Ok, I've done so much here, I can hardly remember what I've done...

There are various security updates throughout the commit, along with a few bug fixes; I'll try to name them here. --- Bug #453: Fixed. Bug #485: Duplicate of #453, but still fixed. Bug #476: Ok, the typo is fixed. --- That should be it, but I'll have more fixes tomorrow. (Finally, I have figured out regular expressions!!!) --Doug git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@2645 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-07-30 21:40:43 +02:00 · 2002-06-23 02:47:56 +00:00
parent 1d2a359ea1
commit 35e91d29d5
7 changed files with 15 additions and 14 deletions
--- a/phpBB/includes/functions_post.php
+++ b/phpBB/includes/functions_post.php
@@ -74,13 +74,9 @@ function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid
 				for($i = 0; $i < sizeof($allowed_html_tags); $i++)
 				{
 					$match_tag = trim($allowed_html_tags[$i]);
-
-					if ( preg_match('/^<\/?' . $match_tag . '\b/i', $hold_string) )
+					if ( preg_match('/^<\/?' . $match_tag . '(?!(\s*)style(\s*)\\=)/i', $hold_string) )
 					{
-						if ( !preg_match('/style[="](.*?)["]/i', $hold_string) )
-						{
-							$tagallowed = true;
-						}
+						$tagallowed = true;
 					}
 				}