mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-05 22:14:59 +02:00
Code Issues Releases Wiki Activity

[ticket/security/279] Use rawurlencode for escaping smilie URLs

Browse Source 
SECURITY-279
This commit is contained in:
Derky 2023-09-21 15:41:20 +02:00 committed by Marc Alexander
parent d8ac6f575e
commit c4f42c1573
No known key found for this signature in database
GPG Key ID: 50E0D2423696F995
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
phpBB/includes/acp/acp_icons.php
View File

@ -654,7 +654,7 @@ class acp_icons
{
$replace_sql = ($mode == 'smilies') ? $code : $img;
$sql = array(
$fields . '_url' => utf8_substr(htmlspecialchars($img, ENT_COMPAT), 0, 50),
$fields . '_url' => utf8_substr(rawurlencode($img), 0, 50),
$fields . '_height' => (int) $height,
$fields . '_width' => (int) $width,
'display_on_posting' => (int) $display_on_posting,
@ -676,7 +676,7 @@ class acp_icons
++$order;
$sql = array(
$fields . '_url' => utf8_substr(htmlspecialchars($img, ENT_COMPAT), 0, 50),
$fields . '_url' => utf8_substr(rawurlencode($img), 0, 50),
$fields . '_height' => (int) $height,
$fields . '_width' => (int) $width,
$fields . '_order' => (int) $order,