From 3cbeee4f1b263b3d5b16401e84c7a62f8cd990a1 Mon Sep 17 00:00:00 2001 From: Daniel Winzen Date: Sun, 18 Sep 2016 20:12:01 +0200 Subject: [PATCH] Don't hotlink external links in filters which have " in front of it, to allow linking an external ressource via HTML --- chat.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/chat.php b/chat.php index bf52b01..527aba8 100644 --- a/chat.php +++ b/chat.php @@ -2974,7 +2974,7 @@ function create_hotlinks(){ global $U; //Make hotlinks for URLs, redirect through dereferrer script to prevent session leakage // 1. all explicit schemes with whatever xxx://yyyyyyy - $U['message']=preg_replace('~(\w+://[^\s<>]+)~i', "<<$1>>", $U['message']); + $U['message']=preg_replace('~(^|[^\w"])(\w+://[^\s<>]+)~i', "$1<<$2>>", $U['message']); // 2. valid URLs without scheme: $U['message']=preg_replace('~((?:[^\s<>]*:[^\s<>]*@)?[a-z0-9\-]+(?:\.[a-z0-9\-]+)+(?::\d*)?/[^\s<>]*)(?![^<>]*>)~i', "<<$1>>", $U['message']); // server/path given $U['message']=preg_replace('~((?:[^\s<>]*:[^\s<>]*@)?[a-z0-9\-]+(?:\.[a-z0-9\-]+)+:\d+)(?![^<>]*>)~i', "<<$1>>", $U['message']); // server:port given