* [#17636] Check img tags for valid file name

^ [#20106] Updated version info to 1.5.13


git-svn-id: file:///Users/oratzes/svn/kunena@3473 daf2aa89-cb5b-0410-b8ee-fe93ebc9b27d

administrator/components/com_kunena/manifest.xml

@@ -1,8 +1,8 @@
 <?xml version="1.0" encoding="utf-8"?>
 <install type="component" version="1.5.0" method="upgrade">
 	<name>Kunena</name>
-	<version>1.5.12</version>
-	<versionname>Calificar</versionname>
+	<version>1.5.13</version>
+	<versionname>Unasema</versionname>
 	<creationDate>@kunenaversiondate@</creationDate>
 	<build>@kunenaversionbuild@</build>
 	<author>www.Kunena.com</author>

components/com_kunena/CHANGELOG.php

@@ -31,6 +31,12 @@
 
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
+Kunena 1.5.13
+
+11-Sep-2010 fxstein
+* [#17636] Check img tags for valid file name
+^ [#20106] Updated version info to 1.5.13
+
 Kunena 1.5.12
 
 18-Jun-2010 Matias

components/com_kunena/lib/kunena.parser.php

@@ -360,12 +360,16 @@ function TagExtended(&$tag_new, &$task, $tag, $between) {
                 	static $file_ext = null;
 	              	$matches = null;
 
+	              	// Perform basic filename validation before checking extension
+	              	if (preg_match('/[\?\&\#\=]/', $between)) return TAGPARSER_RET_NOTHING;
+
                 	if (empty($file_ext)) {
     	            	$params = &JComponentHelper::getParams( 'com_media' );
         	        	$file_ext = explode(',', $params->get('upload_extensions'));
                 	}
+
             	    preg_match('/\.([\w\d]+)$/', $between, $matches);
-                	if (!in_array(strtolower($matches[1]), $file_ext)) break;
+                	if (!in_array(strtolower($matches[1]), $file_ext)) return TAGPARSER_RET_NOTHING;
 
                 	$tempstr = kunena_htmlspecialchars($between, ENT_QUOTES);
                 	if ($kunena_my->id==0 && $fbConfig->showimgforguest) {