Fixed parser to only recognize files when using numbers.

3 files changed, 6 insertions, 2 deletions

diff --git a/forum/htdocs/config.php.defaults b/forum/htdocs/config.php.defaults
index 512758f..51f7f4e 100644
--- a/forum/htdocs/config.php.defaults
+++ b/forum/htdocs/config.php.defaults
@@ -6,4 +6,5 @@ $ADMIN_TIMEOUT = 100000;
 $PERMSTORE = $DATA_DIR . "/files";
 $IMAGECACHE = $DATA_DIR . "/imagecache";
 $LOG_FILE = $DATA_DIR . "/forum.log";
+$FILE_MAX_SIZE = 5*1024*1024; // 5kb
 ?>
diff --git a/forum/utils/filehandler.php b/forum/utils/filehandler.php
index 9cacb1c..dfe0c80 100644
--- a/forum/utils/filehandler.php
+++ b/forum/utils/filehandler.php
@@ -4,10 +4,13 @@ include_once($UTIL_DIR . "/files.php");
 $files = new Files($DATA_DIR . "/files.xml");
 
 if($task == "upload") {
+
 	if(is_uploaded_file($_FILES['userfile']['tmp_name'])) {
 		$name = $filename;
 		if(!$filename) $name = $_FILES['userfile']['name'];
-		$files->newFile($_FILES['userfile']['tmp_name'], $name);
+		if(filesize($_FILES['userfile']['tmp_name']) <= $FILE_MAX_SIZE) $files->newFile($_FILES['userfile']['tmp_name'], $name);
+		else echo "File is too big " . sprintf("%.0f", filesize($_FILES['userfile']['tmp_name'])/1024).
+					 "kb, max file size: " . sprintf("%.0f", $FILE_MAX_SIZE/1024) . "kb.";
 	}
 }
 
diff --git a/forum/utils/parser.php b/forum/utils/parser.php
index 5ba5724..6d47162 100644
--- a/forum/utils/parser.php
+++ b/forum/utils/parser.php
@@ -48,7 +48,7 @@ function parse($input, $indent = "")
   $output = preg_replace("/".$imgstartmarker."(.*?)".$imgendmarker."/s", "<a href=\"http://$1\"><img alt=\"$1\" src=\"?mode=imagecache&amp;uri=http://$1\"/></a>", $output);
 
 	// Replace URLs with <a></a> tags
-  $output = preg_replace("/\{\{(.*?)\}\}/s", "<a href=\"?mode=file&amp;fid=$1\">File: $1</a>", $output);
+  $output = preg_replace("/\{\{([0-9]*?)\}\}/s", "<a href=\"?mode=file&amp;fid=$1\">File: $1</a>", $output);
 
 	// Replace [quote title=...]...[/quote]
   $urls = "";