Double-escaping the user's data and enhanced the website verification…

… enhancement. (reverse-merged from commit bae6745) See 16#issuecomment-13046002
mybb · Feb 8, 2013 · 2b05b92 · 2b05b92
1 parent 5354972
commit 2b05b92
Show file tree

Hide file tree

Showing 8 changed files with 42 additions and 116 deletions.
diff --git a/inc/datahandlers/user.php b/inc/datahandlers/user.php
@@ -282,18 +282,17 @@ function verify_website()
 	{
 		$website = &$this->data['website'];
 
-		$website_lower = my_strtolower($website);
-		if(empty($website) || $website_lower == 'http://' || $website_lower == 'https://')
+		if(empty($website) || my_strtolower($website) == 'http://' || my_strtolower($website) == 'https://')
 		{
 			$website = '';
 			return true;
 		}
 
 		// Does the website start with http(s)://?
-		if(!validate_website_format($website))
+		if(my_strtolower(substr($website, 0, 4)) != "http")
 		{
-			$this->set_error('invalid_website');
-			return false;
+			// Website does not start with http://, let's see if the user forgot.
+			$website = "http://".$website;
 		}
 
 		return true;
@@ -1007,15 +1006,15 @@ function insert_user()
 			"usergroup" => intval($user['usergroup']),
 			"additionalgroups" => $db->escape_string($user['additionalgroups']),
 			"displaygroup" => intval($user['displaygroup']),
-			"usertitle" => $db->escape_string($user['usertitle']),
+			"usertitle" => $db->escape_string(htmlspecialchars_uni($user['usertitle'])),
 			"regdate" => intval($user['regdate']),
 			"lastactive" => intval($user['lastactive']),
 			"lastvisit" => intval($user['lastvisit']),
-			"website" => $db->escape_string($user['website']),
+			"website" => $db->escape_string(htmlspecialchars($user['website'])),
 			"icq" => intval($user['icq']),
-			"aim" => $db->escape_string($user['aim']),
-			"yahoo" => $db->escape_string($user['yahoo']),
-			"msn" => $db->escape_string($user['msn']),
+			"aim" => $db->escape_string(htmlspecialchars($user['aim'])),
+			"yahoo" => $db->escape_string(htmlspecialchars($user['yahoo'])),
+			"msn" => $db->escape_string(htmlspecialchars($user['msn'])),
 			"birthday" => $user['bday'],
 			"signature" => $db->escape_string($user['signature']),
 			"allownotices" => $user['options']['allownotices'],
@@ -1172,7 +1171,7 @@ function update_user()
 		}
 		if(isset($user['usertitle']))
 		{
-			$this->user_update_data['usertitle'] = $db->escape_string($user['usertitle']);
+			$this->user_update_data['usertitle'] = $db->escape_string(htmlspecialchars_uni($user['usertitle']));
 		}
 		if(isset($user['regdate']))
 		{
@@ -1192,23 +1191,23 @@ function update_user()
 		}
 		if(isset($user['website']))
 		{
-			$this->user_update_data['website'] = $db->escape_string($user['website']);
+			$this->user_update_data['website'] = $db->escape_string(htmlspecialchars($user['website']));
 		}
 		if(isset($user['icq']))
 		{
 			$this->user_update_data['icq'] = intval($user['icq']);
 		}
 		if(isset($user['aim']))
 		{
-			$this->user_update_data['aim'] = $db->escape_string($user['aim']);
+			$this->user_update_data['aim'] = $db->escape_string(htmlspecialchars($user['aim']));
 		}
 		if(isset($user['yahoo']))
 		{
-			$this->user_update_data['yahoo'] = $db->escape_string($user['yahoo']);
+			$this->user_update_data['yahoo'] = $db->escape_string(htmlspecialchars($user['yahoo']));
 		}
 		if(isset($user['msn']))
 		{
-			$this->user_update_data['msn'] = $db->escape_string($user['msn']);
+			$this->user_update_data['msn'] = $db->escape_string(htmlspecialchars($user['msn']));
 		}
 		if(isset($user['bday']))
 		{

diff --git a/inc/functions.php b/inc/functions.php
@@ -5176,28 +5176,6 @@ function validate_email_format($email)
 	return preg_match("/^[a-zA-Z0-9&*+\-_.{}~^\?=\/]+@[a-zA-Z0-9-]+\.([a-zA-Z0-9-]+\.)*[a-zA-Z0-9-]{2,}$/si", $email);
 }
 
