Description
Several hostnames on the BadContent page is not escaped. The dot is interpreted as a wildcard character and thus causes false positives.
Steps to reproduce
- Try on a wiki with antispam enabled to write the danish word for parsley pesto: persillepesto
You will receive an error that "lepesto" is not allowed on this wiki
The cause of this example false positive is that the hostname lepe . to (without the spaces) is banned - but that domain name is wrongly written without a backslash at the dot.
Example
Details
MoinMoin Version |
1.3.4 |
OS and Version |
Debian Linux sarge |
Python Version |
2.3 |
Workaround
Discussion
This one case is fixed - but the source of the problems is not. Antispam is broken - it does not limit the check to links. It should check only links e.g http://lep``esto.com should match, lepesto should not.
As we already discussed about, antispam is intended to be very generic. Thus it just matches page content against a list of regexes, no more, no less. If you want it to match only http links, you have to put up regexes with http://... onto BadContent. This is a feature, not a bug. Of course if we have false positive, we fix that at the right place, i.e. the wrong regex. -- ThomasWaldmann 2005-07-01 08:39:51
This design is broken, antispam should not be generic but handle only links. I plan to put an alternative AntiLinkSpam module on the market (SecurityPolicyMarket ?). Then each admin can choose the solution that works best for him, and according to the users feedback we can integrate it into future release. -- NirSoffer 2005-07-02 06:12:04
Plan
- Priority:
- Assigned to:
Status: the regular expression was fixed on MoinMaster.