[4364] 2.0 RC3 - urls that contain [brackets] are truncated

rbeuker · October 09, 2010, 10:05:55 AM

Thank you, Norv!

rbeuker · February 16, 2011, 03:10:19 PM

I'm just wondering: has this been solved now? I cannot find any 4364 ticket in the bugtracker

By the way, the issue has been also reported here: http://www.simplemachines.org/community/index.php?topic=401021.0

Arantor · February 16, 2011, 03:12:43 PM

It is in there, unsolved, but it may be deferred to 2.1 if it requires rewriting the bbcode parser, which seemslikely.

rbeuker · February 16, 2011, 03:17:50 PM

Ok, thx for the update!

spiros · February 22, 2011, 07:50:56 AM

Similar issue with parenthesis here:
http://www.simplemachines.org/community/index.php?topic=422865.0

Arantor · December 21, 2013, 01:07:52 PM

Code Select

[url]http://example.com/index.php?var[]=value[/url]

Is it just me that sees the problem here? The [ character is being used in both the tag and the tag's contents. The problem with this is you'd have to test every URL tag for unmatched [ tags.

And before anyone says 'regular expression', that's not a viable answer either; SMF did not originally use parse_bbc the way it exists now, it originally used regular expressions. It's been done to create posts that actually force the parser to take ridiculous amounts of time to parse. Rack up a bunch of topics with those in and you have a miniature denial of service attack. It's called a REDoS when that happens.

The parser works now by finding the next [ in it once you're inside a tag, fixing that is... difficult. I have one idea, though, that might work without, need to explore it a bit further.

Arantor · January 17, 2014, 04:14:42 PM

Reported on https://github.com/SimpleMachines/SMF2.1/issues/1187

Closing this as a duplicate report.

News:

[4364] 2.0 RC3 - urls that contain [brackets] are truncated

rbeuker

rbeuker

Arantor

rbeuker

spiros

Arantor

Arantor