Commit db79496a authored by catch's avatar catch
Browse files

Issue #1558468 by chx, jwineinger, linclark, Berdir: Fixed SA-CORE-2012-002 -...

Issue #1558468 by  chx, jwineinger, linclark, Berdir: Fixed SA-CORE-2012-002 - Denial of Service, forward port from 7.x
parent 0e0e6b3d
......@@ -1424,7 +1424,7 @@ function _filter_url($text, $filter) {
$tasks['_filter_url_parse_full_links'] = $pattern;
// Match e-mail addresses.
$url_pattern = "[A-Za-z0-9._-]+@(?:$domain)";
$url_pattern = "[A-Za-z0-9._-]{1,254}@(?:$domain)";
$pattern = "`($url_pattern)`";
$tasks['_filter_url_parse_email_links'] = $pattern;
......
......@@ -1217,6 +1217,11 @@ class FilterUnitTestCase extends UnitTestBase {
// - absolute, mail, partial
// - characters/encoding, surrounding markup, security
// Create a e-mail that is too long.
$long_email = str_repeat('a', 254) . '@example.com';
$too_long_email = str_repeat('b', 255) . '@example.com';
// Filter selection/pattern matching.
$tests = array(
// HTTP URLs.
......@@ -1228,10 +1233,12 @@ http://example.com or www.example.com
),
// MAILTO URLs.
'
person@example.com or mailto:person2@example.com
person@example.com or mailto:person2@example.com or ' . $long_email . ' but not ' . $too_long_email . '
' => array(
'<a href="mailto:person@example.com">person@example.com</a>' => TRUE,
'<a href="mailto:person2@example.com">mailto:person2@example.com</a>' => TRUE,
'<a href="mailto:' . $long_email . '">' . $long_email . '</a>' => TRUE,
'<a href="mailto:' . $too_long_email . '">' . $too_long_email . '</a>' => FALSE,
),
// URI parts and special characters.
'
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment