1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-29 02:02:41 +01:00

Add a negative lookbehind to the Remarkup "bare URI" regular expression pattern

Summary: Ref T13608. Building on D21562, further anchor this pattern by adding a negative lookbehind.

Test Plan: Ran unit tests.

Maniphest Tasks: T13608

Differential Revision: https://secure.phabricator.com/D21568
This commit is contained in:
epriestley 2021-02-18 11:55:20 -08:00
parent bd4d9d88f2
commit 8cfd22c5fe

View file

@ -14,10 +14,13 @@ final class PhutilRemarkupHyperlinkRule extends PhutilRemarkupRule {
static $bare_pattern; static $bare_pattern;
if ($angle_pattern === null) { if ($angle_pattern === null) {
// See T13608. Limit protocol matches to 32 characters to improve the // See T13608. A previous version of this code matched bare URIs
// performance of the "<protocol>://" pattern, which can take a very long // starting with "\w{3,}", which can take a very long time to match
// time to match against long inputs if the maximum length of a protocol // against long inputs.
// sequence is unrestricted. //
// Use a protocol length limit in all patterns for general sanity,
// and a negative lookbehind in the bare pattern to avoid explosive
// complexity during expression evaluation.
$protocol_fragment = '\w{3,32}'; $protocol_fragment = '\w{3,32}';
$uri_fragment = '[^\s'.PhutilRemarkupBlockStorage::MAGIC_BYTE.']+'; $uri_fragment = '[^\s'.PhutilRemarkupBlockStorage::MAGIC_BYTE.']+';
@ -33,7 +36,7 @@ final class PhutilRemarkupHyperlinkRule extends PhutilRemarkupRule {
$uri_fragment); $uri_fragment);
$bare_pattern = sprintf( $bare_pattern = sprintf(
'(%s://%s)', '((?<!\w)%s://%s)',
$protocol_fragment, $protocol_fragment,
$uri_fragment); $uri_fragment);
} }