-/**
- * Validates the format of a website address.
- *
- * @param string The string to check.
- * @return boolean True when valid, false when invalid.
- */
-function validate_website_format($website)
-{
-	if(empty($website) || !trim($website) || !my_strtolower(substr($website, 0, 4)) == 'http')
-	{
-		return false;
-	}
-
-	$website_lower = my_strtolower($website);
-	if($website_lower == 'http://' || $website_lower == 'https://')
-	{
-		return false;
-	}
-
-	return preg_match("/^(http(s?):\/\/)?(www\.)+[a-zA-Z0-9\.\-\_]+(\.[a-zA-Z]{2,3})+(\/[a-zA-Z0-9\_\-\s\.\/\?\%\#\&\=]*)?$/", $website);
-}
-
 /**
  * Checks to see if the email is already in use by another
  *

diff --git a/inc/functions_post.php b/inc/functions_post.php
@@ -355,27 +355,17 @@ function build_postbit($post, $post_type=0)
 
 			eval("\$post['button_rep'] = \"".$templates->get("postbit_rep_button")."\";");
 		}
-
-		if(validate_website_format($post['website']))
+		
+		if($post['website'] != "")
 		{
 			$post['website'] = htmlspecialchars_uni($post['website']);
 			eval("\$post['button_www'] = \"".$templates->get("postbit_www")."\";");
 		}
 		else
 		{
-			$post['website'] = $post['button_www'] = '';
-		}
-
-		$post['icq'] = (int)$post['icq'];
-		if(!$post['icq'])
-		{
-			$post['icq'] = '';
+			$post['button_www'] = "";
 		}
-
-		$post['msn'] = htmlspecialchars_uni($post['msn']);
-		$post['aim'] = htmlspecialchars_uni($post['aim']);
-		$post['yahoo'] = htmlspecialchars_uni($post['yahoo']);
-
+
 		if($post['hideemail'] != 1 && $mybb->usergroup['cansendemail'] == 1)
 		{
 			eval("\$post['button_email'] = \"".$templates->get("postbit_email")."\";");

diff --git a/member.php b/member.php
@@ -1522,14 +1522,11 @@
 		$bgcolors[$cat] = alt_trow();
 	}
 
-	if(validate_website_format($memprofile['website']))
+	$website = '';
+	if($memprofile['website'])
 	{
 		$memprofile['website'] = htmlspecialchars_uni($memprofile['website']);
-		$website = '<a href="'.$memprofile['website'].'" target="_blank">'.$memprofile['website'].'</a>';
-	}
-	else
-	{
-		$memprofile['website'] = $website = '';
+		$website = "<a href=\"{$memprofile['website']}\" target=\"_blank\">{$memprofile['website']}</a>";
 	}
 
 	$signature = '';
@@ -1578,8 +1575,11 @@
 		$percent = 100;
 	}
 
-	$memprofile['icq'] = (int)$memprofile['icq'];
-	if(!$memprofile['icq'])
+	if(!empty($memprofile['icq']))
+	{
+		$memprofile['icq'] = intval($memprofile['icq']);
+	}
+	else
 	{
 		$memprofile['icq'] = '';
 	}

diff --git a/memberlist.php b/memberlist.php
@@ -321,25 +321,6 @@
 			}
 		}
 
-		if(validate_website_format($user['website']))
-		{
-			$user['website'] = htmlspecialchars_uni($user['website']);
-		}
-		else
-		{
-			$user['website'] = '';
-		}
-
-		$user['icq'] = (int)$user['icq'];
-		if(!$user['icq'])
-		{
-			$user['icq'] = '';
-		}
-
-		$user['msn'] = htmlspecialchars_uni($user['msn']);
-		$user['aim'] = htmlspecialchars_uni($user['aim']);
-		$user['yahoo'] = htmlspecialchars_uni($user['yahoo']);
-
 		if($user['userstars'] && $usergroup['groupimage'])
 		{
 			$user['userstars'] = "<br />".$user['userstars'];

