Security Fix SP1 1.4 This is a very important security fix for YaBB 1 Gold - Service Pack 1. Note that also all lower yabb versions are affected too! v1.1: printpage.pl fixed too v1.2: fixed checking for http:// v1.3: fixed image display v1.4: fixed images with custom size [CV]XXL http://boardmod.xnull.com Sources/YaBBC.pl $message =~ s~\[img\]\n?javascript\:(.+?)\n?\[/img\]~\[ img\]javascript\:$1\[/img \]~isg; if($message =~ m~\[img\]\n?(.+?)\n?\[/img\]~gi && $1 !~ m~javascript\:~gi) { $message =~ s~\[img\]\n?(.+?)\n?\[/img\]~~isg; } $message =~ s~\[img width=(\d+) height=(\d+)\]\n?javascript\:(.+?)\n?\[/img\]~\[ img width=$1 height=$2\]javascript\:$3\[/img \]~isg; if($message =~ m~\[img width=(\d+) height=(\d+)\]\n?(.+?)\n?\[/img\]~gi && $3 !~ m~javascript\:~gi) { $message =~ s~\[img width=(\d+) height=(\d+)\]\n?(.+?)\n?\[/img\]~restrictimage($1,$2,$3)~eisg; } $char_160 = chr(160); $message =~ s~\[img\][\s*\t*\n*( )*($char_160)*]*(http\:\/\/)*(.+?)[\s*\t*\n*( )*($char_160)*]*\[/img\]~~isg; $message =~ s~\[img width=(\d+) height=(\d+)\][\s*\t*\n*( )*($char_160)*]*(http\:\/\/)*(.+?)[\s*\t*\n*( )*($char_160)*]*\[/img\]~restrictimage($1,$2,'http://'.$4)~eisg; < Sources/Printpage.pl $threadpost =~ s~\[img\](.+?)\[/img\]~$1~isg; $threadpost =~ s~\[img width=(\d+) height=(\d+)\](.+?)\[/img\]~$3~eisg; $char_160 = chr(160); $threadpost =~ s~\[img\][\s*\t*\n*( )*($char_160)*]*(http\:\/\/)*(.+?)[\s*\t*\n*( )*($char_160)*]*\[/img\]~http://$2~isg; $threadpost =~ s~\[img width=(\d+) height=(\d+)\][\s*\t*\n*( )*($char_160)*]*(http\:\/\/)*(.+?)[\s*\t*\n*( )*($char_160)*]*\[/img\]~http://$4~isg;