0012781: Links in the comments look broken - MantisBT - Signup temporarily disabled due to spam

ID	Project	Category	View Status	Date Submitted	Last Update

0012781	mantisbt	bugtracker	public	2011-02-17 06:05	2014-09-23 18:05

Reporter	zalex	Assigned To	dregad
Priority	normal	Severity	minor	Reproducibility	always
Status	closed	Resolution	fixed
Target Version	1.2.11	Fixed in Version	1.2.11

Summary	0012781: Links in the comments look broken
Description	Example: https://test:test@example.com/test
Tags	No tags attached.

zalex 2011-02-17 06:05 reporter ~0028250	Just a test: https://test:test@example.com/test

dregad 2012-05-11 05:06 developer ~0031810 Last edited: 2012-05-11 05:13	This is caused by the call to string_insert_hrefs() which replaces URLs and e-mails by hrefs when config option $g_html_make_links is ON. The code first processes the URL, then the e-mail, so we have: original string: https:\test:test_AT_example.com\test call preg_replace for URL: < a href="https:\test:test_AT_example.com/test">https:\test:test_AT_example.com/test</a> call preg_replace for email: < a href="https:\test:<a href="mailto:test_AT_example.com">test_AT_example.com</a>/test">https:\test:< a href="mailto:test_AT_example.com">test_AT_example.com</a>/test</a> Note: to prevent the code from messing with the example above, "@" has been replaced by "AT", "//" by "\" and a space added between < and a in the anchor tag It is worth mentioning that in 1.3.x, this actually a major issue as it completely prevents rendering of the view issue details page and causes an error to occur (XML Parsing Error: not well-formed) due to of invalid HTML generation. As a workaround, you can a) set $g_html_make_links is ON b) edit the URL to remove the "@" as I've done above

grangeway 2013-04-05 17:57 reporter ~0036248	Marking as 'acknowledged' not resolved/closed to track that change gets ported to master-2.0.x branch

MantisBT: master 01b5bf55 2012-05-11 02:08 dregad Details Diff	Fix string_insert_hrefs() to handle URLs with user/password This function inserts the hrefs in 2 steps: 1) URLs and 2) emails. When the string contains URLs specifying a username and/or password, e.g. http://user@example.com/ or http://user:password@example.com/ the 2nd call to pcre_replace() processes the part of it that matches the email address specification, resulting in broken links and text display as well as invalid HTML generation. This commit fixes the behavior by adding logic to distinguish URLs with password and actual emails addresses. Fixes 0012781		Affected Issues 0012781
	mod - core/string_api.php		Diff File
MantisBT: master-1.2.x 21a3469d 2012-05-11 02:08 dregad Details Diff	Fix string_insert_hrefs() to handle URLs with user/password This function inserts the hrefs in 2 steps: 1) URLs and 2) emails. When the string contains URLs specifying a username and/or password, e.g. http://user@example.com/ or http://user:password@example.com/ the 2nd call to pcre_replace() processes the part of it that matches the email address specification, resulting in broken links and text display as well as invalid HTML generation. This commit fixes the behavior by adding logic to distinguish URLs with password and actual emails addresses. Backport of 1.3.x commit f460bbd253e228753360e72984c5ac878b4e553e Uses create_function() for preg_replace_callback instead of an Anonymous function, as they are not supported in PHP < 5.3. Fixes 0012781		Affected Issues 0012781
	mod - core/string_api.php		Diff File