View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000149 | XMB1 | Bugs | public | 2008-08-31 00:32 | 2008-11-16 19:38 |
| Reporter | miqrogroove | Assigned To | miqrogroove | ||
| Priority | high | Severity | major | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Product Version | 1.9.8 SP2 | ||||
| Target Version | 1.9.11 | Fixed in Version | 1.9.11 | ||
| Summary | 0000149: I/O Failure in [size] BBCode | ||||
| Description | Post.php does not pass our standard I/O test if wrapped in [size] BBCode tags. This leads to a trivial bypass of the entire censor system as well as cosmetic slashing problems. | ||||
| Steps To Reproduce | [size=5] {1; 2' 3" 4< 5> 6& 7$db++;} {1+ 2# 3% 4& 5= 6: 7/ 8?} {1\ 2\\ 3\\\ 4\\\\} {'-- hitshitshits misspellled 12345} {1[b]bold[/b] 2:) 3<body> 4[*]test 5javaScript:alert(1); 6!--} [/size] | ||||
| Tags | No tags attached. | ||||
| MySQL Version | |||||
| PHP Version | |||||
| Web Server | |||||
| Browser | |||||
| Flags | |||||
| Original Reporter | |||||
| SVN Revision | 1355 | ||||
|
|
Don't be fooled by the ugly replacement string. It is actually the pattern string that is at fault here. The pattern is crap. In order to call createAbsFSizeFromRel in the middle of the pattern it would be necessary to use preg_replace_callback() to pre-parse all the [size] tags, and then use a simplified pattern for the HTML replacement. Again, this seems like a crap strategy. Notice function createAbsFSizeFromRel() is never used anywhere other than in the BBCode parser. Let's take the [size] tag out of the preg_replace() arrays entirely, and set it up with a straight preg_replace_callback($new_pattern, 'createAbsFSizeFromRel', $message); The argument for the callback function changes from $rel to $matches, and the function returns raw HTML. To make it look pretty, change the callback function's name to something like bbcodeSizeTags(). |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2008-08-31 00:32 | miqrogroove | New Issue | |
| 2008-08-31 00:32 | miqrogroove | Steps to Reproduce Updated | |
| 2008-08-31 02:43 | miqrogroove | Note Added: 0000055 | |
| 2008-11-13 14:37 | miqrogroove | Assigned To | => miqrogroove |
| 2008-11-13 14:37 | miqrogroove | Status | new => assigned |
| 2008-11-13 14:37 | miqrogroove | Projection | none => minor fix |
| 2008-11-13 14:37 | miqrogroove | Steps to Reproduce Updated | |
| 2008-11-13 15:11 | miqrogroove | SVN Revision | => 1355 |
| 2008-11-13 15:11 | miqrogroove | Status | assigned => resolved |
| 2008-11-13 15:11 | miqrogroove | Fixed in Version | => 1.9.11 |
| 2008-11-13 15:11 | miqrogroove | Resolution | open => fixed |
| 2008-11-16 19:38 | miqrogroove | Status | resolved => closed |
