Security issue: Message crashes Kunena Parser

[c-schmitz]

On providing VBA code in a forum message it crashes the forum if trying to view/edit that message with the error message "0 count(): Argument #1 ($value) must be of type Countable|array, bool given"

To Reproduce

I posted the related message on the Kunena forums at a test. Check out https://www.kunena.org/forum/k-6-3-0-support/168583-this-message-crashes-kunena I am terribly sorry, probably should have posted it as private message

Expected behavior Message should be shown-

Actual result Error message

Screenshots If applicable, add screenshots to help explain your problem.

System information (please complete the following information)

Joomla version: Latest 4.x Kunena version: 6.3.x Php version: 7.1 Database version: n/a

[c-schmitz]

Stack trace: `Stack trace: #0 [ROOT]/libraries/kunena/External/Nbbc/src/BBCodeLexer.php(197): count()

1 [ROOT]/libraries/kunena/External/Nbbc/src/BBCode.php(2606): Nbbc\BBCodeLexer->guessTextLength()

2 [ROOT]/libraries/kunena/src/Html/KunenaParser.php(299): Nbbc\BBCode->parse()

3 [ROOT]/components/com_kunena/src/Controller/Topic/Item/TopicItemDisplay.php(664): Kunena\Forum\Libraries\Html\KunenaParser::stripBBCode()

4 [ROOT]/libraries/kunena/src/Controller/KunenaControllerDisplay.php(283): Kunena\Forum\Site\Controller\Topic\Item\TopicItemDisplay->prepareDocument()

5 [ROOT]/components/com_kunena/src/Controller/Topic/Item/TopicItemDisplay.php(517): Kunena\Forum\Libraries\Controller\KunenaControllerDisplay->after()

6 [ROOT]/libraries/kunena/src/Controller/KunenaControllerDisplay.php(162): Kunena\Forum\Site\Controller\Topic\Item\TopicItemDisplay->after()

7 [ROOT]/libraries/kunena/src/Layout/KunenaPage.php(127): Kunena\Forum\Libraries\Controller\KunenaControllerDisplay->execute()

8 [ROOT]/components/com_kunena/template/aurelia/pages/topic/default/default.php(19): Kunena\Forum\Libraries\Layout\KunenaPage->execute()

9 [ROOT]/libraries/kunena/src/Layout/KunenaBase.php(200): include('...')

10 [ROOT]/libraries/kunena/src/Layout/KunenaLayout.php(225): Kunena\Forum\Libraries\Layout\KunenaBase->render()

11 [ROOT]/libraries/kunena/src/Controller/Application/Display.php(135): Kunena\Forum\Libraries\Layout\KunenaLayout->render()

12 [ROOT]/components/com_kunena/src/Dispatcher/Dispatcher.php(100): Kunena\Forum\Libraries\Controller\Application\Display->execute()

13 [ROOT]/libraries/src/Component/ComponentHelper.php(361): Kunena\Forum\Site\Dispatcher\Dispatcher->dispatch()

14 [ROOT]/libraries/src/Application/SiteApplication.php(208): Joomla\CMS\Component\ComponentHelper::renderComponent()

15 [ROOT]/libraries/src/Application/SiteApplication.php(249): Joomla\CMS\Application\SiteApplication->dispatch()

16 [ROOT]/libraries/src/Application/CMSApplication.php(293): Joomla\CMS\Application\SiteApplication->doExecute()

17 [ROOT]/includes/app.php(61): Joomla\CMS\Application\CMSApplication->execute()

18 [ROOT]/index.php(32): require_once('...')

19 {main}

`

[Ruud68]

For me this feels like the pasted code is somehow 'executed'. If this can 'crash' the page (which it does), then this needs to be approached as a security issue. The above said without knowing what exactly is pasted into the message, maybe best to take that offline / via mail

[c-schmitz]

Nothing is executed as far as I can tell. Just the parser breaks when it shouldn't.

[github-actions[bot]]

This issue is stale because it has been open 30 days with no activity.

[c-schmitz]

But I would agree it is a security issue as I can make a whole forum unusable by posting this message text to all active threads.

[c-schmitz]

@xillibit

[xillibit]

Because your are putting content in markdown not allowed instead of bbcode, by using [code][/code] it's better. I will look how to prevent that code

[xillibit]

Fixed in K6.3.6