Ok, I've done so much here, I can hardly remember what I've done...

There are various security updates throughout the commit, along with a few bug fixes; I'll try to name them here. --- Bug #453: Fixed. Bug #485: Duplicate of #453, but still fixed. Bug #476: Ok, the typo is fixed. --- That should be it, but I'll have more fixes tomorrow. (Finally, I have figured out regular expressions!!!) --Doug git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@2645 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-10-04 11:41:38 +02:00 · 2002-06-23 02:47:56 +00:00
parent 1d2a359ea1
commit 35e91d29d5
7 changed files with 15 additions and 14 deletions
--- a/phpBB/includes/bbcode.php
+++ b/phpBB/includes/bbcode.php
@@ -282,7 +282,7 @@ function bbencode_first_pass($text, $uid)
 	$text = preg_replace("#\[i\](.*?)\[/i\]#si", "[i:$uid]\\1[/i:$uid]", $text);

 	// [img]image_url_here[/img] code..
-	$text = preg_replace("#\[img\]([http|https]+?://)([a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+]+)\[/img\]#si", "[img:$uid]\\1\\2[/img:$uid]", $text);
+	$text = preg_replace("#\[img\](http(s)?://)([a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+]+)\[/img\]#si", "[img:$uid]\\1\\3[/img:$uid]", $text);

 	// Remove our padding from the string..
 	$text = substr($text, 1);
@@ -620,7 +620,7 @@ function make_clickable($text)
 	// matches an "xxxx://yyyy" URL at the start of a line, or after a space.
 	// xxxx can only be alpha characters.
 	// yyyy is anything up to the first space, newline, or comma.
-	$ret = preg_replace("#([\n ])([a-z]+?)://([^\t <\n\r]+)#i", "\\1<a href=\"\\2://\\3\" target=\"_blank\">\\2://\\3</a>", $ret);
+	$ret = preg_replace("#([\n ])([a-z]+?)://([a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+]+)#i", "\\1<a href=\"\\2://\\3\" target=\"_blank\">\\2://\\3</a>", $ret);

 	// matches a "www.xxxx.yyyy[/zzzz]" kinda lazy URL thing
 	// Must contain at least 2 dots. xxxx contains either alphanum, or "-"
@@ -628,7 +628,7 @@ function make_clickable($text)
 	// zzzz is optional.. will contain everything up to the first space, newline, or comma.
 	// This is slightly restrictive - it's not going to match stuff like "forums.foo.com"
 	// This is to keep it from getting annoying and matching stuff that's not meant to be a link.
-	$ret = preg_replace("#([\n ])www\.([a-z0-9\-]+)\.([a-z0-9\-.\~]+)((?:/[^\t <\n\r]*)?)#i", "\\1<a href=\"http://www.\\2.\\3\\4\" target=\"_blank\">www.\\2.\\3\\4</a>", $ret);
+	$ret = preg_replace("#([\n ])www\.([a-z0-9\-]+)\.([a-z0-9\-.\~]+)((?:/[a-z0-9\-\.,\?!%\*_\#:;~\\&$@\/=\+]*)?)#i", "\\1<a href=\"http://www.\\2.\\3\\4\" target=\"_blank\">www.\\2.\\3\\4</a>", $ret);

 	// matches an email@domain type address at the start of a line, or after a space.
 	// Note: Only the followed chars are valid; alphanums, "-", "_" and or ".".
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -670,5 +670,4 @@ function message_die($msg_code, $msg_text = '', $msg_title = '', $err_line = '',

 	exit;
 }
-
 ?>
--- a/phpBB/includes/functions_post.php
+++ b/phpBB/includes/functions_post.php
@@ -74,13 +74,9 @@ function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid
 				for($i = 0; $i < sizeof($allowed_html_tags); $i++)
 				{
 					$match_tag = trim($allowed_html_tags[$i]);
-
-					if ( preg_match('/^<\/?' . $match_tag . '\b/i', $hold_string) )
+					if ( preg_match('/^<\/?' . $match_tag . '(?!(\s*)style(\s*)\\=)/i', $hold_string) )
 					{
-						if ( !preg_match('/style[="](.*?)["]/i', $hold_string) )
-						{
-							$tagallowed = true;
-						}
+						$tagallowed = true;
 					}
 				}

--- a/phpBB/includes/usercp_avatar.php
+++ b/phpBB/includes/usercp_avatar.php
@@ -69,12 +69,13 @@ function user_avatar_gallery($mode, &$error, &$error_msg, $avatar_filename)

 function user_avatar_url($mode, &$error, &$error_msg, $avatar_filename)
 {
+	$avatar_filename = rawurlencode($avatar_filename);
 	if ( !preg_match('#^http:\/\/#i', $avatar_filename) )
 	{
 		$avatar_filename = 'http://' . $avatar_filename;
 	}

-	if ( !preg_match('#^(http:\/\/[a-z0-9\-]+?\.([a-z0-9\-]+\.)*[a-z]+(:[0-9]+)*\/[^\"]*?\.(gif|jpg|jpeg|png)$)#is', $avatar_filename) )
+	if ( !preg_match('#^(http:\/\/[a-z0-9\-]+?\.([a-z0-9\-]+\.)*[a-z]+(:[0-9]+)*\/\.(gif|jpg|jpeg|png)$)#is', $avatar_filename) )
 	{
 		$error = true;
 		$error_msg = ( !empty($error_msg) ) ? $error_msg . '<br />' . $lang['Wrong_remote_avatar_format'] : $lang['Wrong_remote_avatar_format'];
--- a/phpBB/includes/usercp_register.php
+++ b/phpBB/includes/usercp_register.php
@@ -361,6 +361,11 @@ if ( isset($HTTP_POST_VARS['submit']) )
 		$signature = prepare_message($signature, $allowhtml, $allowbbcode, $allowsmilies, $signature_bbcode_uid);
 	}

+	if ( $website != '' )
+	{
+		rawurlencode($website);
+	}
+
 	if ( isset($HTTP_POST_VARS['avatardel']) && $mode == 'editprofile' )
 	{
 		$avatar_sql = user_avatar_delete($userdata['user_avatar_type'], $userdata['user_avatar']);