tags 365533 patch
thanks
On Wed, May 03, 2006 at 10:56:33AM +0200, Thijs Kinkhorst wrote:
> Thanks for the report. While I think that people who are admin can
> already do a lot of damage and should hence be considered trusted,
> executing php code is a step further in permissions and thus this can be
> considered a security issue. I will look into a fix soon.
Patch (untested):
--- phpBB2/viewtopic.php 2005-10-31 08:32:37.000000000 +0100
+++ phpBB2/viewtopic.php 2006-05-15 08:25:12.000000000 +0200
@@ -1105,6 +1105,12 @@
{
// This was shamelessly 'borrowed' from volker at
multiartstudio dot de
// via php.net's annotated manual
+
+ // First, defuse fontcolor3, as it'd otherwise be arbitrary
code execution
+ if (!eregi("^[0-9a-f]+$", $theme['fontcolor3'])) {
+ $theme['fontcolor3'] = 'FFA34F';
+ }
+
$message = str_replace('\"', '"',
substr(@preg_replace('#(\>(((?>([^><]+|(?R)))*)\<))#se', "@preg_replace('#\b("
. str_replace('\\', '\\\\', addslashes($highlight_match)) . ")\b#i', '<span
style=\"color:#" . $theme['fontcolor3'] . "\"><b>\\\\1</b></span>', '\\0')",
'>' . $message . '<'), 1, -1));
}
--Jeroen
--
Jeroen van Wolffelaar
[EMAIL PROTECTED] (also for Jabber & MSN; ICQ: 33944357)
http://Jeroen.A-Eskwadraat.nl
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
