Ticket Information - ID: #1268
ID: | Category: | Severity | Reproducibility | Date Submitted | Updated By: |
---|---|---|---|---|---|
0001268 | Bug Reporting | Low | always | 03/15/23 09:29PM |
|
|
Summary: | short_url handles http://http:// badly |
Description: | When parsing http:// link in forum posts and comments, the parser will attempt to replace the http:// from the generated anchor tag. The generates invalid HTML as well as creating a potentional DoS vector as for some reason the calculation on the server is relatively expensive, it took a few seconds for page to load with "http://"x300. I recon this could be fixed by setting the count to 1 on the str_replace |
Additional Info: | Input: http://http:// Output: <a href="http://http://" rel="nofollow">http://http://</a> Input: http://http://http://: Output: <a href="<a href="http://" rel="nofollow">http://</a><a href="http://" rel="nofollow">http://</a><a href="http://" rel="nofollow">http://</a>" rel="nofollow"><a href="http://" rel="nofollow">http://</a><a href="http://" rel="nofollow">http://</a><a href="http://" rel="nofollow">http://</a></a> |