• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Duplicate [1.2.5] Steam/TS3 protocol links automatically have http:// prepended which breaks them

#1
Putting a steam link in a post (i.e. steam://connect/154.123.23.1:2512) breaks because it's automatically changed to http://steam://connect/154.123.23.1:2512
Same with teamspeak3 links

Adding the bolded text in the following files will fix it:

xenforo/js/xenforo/full/bb_code_edit.js:
Line 1319: else if (!val.match(/^https?:|steam:|ts3server:|ftp:/i))
NB: a minified version of the edited file should be saved to js/xenforo/

xenforo/library/XenForo/BbCode/Formatter/Base.php:
Line 811: if (preg_match('#^(https?|ftp|steam|ts3server)://#i', $url))

xenforo/library/XenForo/BbCode/Formatter/BbCode/AutoLink.php:
Line 136: '#(?<=[^a-z0-9@-]|^)(https?://|ftp://|steam://|ts3server://|www\.)[^\s"]+#i',

xenforo/library/XenForo/Helper/String.php:
Line 238: '#(?<=[^a-z0-9@-]|^)(https?://|ftp://|steam://|ts3server://|www\.)[^\s"]+#i',

xenforo/library/XenForo/Html/Renderer/BbCode.php:
Line 476: if (preg_match('#^(https?|steam|ts3server|ftp)://#i', $url))
 
Last edited:
#2
Apologies, I've just noticed that someone else had asked this question and it had been moved to resolved and marked 'as designed' with security issues given as the reason. Are there any security implications with the fix I've given?
 

Ralle

Active member
#3
As long as it is a whitelist and not a wildcard before the :// there should be no issues except for the fact that the guys have to maintain a big list of "protocols".