#6772

- some other random things git-svn-id: file:///svn/phpbb/trunk@6880 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-08-10 18:54:08 +02:00 · 2007-01-11 05:44:22 +00:00
parent 7c18792a6e
commit 3a2a61baa4
24 changed files with 91 additions and 33 deletions
--- a/phpBB/includes/acp/acp_attachments.php
+++ b/phpBB/includes/acp/acp_attachments.php
@@ -673,6 +673,11 @@ class acp_attachments
 									$selected = ($ext_group_row['upload_icon'] == $img) ? ' selected="selected"' : '';
 								}

+								if (strlen($img) > 255)
+								{
+									continue;
+								}
+
 								$filename_list .= '<option value="' . htmlspecialchars($img) . '"' . $selected . '>' . htmlspecialchars($img) . '</option>';
 							}
 						}
@@ -1266,10 +1271,20 @@ class acp_attachments
 				{
 					if ($row['site_ip'])
 					{
+						if (strlen($row['site_ip']) > 40)
+						{
+							continue;
+						}
+
 						$iplist_tmp[] = "'" . $row['site_ip'] . "'";
 					}
 					else if ($row['site_hostname'])
 					{
+						if (strlen($row['site_hostname']) > 255)
+						{
+							continue;
+						}
+
 						$hostlist_tmp[] = "'" . $row['site_hostname'] . "'";
 					}
 					// break;
--- a/phpBB/includes/acp/acp_bbcodes.php
+++ b/phpBB/includes/acp/acp_bbcodes.php
@@ -148,7 +148,16 @@ class acp_bbcodes
 					trigger_error($user->lang['BBCODE_OPEN_ENDED_TAG'] . adm_back_link($this->u_action), E_USER_WARNING);
 				}

-				// @todo - bbcode_tag <= 16, bbcode_helpline <= 255, bbcode_match <= 4000
+				if (strlen($data['bbcode_tag']) > 16)
+				{
+					trigger_error($user->lang['BBCODE_TAG_TOO_LONG'] . adm_back_link($this->u_action), E_USER_WARNING);
+				}
+
+				if (strlen($data['bbcode_tag']) > 4000)
+				{
+					trigger_error($user->lang['BBCODE_TAG_TOO_LONG'] . adm_back_link($this->u_action), E_USER_WARNING);
+				}
+
 				$sql_ary = array(
 					'bbcode_tag'				=> $data['bbcode_tag'],
 					'bbcode_match'				=> $bbcode_match,
--- a/phpBB/includes/acp/acp_forums.php
+++ b/phpBB/includes/acp/acp_forums.php
@@ -853,6 +853,16 @@ class acp_forums
 			$errors[] = $user->lang['FORUM_NAME_EMPTY'];
 		}

+		if (utf8_strlen($forum_data['forum_desc']) > 4000)
+		{
+			$errors[] = $user->lang['FORUM_DESC_TOO_LONG'];
+		}
+
+		if (utf8_strlen($forum_data['forum_rules']) > 4000)
+		{
+			$errors[] = $user->lang['FORUM_RULES_TOO_LONG'];
+		}
+
 		if ($forum_data['forum_password'] || $forum_data['forum_password_confirm'])
 		{
 			if ($forum_data['forum_password'] != $forum_data['forum_password_confirm'])
--- a/phpBB/includes/acp/acp_icons.php
+++ b/phpBB/includes/acp/acp_icons.php
@@ -67,7 +67,7 @@ class acp_icons
 				{
 					$img_size = @getimagesize($phpbb_root_path . $img_path . '/' . $path . $img);

-					if (!$img_size[0] || !$img_size[1])
+					if (!$img_size[0] || !$img_size[1] || strlen($img) > 255)
 					{
 						continue;
 					}
--- a/phpBB/includes/acp/acp_permission_roles.php
+++ b/phpBB/includes/acp/acp_permission_roles.php
@@ -142,6 +142,11 @@ class acp_permission_roles
 						trigger_error($user->lang['NO_ROLE_NAME_SPECIFIED'] . adm_back_link($this->u_action), E_USER_WARNING);
 					}

+					if (utf8_strlen($role_description) > 4000)
+					{
+						trigger_error($user->lang['ROLE_DESCRIPTION_LONG'] . adm_back_link($this->u_action), E_USER_WARNING);
+					}
+
 					// if we add/edit a role we check the name to be unique among the settings...
 					$sql = 'SELECT role_id
 						FROM ' . ACL_ROLES_TABLE . "
--- a/phpBB/includes/acp/acp_ranks.php
+++ b/phpBB/includes/acp/acp_ranks.php
@@ -164,6 +164,11 @@ class acp_ranks
 								$selected = '';
 							}

+							if (strlen($img) > 255)
+							{
+								continue;
+							}
+
 							$filename_list .= '<option value="' . htmlspecialchars($img) . '"' . $selected . '>' . $img . '</option>';
 						}
 					}
--- a/phpBB/includes/acp/acp_reasons.php
+++ b/phpBB/includes/acp/acp_reasons.php
@@ -214,7 +214,7 @@ class acp_reasons
 								WHERE reason_id = $reason_id";
 						break;

-						// Nearly standard, not quite
+						// Standard? What's that?
 						case 'mssql':
 						case 'mssql_odbc':
 							// Change the reports using this reason to 'other'
--- a/phpBB/includes/functions_posting.php
+++ b/phpBB/includes/functions_posting.php
@@ -1577,7 +1577,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 			);
 		}

-		$sql = 'INSERT INTO ' . POSTS_TABLE . ' ' .	$db->sql_build_array('INSERT', $sql_data[POSTS_TABLE]['sql']);
+		$sql = 'INSERT INTO ' . POSTS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_data[POSTS_TABLE]['sql']);
 		$db->sql_query($sql);
 		$data['post_id'] = $db->sql_nextid();

--- a/phpBB/includes/functions_user.php
+++ b/phpBB/includes/functions_user.php
@@ -767,6 +767,11 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
 						{
 							if ($ip)
 							{
+								if (strlen($ip) > 40)
+								{
+									continue;
+								}
+
 								$banlist_ary[] = $ip;
 							}
 						}
@@ -788,6 +793,11 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas

 				if (preg_match('#^.*?@*|(([a-z0-9\-]+\.)+([a-z]{2,3}))$#i', $ban_item))
 				{
+					if (strlen($ban_item) > 100)
+					{
+						continue;
+					}
+
 					if (!sizeof($founder) || !in_array($ban_item, $founder))
 					{
 						$banlist_ary[] = $ban_item;