mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-31 22:10:45 +02:00
Code Issues Releases Wiki Activity

fix the html issue...

Browse Source 
git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@5369 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen
2005-12-22 11:34:02 +00:00
parent 8c5431cc68
commit 90a093fc5f
2 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
phpBB/docs/CHANGELOG.html
View File

@@ -75,7 +75,8 @@ p,ul,td {font-size:10pt;}
<li>[Fix] change truncation of username length in usercp_register.php - BFUK</li> <li>[Fix] change truncation of username length in usercp_register.php - BFUK</li>
<li>[Fix] incorrect path to avatars in admin_users.php (Bug #667)</li> <li>[Fix] incorrect path to avatars in admin_users.php (Bug #667)</li>
<li>[Fix] fixed get_userdata to support correct sql escaping (non-mysql dbs) - jarnaez</li> <li>[Fix] fixed get_userdata to support correct sql escaping (non-mysql dbs) - jarnaez</li>
<li>[Sec] fixed XSS issue in IE within the url bbcode</li> <li>[Sec] fixed XSS issue (only valid for Internet Explorer) within the url bbcode</li>
<li>[Sec] fixed XSS issue (only valid for Internet Explorer) if html tags are allowed and enabled</li>
</ul> </ul>

4
phpBB/includes/functions_post.php
View File

@@ -25,8 +25,8 @@ if (!defined('IN_PHPBB'))
die('Hacking attempt'); die('Hacking attempt');
} }
$html_entities_match = array('#&(?!(\#[0-9]+;))#', '#<#', '#>#'); $html_entities_match = array('#&(?!(\#[0-9]+;))#', '#<#', '#>#', '#"#');
$html_entities_replace = array('&amp;', '&lt;', '&gt;'); $html_entities_replace = array('&amp;', '&lt;', '&gt;', '&quot;');
$unhtml_specialchars_match = array('#&gt;#', '#&lt;#', '#&quot;#', '#&amp;#'); $unhtml_specialchars_match = array('#&gt;#', '#&lt;#', '#&quot;#', '#&amp;#');
$unhtml_specialchars_replace = array('>', '<', '"', '&'); $unhtml_specialchars_replace = array('>', '<', '"', '&');