Page MenuHomePhabricator
Create Task
Maniphest T6377

Spam blacklist can be evaded by adding square bracket to URL
Closed, ResolvedPublic
Actions

Description

Author: dotkorg

Description:
The spam blacklist extension will not match URLs which contain square brackets. For
example, if a line in a blacklist file is:

example\.com

then [http://spam.example.com/] will be blocked but
[http://spam.[.example.com/] will be ignored.

Cheers, Korg

Version: unspecified
Severity: normal
URL: http://jv.wiktionary.org/w/index.php?title=Wiktionary:About&curid=1607&diff=4087&oldid=4057

Details

Reference
bz4377

Revisions and Commits

Unknown Object (Diffusion Commit)

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 9:01 PM
bzimport added a project: MediaWiki-Parser.
bzimport set Reference to bz4377.
bzimport added a subscriber: Unknown Object (MLST).
bzimport created this task.Dec 24 2005, 6:46 AM
brooke added a comment.Dec 24 2005, 6:59 AM

Since that wouldn't be a valid URL, it shouldn't be getting picked up as a link at all.

bzimport added a comment.Dec 24 2005, 9:54 AM

dotkorg wrote:

The URL seems to be valid, we can go to the website.

The domain 0s48.info is blacklisted, but the spammer continues to spam:
http://bo.wiktionary.org/w/index.php?title=Wiktionary:General_disclaimer&curid=1557&diff=4200&oldid=4162
http://bs.wiktionary.org/w/index.php?title=Wiktionary:General_disclaimer&diff=4654&oldid=4599
http://la.wiktionary.org/w/index.php?title=Current_events&diff=prev&oldid=19872

brooke added a comment.Dec 24 2005, 9:55 AM

It's invalid in that the "]" character is explicitly disallowed in URLs. Some software is lax in
treating this.

brooke added a comment.Dec 24 2005, 10:09 AM

Any such invalid links are now broken.

bzimport added a comment.Dec 24 2005, 10:17 AM

dotkorg wrote:

Thanks Brion!

fsteinel added a comment.Dec 27 2005, 4:51 PM
  • Bug 4384 has been marked as a duplicate of this bug. ***
epriestley added a commit: Unknown Object (Diffusion Commit).Mar 4 2015, 8:15 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL