mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-02-25 04:23:38 +01:00
Code Issues Releases Wiki Activity

merging TEXT warn from 3_0_0

Browse Source 
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_7@10512 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Henry Sudhof 2010-02-20 16:44:00 +00:00
parent a63ceb28e2
commit d7f4922993
3 changed files with 138 additions and 97 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
phpBB/adm/style/confirm_bbcode.html Executable file
View File

@ -0,0 +1,22 @@
<!-- INCLUDE overall_header.html -->
<form id="confirm" method="post" action="{S_CONFIRM_ACTION}">
<div class="errorbox">
<h3>{L_WARNING}</h3>
<p>{MESSAGE_TEXT}</p>
</div>
<fieldset>
{S_HIDDEN_FIELDS}
<div style="text-align: center;">
<input type="submit" name="confirm" value="{L_YES}" class="button2" />&nbsp;
<input type="submit" name="cancel" value="{L_CANCEL}" class="button2" />
</div>
</fieldset>
</form>
<!-- INCLUDE overall_footer.html -->

16
phpBB/includes/acp/acp_bbcodes.php
View File

@ -124,6 +124,9 @@ class acp_bbcodes
case 'modify': case 'modify':
case 'create': case 'create':
$warn_text = preg_match('%<[^>]*\{text[\d]*\}[^>]*>%i', $bbcode_tpl);
if (!$warn_text || confirm_box(true))
{
$data = $this->build_regexp($bbcode_match, $bbcode_tpl); $data = $this->build_regexp($bbcode_match, $bbcode_tpl);
// Make sure the user didn't pick a "bad" name for the BBCode tag. // Make sure the user didn't pick a "bad" name for the BBCode tag.
@ -238,6 +241,19 @@ class acp_bbcodes
add_log('admin', $log_action, $data['bbcode_tag']); add_log('admin', $log_action, $data['bbcode_tag']);
trigger_error($user->lang[$lang] . adm_back_link($this->u_action)); trigger_error($user->lang[$lang] . adm_back_link($this->u_action));
}
else
{
confirm_box(false, $user->lang['BBCODE_DANGER'], build_hidden_fields(array(
'action' => $action,
'bbcode' => $bbcode_id,
'bbcode_match' => $bbcode_match,
'bbcode_tpl' => htmlspecialchars($bbcode_tpl),
'bbcode_helpline' => $bbcode_helpline,
'display_on_posting' => $display_on_posting,
))
, 'confirm_bbcode.html');
}
break; break;

3
phpBB/language/en/acp/posting.php
View File

@ -41,6 +41,9 @@ $lang = array_merge($lang, array(
'ACP_BBCODES_EXPLAIN' => 'BBCode is a special implementation of HTML offering greater control over what and how something is displayed. From this page you can add, remove and edit custom BBCodes.', 'ACP_BBCODES_EXPLAIN' => 'BBCode is a special implementation of HTML offering greater control over what and how something is displayed. From this page you can add, remove and edit custom BBCodes.',
'ADD_BBCODE' => 'Add a new BBCode', 'ADD_BBCODE' => 'Add a new BBCode',
'BBCODE_DANGER' => 'The BBCode you are trying to add seems to use a {TEXT} token inside a HTML attribute. This is a possible XSS security issue. Try using the more restrictive {SIMPLETEXT} type instead. Only proceed if you understand the risks involved and you consider the use of {TEXT} absolutely unavoidable.',
'BBCODE_DANGER_PROCEED' => 'Proceed', //'I understand the risk',
'BBCODE_ADDED' => 'BBCode added successfully.', 'BBCODE_ADDED' => 'BBCode added successfully.',
'BBCODE_EDITED' => 'BBCode edited successfully.', 'BBCODE_EDITED' => 'BBCode edited successfully.',
'BBCODE_NOT_EXIST' => 'The BBCode you selected does not exist.', 'BBCODE_NOT_EXIST' => 'The BBCode you selected does not exist.',