From f9dbe33fa7917b6220a85a01ed9f395f3f1bb888 Mon Sep 17 00:00:00 2001
From: Callum Macrae <callum@lynxphp.com>
Date: Thu, 14 Jul 2011 18:05:34 +0100
Subject: [PATCH] [ticket/10240] Added code to strip control characters from
 messages.

It is possible to evade the word filter using control characters.

Seeing as control characters have no practical application in a bulletin
board software, it doesn't do any harm to remove them entirely. That is
what this commit does.

PHPBB3-10240
---
 phpBB/includes/functions_content.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/phpBB/includes/functions_content.php b/phpBB/includes/functions_content.php
index faff9dd0de..872ee8c7cc 100644
--- a/phpBB/includes/functions_content.php
+++ b/phpBB/includes/functions_content.php
@@ -691,6 +691,9 @@ function censor_text($text)
 		return '';
 	}
 
+	// Strip control characters
+	$text = preg_replace('/[\x00-\x0f]/', '', $text);
+
 	// We moved the word censor checks in here because we call this function quite often - and then only need to do the check once
 	if (!isset($censors) || !is_array($censors))
 	{