PATCH: kdelibs/kdecore/kstringhandler.cpp tagURLs() method

[Marc Mutz]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wednesday 10 July 2002 09:57, Scott Wheeler wrote:
> -    /*static*/ QRegExp
> urlEx("(www\\.|(f|ht)tp(|s)://)[\\d\\w./,:_~\\?=&;#-]+[\\d\\w/]"); -
> +    QRegExp
> urlEx("(www\\.|ftp\\.|(f|ht)tp(|s):\\/\\/)[\\d\\w.\\/\\,\\:\\_\\~\\?\
>\=\\&\\;\\#\\-]+[\\d\\w\\/]");

This inflation of LTS[1] is not needed, IMO.
Also, for speed, the parentheses (foo) should be written as the 
non-capturing (and very much faster) version (?:foo). The use of cap(1) 
can be replaced with something like href.beginsWith( "www." ) and 
href.beginsWith( "ftp." ).

There is a "format string vulnerability" in that if href contains "%1" 
or "%0" (not unlikely for an URL), then the second .arg() will place 
the href wrongly, obviously. That's something you always have to keep 
in mind when using QString::arg() and user-supplied text: multiple 
.arg() calls can be tricked into replacing the wrong stuff! Will send 
something to qt-bugs regarding this.

And a nitpick: QString hrefProtocol shouldn't get "" assigned to.

Marc

[1] Known as Leaning Toothpick Syndrome to old perl users.

- -- 
Marc Mutz <mutz at kde.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9LHVe3oWD+L2/6DgRAuZSAKC5swLCwn96jiIWn/3T98qOE5RtWQCfXnYl
5sej2VSk9l1hcSZEwfR5+oA=
=Dwh5
-----END PGP SIGNATURE-----