Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fixes XSS in misc.php
  • Loading branch information
Stefan-MyBB committed Nov 20, 2013
1 parent ded6525 commit 6212bc9
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion misc.php
Expand Up @@ -486,7 +486,7 @@
$smilies = '';
if($mybb->input['popup'])
{ // make small popup list of smilies
$editor = addslashes(htmlentities($mybb->input['editor']));
$editor = preg_replace('#([^a-zA-z0-9_-]+)#', '', $mybb->input['editor']);

This comment has been minimized.

Copy link
@RyanGordon

RyanGordon Jan 5, 2014

shouldn't this be a-zA-Z0-9_-

This comment has been minimized.

Copy link
@nmalcolm

nmalcolm Jan 5, 2014

Contributor

@RyanGordon Good catch, fixed in 8613a4f (1.6) and d9eb9ab (1.8). :-)

This comment has been minimized.

Copy link
@RyanGordon

RyanGordon Jan 6, 2014

👍

$e = 1;
$class = "trow1";
$smilies = "<tr>";
Expand Down

0 comments on commit 6212bc9

Please sign in to comment.