From 63aa4c633016ed5935092c5a06856ab39db28665 Mon Sep 17 00:00:00 2001
From: Shish <shish@shishnet.org>
Date: Sun, 8 Dec 2013 10:52:50 +0000
Subject: [PATCH] avoid possibility of infinite loop in bbcode parsing

---
 ext/bbcode/main.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ext/bbcode/main.php b/ext/bbcode/main.php
index cfa240b9..4b10a5c7 100644
--- a/ext/bbcode/main.php
+++ b/ext/bbcode/main.php
@@ -99,6 +99,8 @@ class BBCode extends FormatterExtension {
 			$end = strpos($text, "[/spoiler]");
 			if($end === false) break;
 
+			if($end < $start) break;
+
 			$beginning = substr($text, 0, $start);
 			$middle = str_rot13(substr($text, $start+$l1, ($end-$start-$l1)));
 			$ending = substr($text, $end + $l2, (strlen($text)-$end+$l2));
@@ -124,6 +126,8 @@ class BBCode extends FormatterExtension {
 			$end = strpos($text, "[/code]", $start);
 			if($end === false) break;
 
+			if($end < $start) break;
+
 			$beginning = substr($text, 0, $start);
 			$middle = base64_encode(substr($text, $start+$l1, ($end-$start-$l1)));
 			$ending = substr($text, $end + $l2, (strlen($text)-$end+$l2));