Details
-
Bug
-
Status: Patch Awaiting Review (View Workflow)
-
Major
-
Resolution: Unresolved
-
3.3.10
-
None
-
None
Description
So after disabling the ACP option: Allow links in posts/private messages
Everything seems fine but what I noticed was this:
If you post via Quick Reply, then in the posts table the enable_urls field is set to 0
If you post via the full editor, then in the posts table the enable_urls field is set to 1
This can become disastrous if you run the Reparser on Posts and/or Private Messages.
If you are a forum that has disallowed links in posts/private messages, and the reparser is run for...reasons...suddenly all the links in all your posts that you did not want to be magic URLs are now rendered magic URLs (except in cases where somebody used quick reply to post).
I think enable_urls field needs to always be set to 0 when posting, if the Allow links in posts/private messages setting is set to NO, no matter if you are posting, replying, editing or using the full editor or quick reply.
To reproduce:
-Go to ACP Post Settings and set to No, Allow links in posts/private messages
-Make some posts with links using the full editor.
-Make some posts with links using the quick reply.
-Go into the DB and look in the posts table at the enable_magic_url fields for those posts.
-Run the post reparser via CLI too and see what happens to those posts (spoiler: they get rendered).
And here's a topic where it all went wrong for somebody!
https://www.phpbb.com/customise/db/extension/advanced_bbcode_box/support/topic/242981