From 001e4276d31149e07cef31e468dcc1e227e0eda9 Mon Sep 17 00:00:00 2001
From: redmatrix <redmatrix@redmatrix.me>
Date: Thu, 5 Nov 2015 16:08:18 -0800
Subject: first cut at some much better hook documentation derived from
 bamfic's automated list (doc/hooks.html)

---
 include/bbcode.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'include')

diff --git a/include/bbcode.php b/include/bbcode.php
index 517f22bee..05802aa57 100644
--- a/include/bbcode.php
+++ b/include/bbcode.php
@@ -599,6 +599,7 @@ function bbcode($Text, $preserve_nl = false, $tryoembed = true, $cache = false)
 		$Text = preg_replace("/\[mail\=([$MAILSearchString]*)\](.*?)\[\/mail\]/", '<a href="mailto:$1" target="_newwin" >$2</a>', $Text);
 	}
 
+
 	// leave open the posibility of [map=something]
 	// this is replaced in prepare_body() which has knowledge of the item location
 
@@ -983,7 +984,12 @@ function bbcode($Text, $preserve_nl = false, $tryoembed = true, $cache = false)
 	$Text = preg_replace('/\[\&amp\;([#a-z0-9]+)\;\]/', '&$1;', $Text);
 
 	// fix any escaped ampersands that may have been converted into links
-	$Text = preg_replace("/\<(.*?)(src|href)=(.*?)\&amp\;(.*?)\>/ism", '<$1$2=$3&$4>', $Text);
+
+	if(strpos($Text,'&amp;') !== false)
+		$Text = preg_replace("/\<(.*?)(src|href)=(.*?)\&amp\;(.*?)\>/ism", '<$1$2=$3&$4>', $Text);
+
+	// This is subtle - it's an XSS filter. It only accepts links with a protocol scheme and where
+	// the scheme begins with z (zhttp), h (http(s)), f (ftp), m (mailto), and named anchors.
 
 	$Text = preg_replace("/\<(.*?)(src|href)=\"[^zhfm#](.*?)\>/ism", '<$1$2="">', $Text);
 
-- 
cgit v1.2.3