From b6cc29f1111bce2ddc1568d207e680959b11471a Mon Sep 17 00:00:00 2001
From: Alexander Ebert <ebert@woltlab.com>
Date: Wed, 25 Jan 2017 13:08:45 +0100
Subject: [PATCH] Fixed a regex in the editor causing catastrophic backtracing

---
 .../3rdParty/redactor2/plugins/WoltLabLink.js | 25 +++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/wcfsetup/install/files/js/3rdParty/redactor2/plugins/WoltLabLink.js b/wcfsetup/install/files/js/3rdParty/redactor2/plugins/WoltLabLink.js
index 8ece922a18..58ac0b6779 100644
--- a/wcfsetup/install/files/js/3rdParty/redactor2/plugins/WoltLabLink.js
+++ b/wcfsetup/install/files/js/3rdParty/redactor2/plugins/WoltLabLink.js
@@ -5,6 +5,31 @@ $.Redactor.prototype.WoltLabLink = function() {
 	
 	return {
 		init: function() {
+			this.link.isUrl = (function(url) {
+				//var pattern = '((xn--)?[\\W\\w\\D\\d]+(-[\\W\\w\\D\\d]+)*\\.)+[\\W\\w]{2,}';
+				// WoltLab modification: prevent catastrophic backtracing
+				var pattern = '((xn--)?[\\W\\w\\D\\d]+(-(?!-[\\W\\w\\D\\d])+)*\\.)+[\\W\\w]{2,}';
+				
+				var re1 = new RegExp('^(http|ftp|https)://' + pattern, 'i');
+				var re2 = new RegExp('^' + pattern, 'i');
+				var re3 = new RegExp('\.(html|php)$', 'i');
+				var re4 = new RegExp('^/', 'i');
+				var re5 = new RegExp('^tel:(.*?)', 'i');
+				
+				// add protocol
+				if (url.search(re1) === -1 && url.search(re2) !== -1 && url.search(re3) === -1 && url.substring(0, 1) !== '/')
+				{
+					url = 'http://' + url;
+				}
+				
+				if (url.search(re1) !== -1 || url.search(re3) !== -1 || url.search(re4) !== -1 || url.search(re5) !== -1)
+				{
+					return url;
+				}
+				
+				return false;
+			}).bind(this);
+			
 			this.link.show = this.WoltLabLink.show.bind(this);
 			
 			require(['WoltLabSuite/Core/Ui/Redactor/Link'], function(UiRedactorLink) {
-- 
2.20.1