The Forum has been Updated
The code has been upgraded to the latest .NET core version. Please check instructions in the Community Announcements about migrating your account.
If you are based on some different language like me which has different way of putting words into sentence, then this might help you a little bit on Snitz.
Ever seen URL's with Apostrophe? You know ' <- Single Quote. I personally didn't. But that often blocked my URL's in my forum. Because to say something at somedomain.com, my users often use apostrophe such as " at www.chip.com.tr ", in my language it is " www.chip.com.tr'deki " as you see, you get a weird domain (english 'at' added into domain itself), including single quote..
So this will be only good thing to do if you have weird users and weird language setup. Now how to quick heal that:
inc_func_common.asp (Goto Line 1539, well, end of the file) you will see following lines. Just remove the parts I marked with red... or you can manually remove every \'
<
Ever seen URL's with Apostrophe? You know ' <- Single Quote. I personally didn't. But that often blocked my URL's in my forum. Because to say something at somedomain.com, my users often use apostrophe such as " at www.chip.com.tr ", in my language it is " www.chip.com.tr'deki " as you see, you get a weird domain (english 'at' added into domain itself), including single quote..
So this will be only good thing to do if you have weird users and weird language setup. Now how to quick heal that:
inc_func_common.asp (Goto Line 1539, well, end of the file) you will see following lines. Just remove the parts I marked with red... or you can manually remove every \'
Code:
<script language="javascript1.2" runat="server">
function edit_hrefs(sURL, iType) {
sOutput = new String(sURL);
if (iType == 1) {
sOutput = sOutput.replace(/\b(http\:\/\/[\w+\.]+[\w+\.\:\/\@\_\?\=\&\-\'\#\%\~\;\,\$\!\+\*]+)/gi,
"<a href=\"$1\" target=\"_blank\">$1<\/a>");
} else if (iType == 2) {
sOutput = sOutput.replace(/\b(https\:\/\/[\w+\.]+[\w+\.\:\/\@\_\?\=\&\-\'\#\%\~\;\,\$\!\+\*]+)/gi,
"<a href=\"$1\" target=\"_blank\">$1<\/a>");
} else if (iType == 3) {
sOutput = sOutput.replace(/\b(www\.[\w+\.\:\/\@\_\?\=\&\-\'\#\%\~\;\,\$\!\+\*]+)/gi,
"<a href=\"http://$1\" target=\"_blank\">$1<\/a>");
} else if (iType == 4) {
sOutput = sOutput.replace(/\b([\w+\-\'\#\%\.\_\,\$\!\+\*]+@[\w+\.?\-\'\#\%\~\_\.\;\,\$\!\+\*]+\.[\w+\.?\-\'\#\%\~\_\.\;\,\$\!\+\*]+)/gi,
"<a href=\"mailto\:$1\">$1<\/a>");
} else if (iType == 5) {
sOutput = sOutput.replace(/\b(ftp\:\/\/[\w+\.]+[\w+\.\:\/\@\_\?\=\&\-\'\#\%\~\;\,\$\!\+\*]+)/gi,
"<a href=\"$1\" target=\"_blank\">$1<\/a>");
} else if (iType == 6) {
sOutput = sOutput.replace(/\b(file\:\/\/\/[\w+\:\/\\]+[\w+\/\w+\.\:\/\\\@\_\?\=\&\-\'\#\%\~\;\,\$\!\+\*]+)/gi,
"<a href=\"$1\" target=\"_blank\">$1<\/a>");
}
return sOutput;
}
</script><
Posted
thanks for the tip<
Posted
not sure exactly what you are saying is wrong. do you have somewhere we can see an example ?<
Posted
it is valid, but not in the domain name itself, only in the path, removing the \' from the edit_hrefs function will cause valid urls containing the ' to be incorrectly parsed by the forum code, so for example having www.test.com/isn't/it would not parse it would remove the 't/it from the URL and become www.test.com/isn<
Posted
Exactly HuwR;
Considering usage of URL's in my language, like " http://forum.snitz.com'a bakabilirsin" means "you can look to http://forum.snitz.com " , sacrificing number of really very limited URL's (which I never meet with test.com/isn't/it type of url's really) with "Apostrophe" in them... as examples 'de, 'da = at in English, 'a, 'e = to, 'den, 'dan = from
So with removing this \' in these regex's, I basically get safety of 99.9% of URL's covered, instead of 60% of them in my language usage... On the other hand, I considered safety measurements with this character, however, I failed to see it effecting any safety problems, since it is basically replacing a text that is ready to be given to user, not input from them...
<
Considering usage of URL's in my language, like " http://forum.snitz.com'a bakabilirsin" means "you can look to http://forum.snitz.com " , sacrificing number of really very limited URL's (which I never meet with test.com/isn't/it type of url's really) with "Apostrophe" in them... as examples 'de, 'da = at in English, 'a, 'e = to, 'den, 'dan = from
So with removing this \' in these regex's, I basically get safety of 99.9% of URL's covered, instead of 60% of them in my language usage... On the other hand, I considered safety measurements with this character, however, I failed to see it effecting any safety problems, since it is basically replacing a text that is ready to be given to user, not input from them...
<
Posted
the problem will be if someone tries to post a valid url like http://www.judibari.org/jury's_message.html in any language forum that url will still be http://www.judibari.org/jury's_message.html but if you remove the \' from the regex it will no longer parse as a valid url<
Posted
Yeah, I considered that type of URL's, so I picked whichever used most. As I said, this is only for different locales that uses URL's such as in my language. If users want to post such rare URL's, they are always welcomed to use [url] [/url] tags :)<
Posted
Originally posted by SiSL
Yeah, I considered that type of URL's, so I picked whichever used most. As I said, this is only for different locales that uses URL's such as in my language. If users want to post such rare URL's, they are always welcomed to use [url] [/url] tags :)
fair enough
just as long as you are aware of possible consequences that is fine.<