76 (edited by Visman 2021-03-17 15:35)

Re: PunBB 1.4.4

In PunbB email bbode is changed differently (Google Translate terribly translates from Russian into English, it does not correctly understand the connection of words, and this results in confusion in the end.)

https://i.ibb.co/7rzK08f/146.png
In PunBB 1.4.6, they simply removed the ability to insert other bbcodes into email bbcode. Rearranging the processing of email bbcode above does not play any role. (UPDATE: Here I was wrong. The permutation affected the display of the email bbcode if there is another bbcode inside it. )
I, in the 39th fix, encode the email which is inserted into the href attribute via the rawurlencode() function. As a result, even if there were some bbcodes, they will no longer be converted to html.

Example:

[email]%3Cscript%3Ealert%281%29%3C%2Fscript%3E@examle.com[/email]
[email]my.super.puper<>email@mail.com[/email]
[email=<b>ffff</b>@<b>ffff</b>][b]test email and bbcode[/b][/email]

[email=javascript:alert(1)]<script>alert(2)</script>[/email]
[email]<script>alert(2)</script>[/email]

-->

<a href="mailto:%3Cscript%3Ealert%281%29%3C%2Fscript%3E@examle.com">%3Cscript%3Ealert%281%29%3C%2Fscript%3E@examle.com</a><br />
<a href="mailto:my.super.puper%26lt%3B%26gt%3Bemail@mail.com">my.super.puper&lt;&gt;email@mail.com</a><br />
<a href="mailto:%26lt%3Bb%26gt%3Bffff%26lt%3B%2Fb%26gt%3B@%26lt%3Bb%26gt%3Bffff%26lt%3B%2Fb%26gt%3B"><strong>test email and bbcode</strong></a>

<a href="mailto:javascript%3Aalert%281%29">&lt;script&gt;alert(2)&lt;/script&gt;</a><br />
<a href="mailto:%26lt%3Bscript%26gt%3Balert%282%29%26lt%3B%2Fscript%26gt%3B">&lt;script&gt;alert(2)&lt;/script&gt;</a>

P.S. And I repeat once again: I have doubts about the possibility of the existence of XSS.
P.P.S. Why then url bbcode is not changed. There is a similar situation wink
P.P.P.S. If I'm not clear, Google Translate is to blame smile

Parserus, UserAgentAnalyzer.
I speak only Russian  :P