Universal-Omega/DynamicPageList3
1
0
Fork 0
mirror of https://github.com/Universal-Omega/DynamicPageList3 synced 2024-11-28 01:50:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Only check for buffer overflow (#223)

Browse source 
The other regex validation seems unnecessary.
This commit is contained in:
CosmicAlpha 2023-03-12 13:18:38 -06:00 committed by GitHub
parent 18b9da6402
commit 7cf983cb03
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
CHANGELOG.md
View file

@ -810,4 +810,5 @@ Many thanks to GreenReaper on GitHub for reporting and finding issues with core
# Version 3.5.2 # Version 3.5.2
* Added support for PHP 8.0 and PHP 8.1 * Added support for PHP 8.0 and PHP 8.1
* Added additional ReDoS security validation for `dplreplace` and enabled the `SecurityCheck-ReDoS` phan check * Enabled the `SecurityCheck-ReDoS` phan check
* Added buffer overflow check for `dplreplace`

4
includes/Hooks.php
View file

@ -376,8 +376,8 @@ class Hooks {
$pat = '`' . str_replace( '`', '\`', $pat ) . '`'; $pat = '`' . str_replace( '`', '\`', $pat ) . '`';
} }
// check for dangerous patterns // Check for buffer overflow
if ( preg_match( '/(\(\?[:\!R0])|(\\\d)|(\\{\\d+\\,\\d+\\})|(\\[.*\\])|(\\?=)|(\\?!)|(\\?<=)|(\\?<!)/', $pat ) ) { if ( strlen( $pat ) > 1000 ) {
return ''; return '';
} }