Skip to content

Commit ccf6e6c

Browse files
committed
Merge pull request #69 from phpbb/ticket/security-279
[ticket/security/279] Escape smilies URL and prevent paths in .pak filename
2 parents 8fe3a97 + 266376a commit ccf6e6c

File tree

1 file changed

+3
-3
lines changed

1 file changed

+3
-3
lines changed

Diff for: phpBB/includes/acp/acp_icons.php

+3-3
Original file line numberDiff line numberDiff line change
@@ -550,7 +550,7 @@ function main($id, $mode)
550550
trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
551551
}
552552

553-
if (!($pak_ary = @file($phpbb_root_path . $img_path . '/' . $pak)))
553+
if (!($pak_ary = @file($phpbb_root_path . $img_path . '/' . utf8_basename($pak))))
554554
{
555555
trigger_error($user->lang['PAK_FILE_NOT_READABLE'] . adm_back_link($this->u_action), E_USER_WARNING);
556556
}
@@ -654,7 +654,7 @@ function main($id, $mode)
654654
{
655655
$replace_sql = ($mode == 'smilies') ? $code : $img;
656656
$sql = array(
657-
$fields . '_url' => $img,
657+
$fields . '_url' => utf8_substr(rawurlencode($img), 0, 50),
658658
$fields . '_height' => (int) $height,
659659
$fields . '_width' => (int) $width,
660660
'display_on_posting' => (int) $display_on_posting,
@@ -676,7 +676,7 @@ function main($id, $mode)
676676
++$order;
677677

678678
$sql = array(
679-
$fields . '_url' => $img,
679+
$fields . '_url' => utf8_substr(rawurlencode($img), 0, 50),
680680
$fields . '_height' => (int) $height,
681681
$fields . '_width' => (int) $width,
682682
$fields . '_order' => (int) $order,

0 commit comments

Comments
 (0)