#747 closed defect (bug) (fixed)
bp-activity-templatetags.php - preg_replace
Reported by: | DJPaul | Owned by: | |
---|---|---|---|
Milestone: | Priority: | minor | |
Severity: | Version: | 1.0 | |
Component: | Keywords: | ||
Cc: | djpaul@…, apeatling |
Description
The call to preg_replace on line 256 in bp-activity-templatetags.php is, I don't think, adequately escaped. Andy, when we were looking at some of the XSS-related things last night, I got these in my log -
[Fri May 15 22:16:35 2009] [error] [client 127.0.0.1] PHP Warning: preg_replace() [<a href='function.preg-replace'>function.preg-replace</a>]: Unknown modifier 'C' in /Users/Paul/Sites/example.com/wp-content/plugins/buddypress/bp-activity/bp-activity-templatetags.php on line 256, referer: http://example.com/groups
Also had some for "Unknown modifier '/'". I've got no idea what particular string was causing these specifically.
Need to investigate this more, will do so for 1.0.2.