mahara-contributors team mailing list archive

[Robert Lyon <robertl@xxxxxxxxxxxxxxx>]

** Changed in: mahara
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1286935

Title:
  Allowed iframe check doesn't handle URLs with a question mark
  immediately after the domain name

Status in Mahara ePortfolio:
  Fix Released
Status in Mahara 1.10 series:
  Fix Committed
Status in Mahara 1.8 series:
  Fix Committed
Status in Mahara 1.9 series:
  Fix Committed
Status in Mahara 15.04 series:
  Fix Released

Bug description:
  See https://mahara.org/interaction/forum/topic.php?id=6124

  In the Mahara forums, a user reported this issue with an embed code
  for hapyak.com. The full embed code:

  <iframe
  src="//hapyak.com?embed=true&amp;edit=false&amp;startInEditMode=false&amp;track=15572&amp;project=3162&amp;key=2a69d0613a6a43b5a613&amp;source=youtube&amp;source_id=http%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DNWjso1EqSXc&amp;controls=true&amp;nativeControls=false&amp;reset_variables=true&amp;autoplay=false&amp;aspect_ratio=1.3328"
  class="hapyak-embed" marginwidth="0" marginheight="0"
  allowfullscreen="" webkitallowfullscreen="" mozallowfullscreen=""
  frameborder="no" height="699" scrolling="no" width="853"></iframe>

  Note that the URL starts with "//hapyak.com?embed=true...". If you
  change that to "//hapyak.com/?embed=true..." then it works. It looks
  like the problem is that the regular expression we use to identify
  iframes with a valid URL, doesn't handle the scenario of a URL where
  there's a query component but no path component. In other words, a "?"
  immediately after the domain name.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1286935/+subscriptions