Gelbooru

Notice: We are now selling NEW Gelbooru Merch~! Domestic shipping is free on all orders! Do you have an artist tag on Gelbooru? Let us know so we can properly credit you!

Ticket Information - ID: #1268


ID:Category:SeverityReproducibilityDate SubmittedUpdated By:
0001268Bug ReportingLowalways03/15/23 09:29PM
ReporterMilkMachine
Assigned to:geltas
Resolution:Resolved
View StatusPublic
Version:0.2.0
Target Version:N/A
Summary:short_url handles http://http:// badly
Description:When parsing http:// link in forum posts and comments, the parser will attempt to replace the http:// from the generated anchor tag.

The generates invalid HTML as well as creating a potentional DoS vector as for some reason the calculation on the server is relatively expensive, it took a few seconds for page to load with "http://"x300.


I recon this could be fixed by setting the count to 1 on the str_replace
Additional Info:Input:
http://http://
Output:
<a href="http://http://" rel="nofollow">http://http://</a>

Input:
http://http://http://:
Output:
<a href="<a href="http://" rel="nofollow">http://</a><a href="http://" rel="nofollow">http://</a><a href="http://" rel="nofollow">http://</a>" rel="nofollow"><a href="http://" rel="nofollow">http://</a><a href="http://" rel="nofollow">http://</a><a href="http://" rel="nofollow">http://</a></a>