mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-31 22:10:45 +02:00
Code Issues Releases Wiki Activity

[ticket/16252] Ignore non-BBCodes when looking for unauthorized markup

Browse Source 
PHPBB3-16252
This commit is contained in:
JoshyPHP
2019-12-09 18:06:30 +01:00
parent 1f00e160ab
commit 5813b5fbee
5 changed files with 56 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
phpBB/phpbb/textformatter/s9e/parser.php
View File

@@ -15,6 +15,7 @@ namespace phpbb\textformatter\s9e;
use s9e\TextFormatter\Parser\AttributeFilters\UrlFilter;
use s9e\TextFormatter\Parser\Logger;
use s9e\TextFormatter\Parser\Tag;
/**
* s9e\TextFormatter\Parser adapter
@@ -219,7 +220,7 @@ class parser implements \phpbb\textformatter\parser_interface
{
$errors[] = array($msg, $context['max_' . strtolower($m[1])]);
}
else if ($msg === 'Tag is disabled')
else if ($msg === 'Tag is disabled' && $this->is_a_bbcode($context['tag']))
{
$name = strtolower($context['tag']->getName());
$errors[] = array('UNAUTHORISED_BBCODE', '[' . $name . ']');
@@ -396,4 +397,21 @@ class parser implements \phpbb\textformatter\parser_interface
return $url;
}
/**
* Test whether given tag consumes text that looks like BBCode-styled markup
*
* @param Tag $tag Original tag
* @return bool
*/
protected function is_a_bbcode(Tag $tag)
{
if ($tag->getLen() < 3)
{
return false;
}
$markup = substr($this->parser->getText(), $tag->getPos(), $tag->getLen());
return (bool) preg_match('(^\\[\\w++.*?\\]$)s', $markup);
}
}