Bug rel="nofollow" not looking at whitelist

[frankfa]

I made some code changes to get the whitelist to work correctly. It looks like URL compared is the full URL instead of just the domain. It also looks like the preg_match variables are switched. The following code is working for me:

dbtech/dbseo/includes/class_core.php:5552

$url_parts = parse_url($url);
            $url_host = str_replace('www.','',$url_parts['host']);

			if ($_isExternal)
			{
				// We have an external URL
				if (
					(
						self::$config['dbtech_dbseo_externalurls'] AND (
							!self::$config['dbtech_dbseo_externalurls_whitelist'] OR 
							!preg_match('#' . $url_host . '#i', self::$config['dbtech_dbseo_externalurls_whitelist'])
						)
					) OR (
						!self::$config['dbtech_dbseo_externalurls'] AND (
							self::$config['dbtech_dbseo_externalurls_whitelist'] AND
                            preg_match('#' . $url_host . '#i', self::$config['dbtech_dbseo_externalurls_whitelist'])
						)
					) AND
					strpos($urlPrefix . $urlAttributes . $urlSuffix, 'rel=') === false
				)
				{
					// We didn't have a rel tag already, add one
					$urlPrefix = preg_replace('#(<a\s)#is', '\\1' . $_noFollow . ' ', $urlPrefix);
				}

				// Add external link tracking
				self::trackExternalLink($urlPrefix, $url, $urlSuffix, (substr($inTag, 0, 5) == 'Visit' ? 'onmouseup' : ''));
			}

 

[Fillip H.]

I've implemented your change in the release files, thanks

 

[vbluis]

Thanks, I feel the same.

But where should I replace my code? Or where should I add this code?

I add this line in 5552? Or Replacement?

thanks

 

[Fillip H.]

Re-download the product and re-upload that file

 

[vbluis]

Ok thank you

 

[vbluis]

Hello, still does not work. I delete "class_core.php" and I upload the new ""class_core.php" and the links are nofollow yet : (

 

[Fillip H.]

frankfa: Can you please confirm whether the v1.0.6 update works for you without manual file edits?

 

[vbluis]

frankfa: Can you please confirm whether the v1.0.6 update works for you without manual file edits?

Thanks for the help, but you may frankfa days later to see this message.
Can you help me? Any idea?
It is not my intention to hit this topic. Sorry.
thanks

 

[Fillip H.]

The reason why I requested an update from that person was to determine whether it was possible that my implementation of his fix was incomplete. I will need them to report back in order to determine if that is the case.

 

[vbluis]

Hello. I sent a private message to frankfa few days ago. I asked him to review the topic. But I think I was unable to do so.

Meanwhile this use is still not working for me.

I upgraded to DBSEO 8. Please can you solve me?

thanks

 

[frankfa]

frankfa: Can you please confirm whether the v1.0.6 update works for you without manual file edits?

So it looks like you didn't implement everything the way I supplied it. Your regex and subject are backwards in your preg_match functions. You should be looking for the URL in the white list value not the other way around.

Sorry for not getting back to this thread sooner, but I've been really busy. This isn't a hard test case to test. Fillip H., please test this when you make the change.

I also have some concerns about the way the blacklist was implemented, but I'm not going to use it and don't have time to test it.

 

[Fillip H.]

So it looks like you didn't implement everything the way I supplied it. Your regex and subject are backwards in your preg_match functions.

No, that's incorrect. The pattern is supposed to be the list of domains, and the subject should be the URL.

Please see the following documentation: PHP: preg_match - Manual

That being said, what I had failed to take into consideration was the fact that the whitelist is being supplied in the AdminCP with newlines, and they had not been correctly converted to | before being passed to preg_match.

In other words, the admin inputs this:

domain1.com
domain2.com
domain3.com

The code expects this:

domain1\.com|domain2\.com|domain3\.com

This will be resolved in the next version

 

[frankfa]

No, that's incorrect. The pattern is supposed to be the list of domains, and the subject should be the URL.

Please see the following documentation: PHP: preg_match - Manual

No, your new way will work as well, but it isn't the best way to do it. You're now setting up your pattern to look for any of the domains by including the OR modifier for regular expressions. Why not just take the URL's domain and look for that pattern in your list of domains? You can continue to save it with new lines and it will still work. My way is equivalent to using in_array vs using multiple OR conditions in an IF statement to see if a value is included in the array.

My method is working and it's easier to implement, but it's your software so do as you please.

 

[Fillip H.]

Why not just take the URL's domain and look for that pattern in your list of domains?

Because that will result in partial matches being incorrectly added to the whitelist.

Try running this script, and you'll see what I mean:

<?php
var_dump(preg_match('#byte-tech\.com#', 'dragonbyte-tech.com|domain.com|test.com'));
echo "<br />";
var_dump(preg_match('#dragonbyte\-tech\.com|domain\.com|test\.com#', 'tech.com'));
?>

The output is as follows:

int(1)
int(0)

In other words: With your method, whitelisting dragonbyte-tech.com will also whitelist tech.com, byte-tech.com, etc. This is undesirable behaviour.

That being said, an argument could be made for not using preg_match() in this instance since we don't expect administrators to enter regular expression syntax for their whitelist domain list.

 

[frankfa]

Ah, good point. Thanks for fixing!

 

[vbluis]

thank you. It's works