Uploaded image for project: 'phpBB'
  1. phpBB
  2. PHPBB-17130

Text reparser changes magic URL state in posts

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • 3.3.12-RC1
    • 3.3.10
    • Posting
    • None

      So after disabling the ACP option: Allow links in posts/private messages

       

      Everything seems fine but what I noticed was this:

       

      If you post via Quick Reply, then in the posts table the enable_urls field is set to 0

      If you post via the full editor, then in the posts table the enable_urls field is set to 1

       

      This can become disastrous if you run the Reparser on Posts and/or Private Messages.

       

      If you are a forum that has disallowed links in posts/private messages, and the reparser is run for...reasons...suddenly all the links in all your posts that you did not want to be magic URLs are now rendered magic URLs (except in cases where somebody used quick reply to post).

       

      I think enable_urls field needs to always be set to 0 when posting, if the Allow links in posts/private messages setting is set to NO, no matter if you are posting, replying, editing or using the full editor or quick reply.

       

      To reproduce:

      -Go to ACP Post Settings and set to No, Allow links in posts/private messages

      -Make some posts with links using the full editor.

      -Make some posts with links using the quick reply.

      -Go into the DB and look in the posts table at the enable_magic_url fields for those posts.

      -Run the post reparser via CLI too and see what happens to those posts (spoiler: they get rendered).

       

      And here's a topic where it all went wrong for somebody!

      https://www.phpbb.com/customise/db/extension/advanced_bbcode_box/support/topic/242981

            MattF Matt Friedman
            MattF Matt Friedman
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: