3) Added the final $ anchor, without which the final (/.*)? became meaningless.
Failing to change this means that URLs like the following would match:
http://localhost:76579
http://localhost:76579
or
http://localhost:7657?something=bad
http://localhost:7657?something=bad
Not a terrible risk, but who can tell what's running on port 76579? So if you want to guarantee anything following the port number is separated by a slash, you need that anchor.
...
...
@@ -47,7 +47,7 @@ While we're at it, let's look at the other regexps on that page.
Well, the following would match:
http://malicious.example.com?.i2p
http://malicious.example.com?.i2p
That is, a regular .com site could be sent through the .i2p filter. No idea if that could be exploited, but let's fix that up anyway.
...
...
@@ -86,3 +86,5 @@ Many apologies if my English is unclear: please feel free to ask for clarificati
> Thanks! All this was fixed in the devel branch (41ee709)
> => [[!taglink pending]]
>> Thanks for the update, and for fixing up my markup - I learned stuff! :D Is the devel branch publicly available on some SVN somewhere or something? I'd kinda like to doublecheck that the final regexes look good, and to fix the pages here to show the regexes actually used.
>> Unfortunately, looks like blogspam still won't let me post this page without messing the URLs, though... would that it only checked the diff, rather than the whole page!
