Censored words feature can damage URLs - with fix

Started by CompSci87, February 08, 2015, 09:00:29 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

CompSci87

February 08, 2015, 09:00:29 PM
I help admin The Cardboard (thecardboard.org), a Stanford sports board. We use the censored words feature a lot as a bit of a joke -- the names of some rival teams are censored.

This led us to notice a problem with the censor feature: it will censor strings inside of HTML tags, including URLs. So if a user posts a URL that innocently includes a censored word in the link value, the link doesn't work.

I attach a patch that fixes this. There are two main parts to it: (1) Always convert bbcode to HTML before censoring. (2) When censoring, don't censor anything inside angle brackets. Part (2) prevents damage to the link values, HTML tags, etc. Note that a user can't employ this feature to display a censored word by writing it as <badword>, because by the time the censorship is applied, that has already been rewritten to HTML and looks like &lt;badword&gt;. So it still gets censored.

We have used this patch successfully on several SMF versions. I just applied it to 2.0.9, and it applies cleanly there.

Kindred

#1
February 08, 2015, 10:41:14 PM

Thank you for your input, however... Actually, it's not a bug.  The censor has been used, many times, specifically and intentionally to break some of the human spammers and to avoid the use of certain forbidden urls...
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

CompSci87

#2
February 10, 2015, 01:31:31 AM
Fair enough. If I had more time I would try making it a checkbox option on the censor page, but I really don't. So we'll just keep applying it as a patch on our installation.
Print
Go Up Pages1
User actions
Advertisement: