of a line, or after a space.
 	// xxxx can only be alpha characters.
 	// yyyy is anything up to the first space, newline, or comma.
-	$ret = preg_replace("#([\n ])([a-z]+?)://([^\t <\n\r]+)#i", "\\1<a href=\"\\2://\\3\" target=\"_blank\">\\2://\\3</a>", $ret);
+	$ret = preg_replace("#([\n ])([a-z]+?)://([a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+]+)#i", "\\1<a href=\"\\2://\\3\" target=\"_blank\">\\2://\\3</a>", $ret);
 
 	// matches a "www.xxxx.yyyy[/zzzz]" kinda lazy URL thing
 	// Must contain at least 2 dots. xxxx contains either alphanum, or "-"
@@ -628,7 +628,7 @@ function make_clickable($text)
 	// zzzz is optional.. will contain everything up to the first space, newline, or comma.
 	// This is slightly restrictive - it's not going to match stuff like "forums.foo.com"
 	// This is to keep it from getting annoying and matching stuff that's not meant to be a link.
-	$ret = preg_replace("#([\n ])www\.([a-z0-9\-]+)\.([a-z0-9\-.\~]+)((?:/[^\t <\n\r]*)?)#i", "\\1<a href=\"http://www.\\2.\\3\\4\" target=\"_blank\">www.\\2.\\3\\4</a>", $ret);
+	$ret = preg_replace("#([\n ])www\.([a-z0-9\-]+)\.([a-z0-9\-.\~]+)((?:/[a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+]*)?)#i", "\\1<a href=\"http://www.\\2.\\3\\4\" target=\"_blank\">www.\\2.\\3\\4</a>", $ret);
 
 	// matches an email@domain type address at the start of a line, or after a space.
 	// Note: Only the followed chars are valid; alphanums, "-", "_" and or ".".
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index 75cb8d2c23..a58b2fd0ef 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -670,5 +670,4 @@ function message_die($msg_code, $msg_text = '', $msg_title = '', $err_line = '',
 
 	exit;
 }
-
 ?>
\ No newline at end of file
diff --git a/phpBB/includes/functions_post.php b/phpBB/includes/functions_post.php
index 683a8eca2e..497f8ce90c 100644
--- a/phpBB/includes/functions_post.php
+++ b/phpBB/includes/functions_post.php
@@ -74,13 +74,9 @@ function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid
 				for($i = 0; $i < sizeof($allowed_html_tags); $i++)
 				{
 					$match_tag = trim($allowed_html_tags[$i]);
-
-					if ( preg_match('/^<\/?' . $match_tag . '\b/i', $hold_string) )
+					if ( preg_match('/^<\/?' . $match_tag . '(?!(\s*)style(\s*)\\=)/i', $hold_string) )
 					{
-						if ( !preg_match('/style[="](.*?)["]/i', $hold_string) )
-						{
-							$tagallowed = true;
-						}
+						$tagallowed = true;
 					}
 				}
 
diff --git a/phpBB/includes/usercp_avatar.php b/phpBB/includes/usercp_avatar.php
index 84906954fb..00a8bf02e4 100644
--- a/phpBB/includes/usercp_avatar.php
+++ b/phpBB/includes/usercp_avatar.php
@@ -69,12 +69,13 @@ function user_avatar_gallery($mode, &$error, &$error_msg, $avatar_filename)
 
 function user_avatar_url($mode, &$error, &$error_msg, $avatar_filename)
 {
+	$avatar_filename = rawurlencode($avatar_filename);
 	if ( !preg_match('#^http:\/\/#i', $avatar_filename) )
 	{
 		$avatar_filename = 'http://' . $avatar_filename;
 	}
 
-	if ( !preg_match('#^(http:\/\/[a-z0-9\-]+?\.([a-z0-9\-]+\.)*[a-z]+(:[0-9]+)*\/[^\"]*?\.(gif|jpg|jpeg|png)$)#is', $avatar_filename) )
+	if ( !preg_match('#^(http:\/\/[a-z0-9\-]+?\.([a-z0-9\-]+\.)*[a-z]+(:[0-9]+)*\/\.(gif|jpg|jpeg|png)$)#is', $avatar_filename) )
 	{
 		$error = true;
 		$error_msg = ( !empty($error_msg) ) ? $error_msg . '<br />' . $lang['Wrong_remote_avatar_format'] : $lang['Wrong_remote_avatar_format'];
diff --git a/phpBB/includes/usercp_register.php b/phpBB/includes/usercp_register.php
index 89de28cf5b..d8cb27775c 100644
--- a/phpBB/includes/usercp_register.php
+++ b/phpBB/includes/usercp_register.php
@@ -361,6 +361,11 @@ if ( isset($HTTP_POST_VARS['submit']) )
 		$signature = prepare_message($signature, $allowhtml, $allowbbcode, $allowsmilies, $signature_bbcode_uid);
 	}
 
+	if ( $website != '' )
+	{
+		rawurlencode($website);
+	}
+
 	if ( isset($HTTP_POST_VARS['avatardel']) && $mode == 'editprofile' )
 	{
 		$avatar_sql = user_avatar_delete($userdata['user_avatar_type'], $userdata['user_avatar']);
diff --git a/phpBB/language/lang_english/lang_main.php b/phpBB/language/lang_english/lang_main.php
index 0c4999a632..94a55c79b3 100644
--- a/phpBB/language/lang_english/lang_main.php
+++ b/phpBB/language/lang_english/lang_main.php
@@ -630,7 +630,7 @@ $lang['Registration'] = 'Registration Agreement Terms';
 $lang['Reg_agreement'] = 'While the administrators and moderators of this forum will attempt to remove or edit any generally objectionable material as quickly as possible, it is impossible to review every message. Therefore you acknowledge that all posts made to these forums express the views and opinions of the author and not the administrators, moderators or webmaster (except for posts by these people) and hence will not be held liable.<br /><br />You agree not to post any abusive, obscene, vulgar, slanderous, hateful, threatening, sexually-orientated or any other material that may violate any applicable laws. Doing so may lead to you being immediately and permanently banned (and your service provider being informed). The IP address of all posts is recorded to aid in enforcing these conditions. You agree that the webmaster, administrator and moderators of this forum have the right to remove, edit, move or close any topic at any time should they see fit. As a user you agree to any information you	have entered above being stored in a database. While this information will not be disclosed to any third party without your consent the webmaster, administrator and moderators cannot be held responsible for any hacking attempt that may lead to the data being compromised.<br /><br />This forum system uses cookies to store information on your local computer. These cookies do not contain any of the information you have entered above, they serve only to improve your viewing pleasure. The email address is used only for confirming your registration details and password (and for sending new passwords should you forget your current one).<br /><br />By clicking Register below you agree to be bound by these conditions.';
 
 $lang['Agree_under_13'] = 'I Agree to these terms and am <b>under</b> 13 years of age';
-$lang['Agree_over_13'] = 'I Agree to these terms and am <b>over</b> 13 years of age';
+$lang['Agree_over_13'] = 'I Agree to these terms and am <b>over</b> or <b>exactly</b> 13 years of age';
 $lang['Agree_not'] = 'I do not agree to these terms';
 
 $lang['Wrong_activation'] = 'The activation key you supplied does not match any in the database';
@@ -1005,4 +1005,4 @@ $lang['A_critical_error'] = 'A Critical Error Occurred';
 // That's all Folks!
 // -------------------------------------------------
 
-?>
\ No newline at end of file
+?>