mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-29 04:50:51 +02:00
Code Issues Releases Wiki Activity

[ticket/security-203] Fully validate version check data in version helper

Browse Source 
This will also take care of SECURITY-204 as it's the same underlying issue.
Admins still need to ensure they don't visit malicious sites for URLs
provided by extensions.

SECURITY-203
This commit is contained in:
Marc Alexander
2016-12-26 22:01:51 +01:00
parent 97a0f49be4
commit 658820654f
4 changed files with 185 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
phpBB/includes/functions.php
View File

@@ -3442,6 +3442,11 @@ function get_preg_expression($mode)
case 'path_remove_dot_trailing_slash':
return '#^(?:(\.)?)+(?:(.+)?)+(?:([\\/\\\])$)#';
break;
case 'semantic_version':
// Regular expression to match semantic versions by http://rgxdb.com/
return '/(?<=^[Vv]|^)(?:(?<major>(?:0|[1-9](?:(?:0|[1-9])+)*))[.](?<minor>(?:0|[1-9](?:(?:0|[1-9])+)*))[.](?<patch>(?:0|[1-9](?:(?:0|[1-9])+)*))(?:-(?<prerelease>(?:(?:(?:[A-Za-z]|-)(?:(?:(?:0|[1-9])|(?:[A-Za-z]|-))+)?|(?:(?:(?:0|[1-9])|(?:[A-Za-z]|-))+)(?:[A-Za-z]|-)(?:(?:(?:0|[1-9])|(?:[A-Za-z]|-))+)?)|(?:0|[1-9](?:(?:0|[1-9])+)*))(?:[.](?:(?:(?:[A-Za-z]|-)(?:(?:(?:0|[1-9])|(?:[A-Za-z]|-))+)?|(?:(?:(?:0|[1-9])|(?:[A-Za-z]|-))+)(?:[A-Za-z]|-)(?:(?:(?:0|[1-9])|(?:[A-Za-z]|-))+)?)|(?:0|[1-9](?:(?:0|[1-9])+)*)))*))?(?:[+](?<build>(?:(?:(?:[A-Za-z]|-)(?:(?:(?:0|[1-9])|(?:[A-Za-z]|-))+)?|(?:(?:(?:0|[1-9])|(?:[A-Za-z]|-))+)(?:[A-Za-z]|-)(?:(?:(?:0|[1-9])|(?:[A-Za-z]|-))+)?)|(?:(?:0|[1-9])+))(?:[.](?:(?:(?:[A-Za-z]|-)(?:(?:(?:0|[1-9])|(?:[A-Za-z]|-))+)?|(?:(?:(?:0|[1-9])|(?:[A-Za-z]|-))+)(?:[A-Za-z]|-)(?:(?:(?:0|[1-9])|(?:[A-Za-z]|-))+)?)|(?:(?:0|[1-9])+)))*))?)$/';
break;
}
return '';