diff --git a/inc/functions.php b/inc/functions.php index a7b6b434..190b98ae 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -1436,7 +1436,7 @@ function markup(&$body, $track_cites = false) { } // Cross-board linking - if (preg_match_all('/(^|\s)>>>\/(\w+?)\/(\d+)?([\s,.)?]|$)/m', $body, $cites)) { + if (preg_match_all('/(^|\s)>>>\/([\w.+]+?)\/(\d+)?([\s,.)?]|$)/m', $body, $cites)) { if (count($cites[0]) > $config['max_cites']) { error($config['error']['toomanycross']); } diff --git a/inc/mod/pages.php b/inc/mod/pages.php index 4f1ab73c..8666f04c 100644 --- a/inc/mod/pages.php +++ b/inc/mod/pages.php @@ -236,8 +236,8 @@ function mod_new_board() { if ($_POST['title'] == '') error(sprintf($config['error']['required'], 'title')); - if (!preg_match('/^\w+$/', $_POST['uri'])) - error(sprintf($config['error']['invalidfield'], 'URI')); + #if (!preg_match('/^\w+$/', $_POST['uri'])) + # error(sprintf($config['error']['invalidfield'], 'URI')); if (openBoard($_POST['uri'])) { error(sprintf($config['error']['boardexists'], $board['url'])); diff --git a/mod.php b/mod.php index 8f3a5001..39a67878 100644 --- a/mod.php +++ b/mod.php @@ -59,14 +59,14 @@ $pages = array( // CSRF-protected moderator actions '/ban' => 'secure_POST ban', // new ban - '/(\w+)/ban(&delete)?/(\d+)' => 'secure_POST ban_post', // ban poster - '/(\w+)/move/(\d+)' => 'secure_POST move', // move thread - '/(\w+)/delete/(\d+)' => 'secure delete', // delete post - '/(\w+)/deletefile/(\d+)' => 'secure deletefile', // delete file from post - '/(\w+)/deletebyip/(\d+)(/global)?' => 'secure deletebyip', // delete all posts by IP address - '/(\w+)/(un)?lock/(\d+)' => 'secure lock', // lock thread - '/(\w+)/(un)?sticky/(\d+)' => 'secure sticky', // sticky thread - '/(\w+)/bump(un)?lock/(\d+)' => 'secure bumplock', // "bumplock" thread + '/([\w+.]+)/ban(&delete)?/(\d+)' => 'secure_POST ban_post', // ban poster + '/([\w+.]+)/move/(\d+)' => 'secure_POST move', // move thread + '/([\w+.]+)/delete/(\d+)' => 'secure delete', // delete post + '/([\w+.]+)/deletefile/(\d+)' => 'secure deletefile', // delete file from post + '/([\w+.]+)/deletebyip/(\d+)(/global)?' => 'secure deletebyip', // delete all posts by IP address + '/([\w+.]+)/(un)?lock/(\d+)' => 'secure lock', // lock thread + '/([\w+.]+)/(un)?sticky/(\d+)' => 'secure sticky', // sticky thread + '/([\w+.]+)/bump(un)?lock/(\d+)' => 'secure bumplock', // "bumplock" thread '/themes' => 'themes_list', // manage themes '/themes/(\w+)' => 'theme_configure', // configure/reconfigure theme @@ -79,10 +79,10 @@ $pages = array( '/debug/antispam' => 'debug_antispam', // This should always be at the end: - '/(\w+)/' => 'view_board', - '/(\w+)/' . preg_quote($config['file_index'], '!') => 'view_board', - '/(\w+)/' . str_replace('%d', '(\d+)', preg_quote($config['file_page'], '!')) => 'view_board', - '/(\w+)/' . preg_quote($config['dir']['res'], '!') . + '/([\w+.]+)/' => 'view_board', + '/([\w+.]+)/' . preg_quote($config['file_index'], '!') => 'view_board', + '/([\w+.]+)/' . str_replace('%d', '(\d+)', preg_quote($config['file_page'], '!')) => 'view_board', + '/([\w+.]+)/' . preg_quote($config['dir']['res'], '!') . str_replace('%d', '(\d+)', preg_quote($config['file_page'], '!')) => 'view_thread', );