In MyBB 1.8, templates rely on HTML code with basic references to PHP variables, rendered by executing them as PHP code (eval()
). This limitation is enforced through regular expression-based validation (performed during the importing of themes, and modification of individual templates).
However, the validation process did not account for runtime errors related to regular expression operations in PHP (PCRE) that may occur i.a. when resource limits are exceeded when attempting to process specific content.
As a result of using loose comparisons (which allow type juggling) in connection with PHP functions whose return types may change depending on the error state, the returned values may have been misinterpreted as those indicating safe content:
preg_match()
(integer0
indicating no suspicious content — booleanfalse
on PCRE errors)preg_replace()
(string with all remaining expressions interpreted as unsafe —null
on PCRE errors)
What do you think?
It is nice to know your opinion. Leave a comment.