From 1c7315b8dd53451695ccf89747a4bcc40b045989 Mon Sep 17 00:00:00 2001
From: Tharo <tharo@fensterbrett.org>
Date: Mon, 9 Jan 2023 22:10:02 +0100
Subject: [PATCH] Fixed security holes as found in #23.

---
 composer.json                       |  3 +++
 src/ChrisKonnertz/BBCode/BBCode.php | 16 ++++++++++------
 2 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/composer.json b/composer.json
index 15787f0..29040c1 100644
--- a/composer.json
+++ b/composer.json
@@ -10,6 +10,9 @@
         {
             "name": "Kai Mallea",
             "email": "kmallea@gmail.com"
+        },
+        {
+            "name": "Merula Fideley"
         }
     ],
     "require": {
diff --git a/src/ChrisKonnertz/BBCode/BBCode.php b/src/ChrisKonnertz/BBCode/BBCode.php
index 2d10da9..350cc4a 100644
--- a/src/ChrisKonnertz/BBCode/BBCode.php
+++ b/src/ChrisKonnertz/BBCode/BBCode.php
@@ -43,7 +43,7 @@ class BBCode
     /**
      * The current version number
      */
-    const VERSION = '1.1.2';
+    const VERSION = '1.1.3';
 
     /**
      * The text with BBCodes
@@ -286,6 +286,10 @@ protected function generateTag(Tag $tag, &$html, Tag $openingTag = null, array $
     {
         $code = null;
 
+        // secure various unwanted states
+        $propHasSemicol = str_contains($tag->property, ';');
+        $propHasQuote = str_contains($tag->property, '"');
+
         if (in_array($tag->name, $this->ignoredTags)) {
             return $code;
         }
@@ -328,7 +332,7 @@ protected function generateTag(Tag $tag, &$html, Tag $openingTag = null, array $
                 break;
             case self::TAG_NAME_EMAIL:
                 if ($tag->opening) {
-                    if ($tag->property) {
+                    if ($tag->property && !$propHasQuote) {
                         $code = '<a href="mailto:'.$tag->property.'">';
                     } else {
                         $code = '<a href="mailto:';
@@ -343,7 +347,7 @@ protected function generateTag(Tag $tag, &$html, Tag $openingTag = null, array $
                 break;
             case self::TAG_NAME_URL:
                 if ($tag->opening) {
-                    if ($tag->property) {
+                    if ($tag->property && !$propHasQuote) {
                         $code = '<a href="'.$tag->property.'">';
                     } else {
                         $code = '<a href="';
@@ -449,7 +453,7 @@ protected function generateTag(Tag $tag, &$html, Tag $openingTag = null, array $
                 break;
             case self::TAG_NAME_FONT:
                 if ($tag->opening) {
-                    if ($tag->property) {
+                    if ($tag->property && !$propHasSemicol && !$propHasQuote) {
                         $code = '<span style="font-family: '.$tag->property.'">';
                     }
                 } else {
@@ -458,7 +462,7 @@ protected function generateTag(Tag $tag, &$html, Tag $openingTag = null, array $
                 break;
             case self::TAG_NAME_SIZE:
                 if ($tag->opening) {
-                    if ($tag->property) {
+                    if ($tag->property && !$propHasSemicol && !$propHasQuote) {
                         $code = '<span style="font-size: '.$tag->property.'%">';
                     }
                 } else {
@@ -467,7 +471,7 @@ protected function generateTag(Tag $tag, &$html, Tag $openingTag = null, array $
                 break;
             case self::TAG_NAME_COLOR:
                 if ($tag->opening) {
-                    if ($tag->property) {
+                    if ($tag->property && !$propHasSemicol && !$propHasQuote) {
                         $code = '<span style="color: '.$tag->property.'">';
                     }
                 } else {