Bug#308282: [phpbb2 #308282] upstream patch

Alexis Sukrieh Mon, 09 May 2005 03:23:02 -0700

tags 308282 + patch
thanks

Hello.


According to the upstream forum, this security issue is resolved in
2.0.15.

Find attached a diff made against 2.0.15 and our last sid version.

It looks like this patch can be applied to close the bug.

Regards.

-- 
                                  Alexis Sukrieh <[EMAIL PROTECTED]>
                                               http://www.sukria.net

� Quidquid latine dictum sit, altum sonatur. � 
Whatever is said in Latin sounds profound.

--- phpbb2-2.0.13+1/phpBB2/includes/bbcode.php  2005-02-27 20:30:44.000000000 
+0100
+++ phpBB2/includes/bbcode.php  2005-05-07 16:15:54.000000000 +0200
@@ -6,7 +6,7 @@
  *   copyright            : (C) 2001 The phpBB Group
  *   email                : [EMAIL PROTECTED]
  *
- *   $Id: bbcode.php,v 1.36.2.32 2004/07/11 16:46:19 acydburn Exp $
+ *   $Id: bbcode.php,v 1.36.2.33 2005/05/06 22:58:19 acydburn Exp $
  *
  ***************************************************************************/
 
@@ -124,6 +124,8 @@
 {
        global $lang, $bbcode_tpl;
 
+       $text = preg_replace('#(script|about|applet|activex|chrome):#is', 
"\\1&#058;", $text);
+
        // pad it with a space so we can distinguish between FALSE and matching 
the 1st char (index 0).
        // This is important; bbencode_quote(), bbencode_list(), and 
bbencode_code() all depend on it.
        $text = " " . $text;
@@ -194,7 +196,7 @@
 
        // [img]image_url_here[/img] code..
        // This one gets first-passed..
-       $patterns[] = "#\[img:$uid\](.*?)\[/img:$uid\]#si";
+       $patterns[] = "#\[img:$uid\]([^?].*?)\[/img:$uid\]#i";
        $replacements[] = $bbcode_tpl['img'];
 
        // matches a [url]xxxx://www.phpbb.com[/url] code..
@@ -206,11 +208,11 @@
        $replacements[] = $bbcode_tpl['url2'];
 
        // [url=xxxx://www.phpbb.com]phpBB[/url] code..
-       $patterns[] = "#\[url=([\w]+?://[^ \"\n\r\t<]*?)\](.*?)\[/url\]#is";
+       $patterns[] = "#\[url=([\w]+?://[^ \"\n\r\t<]*?)\]([^?].*?)\[/url\]#i";
        $replacements[] = $bbcode_tpl['url3'];
 
        // [url=www.phpbb.com]phpBB[/url] code.. (no xxxx:// prefix).
-       $patterns[] = "#\[url=((www|ftp)\.[^ \"\n\r\t<]*?)\](.*?)\[/url\]#is";
+       $patterns[] = "#\[url=((www|ftp)\.[^ 
\"\n\r\t<]*?)\]([^?].*?)\[/url\]#i";
        $replacements[] = $bbcode_tpl['url4'];
 
        // [EMAIL PROTECTED]/email] code..
@@ -614,6 +616,7 @@
  */
 function make_clickable($text)
 {
+       $text = preg_replace('#(script|about|applet|activex|chrome):#is', 
"\\1&#058;", $text);
 
        // pad it with a space so we can match things at the start of the 1st 
line.
        $ret = ' ' . $text;

Bug#308282: [phpbb2 #308282] upstream patch

Reply via email to