Remove $config['url_regex'];
This commit is contained in:
parent
b038e0b244
commit
32c999346f
@ -1444,6 +1444,3 @@
|
|||||||
// is the absolute maximum, because MySQL cannot handle table names greater than 64 characters.
|
// is the absolute maximum, because MySQL cannot handle table names greater than 64 characters.
|
||||||
$config['board_regex'] = '[0-9a-zA-Z$_\x{0080}-\x{FFFF}]{1,58}';
|
$config['board_regex'] = '[0-9a-zA-Z$_\x{0080}-\x{FFFF}]{1,58}';
|
||||||
|
|
||||||
// Regex for URLs.
|
|
||||||
$config['url_regex'] = '@^(?i)\b((?:[a-z][\w-]+:(?:/{1,3}|[a-z0-9%])|www\d{0,3}[.]|[a-z0-9.\-]+[.][a-z]{2,4}/)(?:[^\s()<>]+|\(([^\s()<>]+|(\([^\s()<>]+\)))*\))+(?:\(([^\s()<>]+|(\([^\s()<>]+\)))*\)|[^\s`!()\[\]{};:\'".,<>?«»“”‘’]))$@';
|
|
||||||
|
|
||||||
|
@ -94,7 +94,7 @@ function loadConfig() {
|
|||||||
if (!isset($config['referer_match']))
|
if (!isset($config['referer_match']))
|
||||||
if (isset($_SERVER['HTTP_HOST'])) {
|
if (isset($_SERVER['HTTP_HOST'])) {
|
||||||
$config['referer_match'] = '/^' .
|
$config['referer_match'] = '/^' .
|
||||||
(preg_match($config['url_regex'], $config['root']) ? '' :
|
(preg_match('@^https?:@//', $config['root']) ? '' :
|
||||||
'https?:\/\/' . $_SERVER['HTTP_HOST']) .
|
'https?:\/\/' . $_SERVER['HTTP_HOST']) .
|
||||||
preg_quote($config['root'], '/') .
|
preg_quote($config['root'], '/') .
|
||||||
'(' .
|
'(' .
|
||||||
|
2
post.php
2
post.php
@ -273,7 +273,7 @@ if (isset($_POST['delete'])) {
|
|||||||
|
|
||||||
if ($config['allow_upload_by_url'] && isset($_POST['file_url']) && !empty($_POST['file_url'])) {
|
if ($config['allow_upload_by_url'] && isset($_POST['file_url']) && !empty($_POST['file_url'])) {
|
||||||
$post['file_url'] = $_POST['file_url'];
|
$post['file_url'] = $_POST['file_url'];
|
||||||
if (!preg_match($config['url_regex'], $post['file_url']))
|
if (!preg_match('@^https?:@//', $post['file_url']))
|
||||||
error($config['error']['invalidimg']);
|
error($config['error']['invalidimg']);
|
||||||
|
|
||||||
if (mb_strpos($post['file_url'], '?') !== false)
|
if (mb_strpos($post['file_url'], '?') !== false)
|
||||||
|
Loading…
Reference in New Issue
Block a user