diff --git a/misc.php b/misc.php
@@ -551,37 +551,18 @@
 	$navigationbar = $navsep = '';
 	if($user['aim'])
 	{
-		$user['aim'] = htmlspecialchars_uni($user['aim']);
 		$navigationbar .= "<a href=\"misc.php?action=imcenter&amp;imtype=aim&amp;uid=$uid\">$lang->aol_im</a>";
 		$navsep = ' - ';
 	}
 	if($user['msn'])
 	{
-		$user['msn'] = htmlspecialchars_uni($user['msn']);
 		$navigationbar .= "$navsep<a href=\"misc.php?action=imcenter&amp;imtype=msn&amp;uid=$uid\">$lang->msn</a>";
 		$navsep = ' - ';
 	}
 	if($user['yahoo'])
 	{
-		$user['yahoo'] = htmlspecialchars_uni($user['yahoo']);
 		$navigationbar .= "$navsep<a href=\"misc.php?action=imcenter&amp;imtype=yahoo&amp;uid=$uid\">$lang->yahoo_im</a>";
 	}
-
-	$user['icq'] = (int)$user['icq'];
-	if(!$user['icq'])
-	{
-		$user['icq'] = '';
-	}
-
-	if(validate_website_format($user['website']))
-	{
-		$user['website'] = htmlspecialchars_uni($user['website']);
-	}
-	else
-	{
-		$user['website'] = '';
-	}
-
 	$lang->msn_address_is = $lang->sprintf($lang->msn_address_is, $user['username']);
 	$lang->send_y_message = $lang->sprintf($lang->send_y_message, $user['username']);
 	$lang->view_y_profile = $lang->sprintf($lang->view_y_profile, $user['username']);

diff --git a/modcp.php b/modcp.php
@@ -1821,25 +1821,20 @@
 		error_no_permission();
 	}
 
-	if(validate_website_format($user['website']))
+	if($user['website'] == "" || $user['website'] == "http://")
 	{
-		$user['website'] = htmlspecialchars_uni($user['website']);
+		$user['website'] = "http://";
 	}
-	else
+
+	if($user['icq'] != "0")
 	{
-		$user['website'] = '';
+		$user['icq'] = intval($user['icq']);
 	}
-
-	$user['icq'] = (int)$user['icq'];
-	if(!$user['icq'])
+	if($user['icq'] == 0)
 	{
-		$user['icq'] = '';
+		$user['icq'] = "";
 	}
 
-	$user['msn'] = htmlspecialchars_uni($user['msn']);
-	$user['aim'] = htmlspecialchars_uni($user['aim']);
-	$user['yahoo'] = htmlspecialchars_uni($user['yahoo']);
-
 	if(!$errors)
 	{
 		$mybb->input = array_merge($user, $mybb->input);

diff --git a/usercp.php b/usercp.php
@@ -352,21 +352,23 @@
 		$bdayprivacysel .= "<option value=\"age\" selected=\"selected\">{$lang->birthdayprivacyage}</option>";
 	}
 
-	if(validate_website_format($user['website']))
+	if($user['website'] == "" || $user['website'] == "http://")
 	{
-		$user['website'] = htmlspecialchars_uni($user['website']);
+		$user['website'] = "http://";
 	}
 	else
 	{
-		$user['website'] = '';
+		$user['website'] = htmlspecialchars_uni($user['website']);
 	}
 
-	$user['icq'] = (int)$user['icq'];
-	if(!$user['icq'])
+	if($user['icq'] != "0")
 	{
-		$user['icq'] = '';
+		$user['icq'] = intval($user['icq']);
+	}
+	if($user['icq'] == 0)
+	{
+		$user['icq'] = "";
 	}
-
 	if($errors)
 	{
 		$user['msn'] = htmlspecialchars_uni($user['msn']);