[buddypress-trac] [BuddyPress Trac] #6584: bp_activity_create_summary wrongly extracted <iframe src="....htm"/> as <img src="....htm"/>

buddypress-trac noreply at wordpress.org
Fri Aug 7 21:45:21 UTC 2015 

#6584: bp_activity_create_summary wrongly extracted <iframe src="....htm"/> as
<img src="....htm"/>
----------------------------------+-----------------------------
 Reporter:  webp                  |      Owner:
     Type:  defect (bug)          |     Status:  new
 Priority:  low                   |  Milestone:  Awaiting Review
Component:  Component - Activity  |    Version:  2.3.2
 Severity:  minor                 |   Keywords:  has-patch
----------------------------------+-----------------------------
 '''After posting <iframe src="....htm"> in a post, an activity summary was
 created with an image with a broken link at the end.  HTML source shows
 the image with broken link: '''
 {{{
     <img src="....htm"/>
 }}}

 select content from wp_bp_activity where id=xyz ;
 {{{
 | .... <img src="...htm"/> |
 }}}

 Troubleshoot:

 vi bp-activity/bp-activity-functions.php
 {{{
 function bp_activity_create_summary( $content, $activity ) {
     $media = $extractor->extract( $content, BP_Media_Extractor::ALL, $args
 );
 }}}


 vi bp-core/classes/class-bp-media-extractor.php

 {{{
 class BP_Media_Extractor {
     protected function extract_images( $richtext, $plaintext, $extra_args
 = array() ) {
         if ( stripos( $richtext, 'src=' ) !== false ) {
             preg_match_all( '#src=(["\'])([^"\']+)\1#i', $richtext,
 $img_srcs );  // matches src="text" and src='text'
 }}}

 '''Suggest the following change so <iframe src='*.htm'> will not get
 extracted into summary:'''

 {{{
             preg_match_all( '#(?<!iframe) src=(["\'])([^"\']+)\1#i',
 $richtext, $img_srcs );  // matches src="text" and src='text', excluding
 iframe src=
 }}}
 OR:
 {{{
             preg_match_all( '#img src=(["\'])([^"\']+)\1#i', $richtext,
 $img_srcs );  // matches img src="text" and img src='text'
 }}}


 '''Database fix (for MariaDB with REGEXP_REPLACE):'''

 {{{
 UPDATE wp_bp_activity SET content = REGEXP_REPLACE(content, ' <img
 src=(["\'])[^"\']+\\1\/>', '') WHERE content LIKE '%img src%';
 }}}

 Above fixes were tested for BuddyPress 2.3.2 and MariaDB 10.0.19

--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/6584>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac

More information about the buddypress-trac mailing list