From b6cc29f1111bce2ddc1568d207e680959b11471a Mon Sep 17 00:00:00 2001 From: Alexander Ebert Date: Wed, 25 Jan 2017 13:08:45 +0100 Subject: [PATCH] Fixed a regex in the editor causing catastrophic backtracing --- .../3rdParty/redactor2/plugins/WoltLabLink.js | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/wcfsetup/install/files/js/3rdParty/redactor2/plugins/WoltLabLink.js b/wcfsetup/install/files/js/3rdParty/redactor2/plugins/WoltLabLink.js index 8ece922a18..58ac0b6779 100644 --- a/wcfsetup/install/files/js/3rdParty/redactor2/plugins/WoltLabLink.js +++ b/wcfsetup/install/files/js/3rdParty/redactor2/plugins/WoltLabLink.js @@ -5,6 +5,31 @@ $.Redactor.prototype.WoltLabLink = function() { return { init: function() { + this.link.isUrl = (function(url) { + //var pattern = '((xn--)?[\\W\\w\\D\\d]+(-[\\W\\w\\D\\d]+)*\\.)+[\\W\\w]{2,}'; + // WoltLab modification: prevent catastrophic backtracing + var pattern = '((xn--)?[\\W\\w\\D\\d]+(-(?!-[\\W\\w\\D\\d])+)*\\.)+[\\W\\w]{2,}'; + + var re1 = new RegExp('^(http|ftp|https)://' + pattern, 'i'); + var re2 = new RegExp('^' + pattern, 'i'); + var re3 = new RegExp('\.(html|php)$', 'i'); + var re4 = new RegExp('^/', 'i'); + var re5 = new RegExp('^tel:(.*?)', 'i'); + + // add protocol + if (url.search(re1) === -1 && url.search(re2) !== -1 && url.search(re3) === -1 && url.substring(0, 1) !== '/') + { + url = 'http://' + url; + } + + if (url.search(re1) !== -1 || url.search(re3) !== -1 || url.search(re4) !== -1 || url.search(re5) !== -1) + { + return url; + } + + return false; + }).bind(this); + this.link.show = this.WoltLabLink.show.bind(this); require(['WoltLabSuite/Core/Ui/Redactor/Link'], function(UiRedactorLink) { -- 2.20.1