Uploaded image for project: 'phpBB'
  1. phpBB
  2. PHPBB-17655

phpBB post editor - IPv6 addresses interpreted as nonexistent image URL

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • 3.3.16
    • Posting
    • Database server: PostgreSQL 16.13 (Ubuntu 16.13-0ubuntu0.24.04.1) on x86_64-pc-linux-gnu, compiled by gcc (Ubuntu 13.3.0-6ubuntu2~24.04.1) 13.3.0, 64-bit
      OS: Ubuntu 24.04
      PHP version: 8.3.16
      Browser: Firefox

      IPv6 addresses entered in the post editor are interpreted as an HTTP GET request to a nonexistent image file. This is causing excessively long page load times in the client browser. Multiple IPv6 addresses increase the page load time significantly. Users will interpret these delays as a broken website.

      I have reproduced this problem in my test environment, production server, and the phpBB.com forum.

      1. In any topic, click on Post Reply to access the post editor.
      2. Enable the browser's development tools to monitor the Network traffic. In Firefox, this is "Inspect" in the Network tab.
      3. Enter IPv6 address 2a09:bac3:616e:123c::1d1:f0
      4. Click on Preview. (There's no need to Submit the post.)
      5. Inspect the development tool Network analysis traffic.

      An HTTP GET request is generated with a 404 status (file not found).

      {
      		 
          "GET": {
      		 
              "scheme": "https",
      		 
              "host": "cdn.jsdelivr.net",
      		 
              "filename": "/gh/twitter/twemoji@latest/assets/svg/123c.svg",
      		 
              "remote": {
      		 
                  "Address": "104.17.208.5:443"
      		 
              }
      		 
          }
      		 
      }
      		 
      {
      		 
          "Status": "404",
      		 
          "Version": "HTTP/2",
      		 
          "Transferred": "1.12 kB (73 B size)",
      		 
          "Referrer Policy": "strict-origin-when-cross-origin",
      		 
          "Request Priority": "Low",
      		 
          "DNS Resolution": "DNS over HTTPS"
      		 
      }

      The IPv6 address is attempting to GET a file at https://cdn.jsdelivr.net/gh/twitter/twemoji@latest/assets/svg/123c.svg

      I would guess that this filename is based on Twitter Emoji (Twemoji) and utilized somewhere internal to phpBB. The hex digits are part of the IPv6 address.

      I don't know if this is related, but IPv6 addresses containing valid Unicode will be displayed as the associated emoji. The post editor accepts Unicode and this may be an unintended side effect.

      For example, IP addresses containing :264d: or :2640: will display the corresponding emojis.

      Any IPv6 address will show this problem, but here are some additional test cases. I've chosen examples which do not represent personal or corporate locations.

       

      Apple iCloud Private Relay
      		 
      2a09:bac3:616e:123c::1d1:f0
      		 
      2a09:bac2:7280:15d7::22d:11b
      		 
      T-Mobile (US cellphone network)
      		 
      2607:fb90:57a1:4d76:c31:5afd:37ed:9481
      		 
      2607:fb90:ec1d:0e17:e0c6:af94:1224:28a8
      		 
      Cloudflare
      		 
      2a09:bac5:67b9:281e::3ff:5

       

      I'm reporting this as a bug because users entering unformatted IPv6 addresses in random posts, especially more than once, will wonder why their page response is excessively slow.

      As a work-around, surround the IPv6 address with BBCode inline code [c][/c].

            Unassigned Unassigned
            Lady_G Lady_G
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: