Jump to content


Photo

BBCode mishandled nesting with paramiters.


http://regexpal.com/ is your friend. Evidently case-sensitivity is not.

This only affects comma seperated paramiters like font. Others do not appear to be affected, but I have not attempted to generate a comprehensive set of test cases.

Test cases below.
 
[list=1]
[*][font=terminal,monospace]Font [i]Font+Italic.yml[/i][/font]
[*][font=terminal,monospace]Font [i]F[/i][i]o[/i][i]n[/i][i]t[/i][i]+[/i][i]I[/i][i]t[/i][i]a[/i][i]l[/i][i]i[/i][i]c[/i][i].[/i][i]y[/i][i]m[/i][i]l[/i][/font]
[*][font=terminal,monospace]Font [i]F[/i][/font][font=terminal,monospace][i]o[/i][/font][font=terminal,monospace][i]n[/i][/font][font=terminal,monospace][i]t[/i][/font][font=terminal,monospace][i]+[/i][/font][font=terminal,monospace][i]I[/i][/font][font=terminal,monospace][i]t[/i][/font][font=terminal,monospace][i]a[/i][/font][font=terminal,monospace][i]l[/i][/font][font=terminal,monospace][i]i[/i][/font][font=terminal,monospace][i]c[/i][/font][font=terminal,monospace][i].[/i][/font][font=terminal,monospace][i]y[/i][/font][font=terminal,monospace][i]m[/i][/font][font=terminal,monospace][i]l[/i][/font]
[*][i]F[/i][/font][font=terminal,monospace]o[/font][font=terminal,monospace]n[/font][font=terminal,monospace]t[/font][font=terminal,monospace][i]+[/i][/font][font=terminal,monospace][i]I[/i][/font][font=terminal,monospace]t[/font][font=terminal,monospace]a[/font][font=terminal,monospace]l[/font][font=terminal,monospace]i[/font][font=terminal,monospace]c[/font][font=terminal,monospace][i].[/i][/font][font=terminal,monospace]y[/font][font=terminal,monospace]m[/font][font=terminal,monospace]l[/font]
[*][font=terminal,monospace]Font [/font][i][font=terminal,monospace]Font+Italic.yml[/font][/i]
[/list]
[list=1]
[*][color=#800080]Font [i]Font+Italic.yml[/i][/color]
[*][color=#800080]Font [i]F[/i][i]o[/i][i]n[/i][i]t[/i][i]+[/i][i]I[/i][i]t[/i][i]a[/i][i]l[/i][i]i[/i][i]c[/i][i].[/i][i]y[/i][i]m[/i][i]l[/i][/color]
[*][color=#800080]Font [i]F[/i][/color][color=#800080][i]o[/i][/color][color=#800080][i]n[/i][/color][color=#800080][i]t[/i][/color][color=#800080][i]+[/i][/color][color=#800080][i]I[/i][/color][color=#800080][i]t[/i][/color][color=#800080][i]a[/i][/color][color=#800080][i]l[/i][/color][color=#800080][i]i[/i][/color][color=#800080][i]c[/i][/color][color=#800080][i].[/i][/color][color=#800080][i]y[/i][/color][color=#800080][i]m[/i][/color][color=#800080][i]l[/i][/color]
[*][i]F[/i][/color][color=#800080]o[/color][color=#800080]n[/color][color=#800080]t[/color][color=#800080][i]+[/i][/color][color=#800080][i]I[/i][/color][color=#800080]t[/color][color=#800080]a[/color][color=#800080]l[/color][color=#800080]i[/color][color=#800080]c[/color][color=#800080][i].[/i][/color][color=#800080]y[/color][color=#800080]m[/color][color=#800080]l[/color]
[*][color=#800080]Font [/color][i][color=#800080]Font+Italic.yml[/color][/i]
[/list]
[list=1]
[*][b]Bold [i]Bold+Italic.yml[/i][/b]
[*][b]Bold [i]B[/i][i]o[/i][i]l[/i][i]d[/i][i]+[/i][i]I[/i][i]t[/i][i]a[/i][i]l[/i][i]i[/i][i]c[/i][i].[/i][i]y[/i][i]m[/i][i]l[/i][/b]
[*][b]Bold [i]B[/i][/b][b][i]o[/i][/b][b][i]l[/i][/b][b][i]d[/i][/b][b][i]+[/i][/b][b][i]I[/i][/b][b][i]t[/i][/b][b][i]a[/i][/b][b][i]l[/i][/b][b][i]i[/i][/b][b][i]c[/i][/b][b][i].[/i][/b][b][i]y[/i][/b][b][i]m[/i][/b][b][i]l[/i][/b]
[*][i]B[/i][/b][b]o[/b][b]l[/b][b]d[/b][b][i]+[/i][/b][b][i]I[/i][/b][b]t[/b][b]a[/b][b]l[/b][b]i[/b][b]c[/b][b][i].[/i][/b][b]y[/b][b]m[/b][b]l[/b]
[*][b]Bold [/b][i][b]Bold+Italic.yml[/b][/i]
[/list]


  • Font Font+Italic.yml
  • Font Font+Italic.yml
  • Font Font+Italic.yml
  • Font Font+Italic.yml
  • Font Font+Italic.yml

  • Bold Bold+Italic.yml
  • Bold Bold+Italic.yml
  • Bold Bold+Italic.yml
  • Bold Bold+Italic.yml
  • Bold Bold+Italic.yml

  • Font Font+Italic.yml
  • Font Font+Italic.yml
  • Font Font+Italic.yml
  • Font Font+Italic.yml
  • Font Font+Italic.yml

 
Spoiler

Status: Not a Bug
Version: 3.3.4
Fixed In: 0


3 Comments

Photo
Christian M.
Jul 15 2012 02:24 PM
was all this on purpose or is this the result?
[list=1]
[*][b]Bold [i]Bold+Italic.yml[/i][/b]
[*][b]Bold [i]B[/i][i]o[/i][i]l[/i][i]d[/i][i]+[/i][i]I[/i][i]t[/i][i]a[/i][i]l[/i][i]i[/i][i]c[/i][i].[/i][i]y[/i][i]m[/i][i]l[/i][/b]
[*][b]Bold [i]B[/i][/b][b][i]o[/i][/b][b][i]l[/i][/b][b][i]d[/i][/b][b][i]+[/i][/b][b][i]I[/i][/b][b][i]t[/i][/b][b][i]a[/i][/b][b][i]l[/i][/b][b][i]i[/i][/b][b][i]c[/i][/b][b][i].[/i][/b][b][i]y[/i][/b][b][i]m[/i][/b][b][i]l[/i][/b]
[*][i]B[/i][/b][b]o[/b][b]l[/b][b]d[/b][b][i]+[/i][/b][b][i]I[/i][/b][b]t[/b][b]a[/b][b]l[/b][b]i[/b][b]c[/b][b][i].[/i][/b][b]y[/b][b]m[/b][b]l[/b]
[*][b]Bold [/b][i][b]Bold+Italic.yml[/b][/i]
[/list]
My appologies; I presumed that it was bug in IPB since there is clearly arbitary regex injection taking place affecting formatting generated from arbitary BBCode input containg comma seperated values, and it seemed logical that that this was taking place in the BBCode parser.

However while collecting screenshots and sampling HTML output much to my horror and embarassment, I have realised that FireFox's (13.0.1) HTML interpreter for no descernable reason what is actually interpreting arbitary regexes from the very specific HTML/CSS tags generated by IPB for the above test cases.

This remains true after another round of updates and uninstalling/disabling any plugins.

This is still a problem, but not one I expect IPB to fix; unlike the parser capturing tag identifying keywords in paramiters of other already identified tags...
Updating Fixed In to: 0
Updating Status to: Not a Bug

-