(bug 5185) Strip out SGML comments before scanning the text for matches so some nutter can't circumvent the lot with a well placed

2024-11-15 03:13:58 +00:00 · 2006-04-12 04:59:27 +00:00 · 2006-04-12 04:59:27 +00:00 · 992a1ac684
parent 3f5145d746
commit 992a1ac684
1 changed files with 4 additions and 0 deletions
--- a/SpamBlacklist_body.php
+++ b/SpamBlacklist_body.php
@ -145,6 +145,10 @@ class SpamBlacklist {
 		$regex =& $this->getRegex();

 		if ( $regex && $regex[0] == '/' ) {
+			# Strip SGML comments out of the markup
+			# This was being used to circumvent the filter (see bug 5185)
+			$text = preg_replace( '/<\!--.*-->/', '', $text );
+
 			# Do the match
 			wfDebug( "Checking text against regex: $regex\n" );
 			if ( preg_match( $regex, $text, $matches ) ) {