From: Hypolite Petovan Date: Fri, 13 Dec 2019 17:40:10 +0000 (-0500) Subject: Escape potential URL-containing BBCodes before running autolinker X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=e1583123b4894354679e2a35d819dba2202c3494;p=friendica.git Escape potential URL-containing BBCodes before running autolinker --- diff --git a/src/Content/Text/BBCode.php b/src/Content/Text/BBCode.php index fcce795810..6d4c3418d0 100644 --- a/src/Content/Text/BBCode.php +++ b/src/Content/Text/BBCode.php @@ -1507,8 +1507,29 @@ class BBCode extends BaseObject $text = str_replace('[hr]', '
', $text); if (!$for_plaintext) { + $escaped = []; + + // Escaping BBCodes susceptible to contain rogue URL we don'' want the autolinker to catch + $text = preg_replace_callback('#\[(url|img|audio|video|youtube|vimeo|share|attachment|iframe|bookmark).+?\[/\1\]#ism', + function ($matches) use (&$escaped) { + $return = '{escaped-' . count($escaped) . '}'; + $escaped[] = $matches[0]; + + return $return; + }, + $text + ); + // Autolinker for isolated URLs $text = preg_replace(Strings::autoLinkRegEx(), '[url]$1[/url]', $text); + + // Restoring escaped blocks + $text = preg_replace_callback('/{escaped-([0-9]+)}/iU', + function ($matches) use ($escaped) { + return $escaped[intval($matches[1])] ?? $matches[0]; + }, + $text + ); } // This is actually executed in Item::prepareBody()