Jump to the post that solved this thread.
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Solved: 3 Years, 9 Months, 2 Weeks ago [Security] Custom Profile Field Regular Expression Error
#1
Solved: 3 Years, 9 Months, 2 Weeks ago
Right so - I've recently added two new custom profile fields. One checks that the input is a valid image URL using https:// and the other input is a #000000 hex colour code.

The more complex image regular expression works perfectly as expected, the hex colour validation does not, it even throws PHP warnings...

Quote:^#([A-Fa-f0-9]{6}|[A-Fa-f0-9]{3})$

I even colour coded it. Toungue

Is there any reason this doesn't work for PHP/PCRE?
Reply
#2
Solved: 3 Years, 9 Months, 2 Weeks ago
Are there no regular expression wizards here? Sleepy
Reply
#3
Solved: 3 Years, 9 Months, 2 Weeks ago
I may be mistaken, but I seem to recall that PHP requires open and close tags for the REGEX.

/^#([0-9a-fA-F]{6}|[0-9a-fA-F]{3})$/

Also, depending if you used single or double quotes, you may need to escape the dollar sign (indicates start of a variable's name in double quotes).
Reply
#4
Solved: 3 Years, 9 Months, 2 Weeks ago
# is used as an opening and closing tag (https://github.com/mybb/mybb/blob/mybb_1...r.php#L588), and thus needs to be escaped.
Additionally, there's no need to account for uppercase letters as profile field expressions are always case insensitive:
^\#([a-f0-9]{6}|[a-f0-9]{3})$

And if you'd like to allow empty values:
^(|\#([a-f0-9]{6}|[a-f0-9]{3}))$
devilshakerz.com/pgp (DF3A 34D9 A627 42E5 BC6A 6750 1F2F B8AA 28FF E1BC) ▪ keybase.io/devilshakerz
Reply
#5
Solved: 3 Years, 9 Months, 2 Weeks ago
Thanks Devil, I figured it had something to do with MyBB specific parsing. Smile
Reply
Jump to the post that solved this thread.


Forum Jump:


Users browsing this thread: 1 Guest(s)