From 62c9ea7cf9dce44ec81b28dd20a0a955ef53e577 Mon Sep 17 00:00:00 2001 From: Tim Abbott Date: Fri, 30 Aug 2019 09:36:14 -0700 Subject: [PATCH] linkifiers: Fix problems with capture groups called "name". Apparently, due to poor naming of the outer capture group we use to separate the actual match from the surrounding whitespace (etc.) we use to determine if the syntax is a possible linkifier start/end, if you created a linkifier using "name" as the capture group, we'd try to compile a pattern with two capture groups called "name", which would 500, preventing anyone from accessing the organization. --- zerver/lib/bugdown/__init__.py | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/zerver/lib/bugdown/__init__.py b/zerver/lib/bugdown/__init__.py index 40569f6723..d95a1b62e2 100644 --- a/zerver/lib/bugdown/__init__.py +++ b/zerver/lib/bugdown/__init__.py @@ -1594,11 +1594,16 @@ class AutoNumberOListPreprocessor(markdown.preprocessors.Preprocessor): return lines +# Name for the outer capture group we use to separate whitespace and +# other delimiters from the actual content. This value won't be an +# option in user-entered capture groups. +OUTER_CAPTURE_GROUP = "linkifier_actual_match" def prepare_realm_pattern(source: str) -> str: - """ Augment a realm filter so it only matches after start-of-string, + """Augment a realm filter so it only matches after start-of-string, whitespace, or opening delimiters, won't match if there are word - characters directly after, and saves what was matched as "name". """ - return r"""(?""" + source + r')(?!\w)' + characters directly after, and saves what was matched as + OUTER_CAPTURE_GROUP.""" + return r"""(?%s)(?!\w)""" % (OUTER_CAPTURE_GROUP, source) # Given a regular expression pattern, linkifies groups that match it # using the provided format string to construct the URL. @@ -1616,7 +1621,7 @@ class RealmFilterPattern(markdown.inlinepatterns.Pattern): db_data = self.markdown.zulip_db_data return url_to_a(db_data, self.format_string % m.groupdict(), - m.group("name")) + m.group(OUTER_CAPTURE_GROUP)) class UserMentionPattern(markdown.inlinepatterns.Pattern): def handleMatch(self, m: Match[str]) -> Optional[Element]: