From: Alexander Ebert Date: Wed, 25 Jan 2017 12:08:45 +0000 (+0100) Subject: Fixed a regex in the editor causing catastrophic backtracing X-Git-Tag: 3.0.2~61 X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=b6cc29f1111bce2ddc1568d207e680959b11471a;p=GitHub%2FWoltLab%2FWCF.git Fixed a regex in the editor causing catastrophic backtracing --- diff --git a/wcfsetup/install/files/js/3rdParty/redactor2/plugins/WoltLabLink.js b/wcfsetup/install/files/js/3rdParty/redactor2/plugins/WoltLabLink.js index 8ece922a18..58ac0b6779 100644 --- a/wcfsetup/install/files/js/3rdParty/redactor2/plugins/WoltLabLink.js +++ b/wcfsetup/install/files/js/3rdParty/redactor2/plugins/WoltLabLink.js @@ -5,6 +5,31 @@ $.Redactor.prototype.WoltLabLink = function() { return { init: function() { + this.link.isUrl = (function(url) { + //var pattern = '((xn--)?[\\W\\w\\D\\d]+(-[\\W\\w\\D\\d]+)*\\.)+[\\W\\w]{2,}'; + // WoltLab modification: prevent catastrophic backtracing + var pattern = '((xn--)?[\\W\\w\\D\\d]+(-(?!-[\\W\\w\\D\\d])+)*\\.)+[\\W\\w]{2,}'; + + var re1 = new RegExp('^(http|ftp|https)://' + pattern, 'i'); + var re2 = new RegExp('^' + pattern, 'i'); + var re3 = new RegExp('\.(html|php)$', 'i'); + var re4 = new RegExp('^/', 'i'); + var re5 = new RegExp('^tel:(.*?)', 'i'); + + // add protocol + if (url.search(re1) === -1 && url.search(re2) !== -1 && url.search(re3) === -1 && url.substring(0, 1) !== '/') + { + url = 'http://' + url; + } + + if (url.search(re1) !== -1 || url.search(re3) !== -1 || url.search(re4) !== -1 || url.search(re5) !== -1) + { + return url; + } + + return false; + }).bind(this); + this.link.show = this.WoltLabLink.show.bind(this); require(['WoltLabSuite/Core/Ui/Redactor/Link'], function(UiRedactorLink) {