Improved IMG BBCode fix
Posted by Falk on 08/07/2005
The recent img bbcode patchfixed one problem but it is still exploitable under certain conditions. I have been working on a long term solution and have created a more reliable fix. The Sourceforge files have been updated, existing users can download the new maincore.php file from the downloads area. If you prefer to update the code yourself click Read More for instructions.
Extended News
Edit maincore.php and make the following changes:
1. After this function:
// Validate numeric input
function isnum($value) {
return (preg_match("/^[0-9]+$/", $value));
}
Insert the following:
// Validate bbcode images
function isImage($matches) {
$im = $matches[1].str_replace(array("?","&","="),"",$matches[3]).$matches[4];
if (list($width, $height, $type, $attr) = @getimagesize($im)) {
$ret = "![](".$im.")
";
} else {
$ret = "[img]Image Blocked[/img]";
}
return $ret;
}
2. Remove these lines under the parseubb function:
$ubbs1[10] = '#\[img\](.*?)\[/img\]#si';
$ubbs2[10] = '
';
or if you've applied the first bb fix remove these lines:
$ubbs1[10] = "#\[img\]((http|ftp|https|ftps)://)(.*?)(\.(jpg|jpeg|gif|png|JPG|JPEG|GIF|PNG))\[/img\]#sie";
$ubbs2[10] = "','','\\3').'\\4\')
'";
3. After this line:
for ($i=0;$i < $ubbitems;$i++) $message = preg_replace($ubbs1, $ubbs2, $message);
Insert:
$message = preg_replace_callback("#\[img\]((http|ftp|https|ftps)://)(.*?)(\.(jpg|jpeg|gif|png|JPG|JPEG|GIF|PNG))\[/img\]#si","isImage",$message);