Security Fix GR 1.4 This is a very important security fix for YaBB 1 Gold - Release. Note that also all lower yabb versions are affected too! v1.1: printpage.pl fixed too v1.2: fixed checking for http:// v1.3: fixed image display v1.4: fixed images with custom size [CV]XXL http://boardmod.xnull.com Sources/Subs.pl $message =~ s~\[img\](.+?)\[/img\]~~isg; $message =~ s~\[img width=(\d+) height=(\d+)\](.+?)\[/img\]~restrictimage($1,$2,$3)~eisg; $char_160 = chr(160); $message =~ s~\[img\][\s*\t*\n*( )*($char_160)*]*(http\:\/\/)*(.+?)[\s*\t*\n*( )*($char_160)*]*\[/img\]~~isg; $message =~ s~\[img width=(\d+) height=(\d+)\][\s*\t*\n*( )*($char_160)*]*(http\:\/\/)*(.+?)[\s*\t*\n*( )*($char_160)*]*\[/img\]~restrictimage($1,$2,'http://'.$4)~eisg; Printpage.pl $threadpost =~ s~\[img\](.+?)\[/img\]~$1~isg; $threadpost =~ s~\[img width=(\d+) height=(\d+)\](.+?)\[/img\]~$3~eisg; $char_160 = chr(160); $threadpost =~ s~\[img\][\s*\t*\n*( )*($char_160)*]*(http\:\/\/)*(.+?)[\s*\t*\n*( )*($char_160)*]*\[/img\]~http://$2~isg; $threadpost =~ s~\[img width=(\d+) height=(\d+)\][\s*\t*\n*( )*($char_160)*]*(http\:\/\/)*(.+?)[\s*\t*\n*( )*($char_160)*]*\[/img\]~http://$4~isg;