* (bug 14154) Captcha domain whitelist regexes now anchored, fixing spammable hole

author Brion Vibber <brion@users.mediawiki.org>

Fri, 16 May 2008 19:14:51 +0000 (19:14 +0000)

committer Brion Vibber <brion@users.mediawiki.org>

Fri, 16 May 2008 19:14:51 +0000 (19:14 +0000)
author Brion Vibber <brion@users.mediawiki.org>
Fri, 16 May 2008 19:14:51 +0000 (19:14 +0000)
committer Brion Vibber <brion@users.mediawiki.org>
Fri, 16 May 2008 19:14:51 +0000 (19:14 +0000)
diff --git a/ConfirmEdit_body.php b/ConfirmEdit_body.php

index 0926cacd30ef436064a133a19138ae16bed452cd..bdebfec6c67320a97b216d1bfaf664ce82d012d0 100644 (file)
--- a/ConfirmEdit_body.php
+++ b/ConfirmEdit_body.php
@@ -408,7 +408,7 @@ class SimpleCaptcha {
                         //$regex = 'http://+[a-z0-9_\-.]*(' . implode( '|', $lines ) . ')';
                         //return '/' . str_replace( '/', '\/', preg_replace('|\\\*/|', '/', $regex) ) . '/Si';
                         $regexes = '';
-                       $regexStart = '/http:\/\/+[a-z0-9_\-.]*(';
+                       $regexStart = '/^https?:\/\/+[a-z0-9_\-.]*(';
                         $regexEnd = ')/Si';
                         $regexMax = 4096;
                         $build = false;
author	Brion Vibber <brion@users.mediawiki.org>
	Fri, 16 May 2008 19:14:51 +0000 (19:14 +0000)
committer	Brion Vibber <brion@users.mediawiki.org>
	Fri, 16 May 2008 19:14:51 +0000 (19:14 +0000)