On Fri, Oct 01, 2010 at 02:15:41PM +0200, PyroPeter wrote:
I did not mean to offend you, and after applying the patch (which I should have done before sending the mails, you are right) your code in fact seems to work a lot better then I thought.
I didn't feel offended in any way, but reporting bugs that don't exist is just counterproductive and a waste of time.
While testing, I found a bug: Post this URL: http://foo.bar/<><>; It seems to trigger two bugs at once, first, the regex does not match whole URL, and second, the href is escaped twice.
I already said that there might be problems if the URL contains quotes or less-than/greater-than symbols in another mail [1]. This can be fixed by removing the first str_replace() (which I also proposed in the same mail) or by repeating the second str_replace() for """, "'", "<" and ">" (which might be even better from the perspective of security). However, I don't think such URLs will be a common use case. The second "bug" is expected behaviour, since punctuation marks at the end of URLs shouldn't be included in the URL itself (imagine someone putting a link at the end of a senctence). This is also how DokuWiki and Flyspray behave. If there really is an URL requiring a punctuation mark at the end of the URL (which there shouldn't be at all), this can be remarked in the comment itself. [1] http://mailman.archlinux.org/pipermail/aur-dev/2010-September/001263.html