summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorcatch2012-05-10 06:26:50 (GMT)
committer catch2012-05-10 06:26:50 (GMT)
commitdb79496ae983447506f016a20738c3d7e5d059fa (patch)
tree852334a16c56010c00077e005b0a557738809157
parent0e0e6b3df4bafad3309d6581fa2a4e5ddc1dcec0 (diff)
Issue #1558468 by chx, jwineinger, linclark, Berdir: Fixed SA-CORE-2012-002 - Denial of Service, forward port from 7.x
-rw-r--r--core/modules/filter/filter.module2
-rw-r--r--core/modules/filter/filter.test9
2 files changed, 9 insertions, 2 deletions
diff --git a/core/modules/filter/filter.module b/core/modules/filter/filter.module
index 1e6c28c..5d5589e 100644
--- a/core/modules/filter/filter.module
+++ b/core/modules/filter/filter.module
@@ -1424,7 +1424,7 @@ function _filter_url($text, $filter) {
$tasks['_filter_url_parse_full_links'] = $pattern;
// Match e-mail addresses.
- $url_pattern = "[A-Za-z0-9._-]+@(?:$domain)";
+ $url_pattern = "[A-Za-z0-9._-]{1,254}@(?:$domain)";
$pattern = "`($url_pattern)`";
$tasks['_filter_url_parse_email_links'] = $pattern;
diff --git a/core/modules/filter/filter.test b/core/modules/filter/filter.test
index b1b7b3e..923a047 100644
--- a/core/modules/filter/filter.test
+++ b/core/modules/filter/filter.test
@@ -1217,6 +1217,11 @@ class FilterUnitTestCase extends UnitTestBase {
// - absolute, mail, partial
// - characters/encoding, surrounding markup, security
+ // Create a e-mail that is too long.
+ $long_email = str_repeat('a', 254) . '@example.com';
+ $too_long_email = str_repeat('b', 255) . '@example.com';
+
+
// Filter selection/pattern matching.
$tests = array(
// HTTP URLs.
@@ -1228,10 +1233,12 @@ http://example.com or www.example.com
),
// MAILTO URLs.
'
-person@example.com or mailto:person2@example.com
+person@example.com or mailto:person2@example.com or ' . $long_email . ' but not ' . $too_long_email . '
' => array(
'<a href="mailto:person@example.com">person@example.com</a>' => TRUE,
'<a href="mailto:person2@example.com">mailto:person2@example.com</a>' => TRUE,
+ '<a href="mailto:' . $long_email . '">' . $long_email . '</a>' => TRUE,
+ '<a href="mailto:' . $too_long_email . '">' . $too_long_email . '</a>' => FALSE,
),
// URI parts and special characters.
'