Make WordPress Core

Opened 18 years ago

Closed 18 years ago

Last modified 18 years ago

#2889 closed defect (bug) (fixed)

duplicate content when submitting comments

Reported by: whooami's profile whooami Owned by:
Milestone: Priority: high
Severity: normal Version: 2.0.3
Component: General Keywords: comment, function, anchor, make_clickable, bg|has_patch
Focuses: Cc:


An example of the problem is viewable on my brand new sandbox blog @

That is a brand new install with NO plugins installed.

Essentially what is happening is that link is being filtered twice and content is being added to the comment.

When you view the source for the second comment, you will notice that nofollow tags are changed - thats because I edited the make_clickable function and the wp_rel_nofollow function:

function wp_rel_nofollow( $text ) {
	$text = preg_replace('|<a (.+?)>|i', '<a $1 rel="nofollow-function">', $text);
	return $text;
function make_clickable($ret) {
	$ret = ' ' . $ret . ' ';
	$ret = preg_replace("#([\s>])(https?)://([^\s<>{}()]+[^\s.,<>{}()])#i", "$1<a href='$2://$3' rel='nofollow-clickable'>$2://$3</a>", $ret);
	$ret = preg_replace("#(\s)www\.([a-z0-9\-]+)\.([a-z0-9\-.\~]+)((?:/[^ <>{}()\n\r]*[^., <>{}()\n\r]?)?)#i", "$1<a href='http://www.$2.$3$4' rel='nofollow-clickable'>www.$2.$3$4</a>", $ret);
	$ret = preg_replace("#(\s)([a-z0-9\-_.]+)@([a-z0-9\-_.]+)\.([^,< \n\r]+)#i", "$1<a href=\"mailto:$2@$3.$4\">$2@$3.$4</a>", $ret);
	$ret = trim($ret);
	return $ret;

Now the source for the link in question:

<a href="" rel="nofollow-function"><a href='' rel='nofollow-clickable'></a></a>

the comment I submitted was:

<a href=""></a>

Obviously thats not correct.

Attachments (3)

functions-formatting.php.diff (1.0 KB) - added by ptvguy 18 years ago.
make_clickable without anchor wrapping
2889.20.diff (1.2 KB) - added by ryan 18 years ago.
2889.trunk.diff (1.1 KB) - added by ryan 18 years ago.

Download all attachments as: .zip

Change History (22)

#1 @ptvguy
18 years ago

I tried to duplicate this on the Sandbox blog, but moderation is turned on. I can't view the result.

#2 @ptvguy
18 years ago

Nonreproducable error. Possible mod interaction.

#3 @whooami
18 years ago

youre ability to reproduce it on my site is non-factor. I reproduced it 4 times? View the source of the page:

Source of Comment tagged as Markdown comment :

			<p>markdown comment:</p>

<p><a href="" rel="nofollow-function"></a><a href="" rel="nofollow-clickable"></a>


Once again, does that look correct to you?

Ill tell you how to reproduce it:

Make sure you are allowing HTML links in your comments. Thats configurable via kses.php.

Then go comment on your own blog.

Ive reproduced this on 2 installs on 2 seperate servers.

#4 @whooami
18 years ago

and for the record, you didnt even submit the link in the proper format.

An HTML link is done like so:

<a href=""></a>

and that above is exactly what causes the problem.


<a href="">link here</a>

and not

<a href=""></a>

which is, i might add, what you posted in your attempt to comment.

#5 @whooami
18 years ago

here it is again:

Look at the source of my comment:

<a href="" rel="nofollow"></a>
<a href="" rel="nofollow"></a></p>

Thats NOT valid XHTML and it is duplication because of the filtering.

#6 @ryan
18 years ago

This is caused by make_clickable() not properly handling anchors that have the scheme (http://) in the content.

#7 @whooami
18 years ago

well woooonhhoo, nice of you to verify that it does in fact exist, now a fix would be fabulous :)

#8 @ptvguy
18 years ago

  • Milestone set to 2.0.4

Try this (sans mod):

function make_clickable($ret) {
	$ret = ' ' . $ret . ' ';
	$ret = preg_replace("#([\s>])(https?)://([^\s<>{}()]+[^\s.,<>{}()])#i", "$1$2://$3", $ret);
	$ret = preg_replace("#(\s)www\.([a-z0-9\-]+)\.([a-z0-9\-.\~]+)((?:/[^ <>{}()\n\r]*[^., <>{}()\n\r]?)?)#i", "$1<a href='http://www.$2.$3$4' rel='nofollow'>www.$2.$3$4</a>", $ret);
	$ret = preg_replace("#(\s)([a-z0-9\-_.]+)@([a-z0-9\-_.]+)\.([^,< \n\r]+)#i", "$1<a href=\"mailto:$2@$3.$4\">$2@$3.$4</a>", $ret);
	$ret = trim($ret);
	return $ret;

18 years ago

make_clickable without anchor wrapping

#9 @ptvguy
18 years ago

  • Keywords comment function anchor make_clickable bg|has_patch added

#10 @Libertus
18 years ago


The anchor wrapping is necessary to make bare URLs clickable. As we discussed on IRC, the function will have to make a conditional check to ensure the text being made clickable is not already a child node of a link tag.

#11 @whooami
18 years ago

This has the same effect:

$ret = preg_replace("#(^|[\s>])(https?)://([^<>{}\s]+[^.,<>{}\s])#i", "$1<a href='$2://$3' rel='nofollow'>$2://$3</a>", $ret); 
$ret = preg_replace("#(^|[\n ])([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*)#is", "\\1<a href=\"\\2\" rel=\"nofollow\">\\2</a>", $ret);
$ret = preg_replace("#(^|[\n ])((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*)#is", "\\1<a href=\"http://\\2\" rel=\"nofollow\">\\2</a>", $ret);

The effect being that yes, they both fix the http:// problem but they introduce another problem: regular urls such as :

are no longer made clickable when not enclosed in tags.

I spose thats the tradeoff? or did you update that code in the time I took to type this?

#12 @whooami
18 years ago

What libertus said is exactly what I am describing as the introduced problem.

#13 @whooami
18 years ago

  • Resolution set to fixed
  • Status changed from new to closed

Ive fixed it the way it SHOULD be fixed:
bare urls work.

here is the complete function:

function make_clickable($ret) {
	$ret = ' ' . $ret;
	$ret = preg_replace("#(^|[\n ])([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*)#is", "$1<a href='$2' rel='nofollow'>$2</a>", $ret); //fix
	$ret = preg_replace("#(^|[\n ])((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*)#is", "$1<a href='http://$2' rel='nofollow'>$2</a>", $ret); //fix
	$ret = preg_replace("#(\s)([a-z0-9\-_.]+)@([^,< \n\r]+)#i", "$1<a href=\"mailto:$2@$3\">$2@$3</a>", $ret);
	$ret = substr($ret, 1);
	$ret = trim($ret);
	return $ret;

You're all welcome.

#14 @Nazgul
18 years ago

  • Resolution fixed deleted
  • Status changed from closed to reopened

Tickets should be closed after they're committed, not before.

#15 @ptvguy
18 years ago

Much better fix by whooami. I've already incorporated it into my own blog.

#16 @spencerp
18 years ago

Going along with what ptvguy has said, I've also incorporated it into my own blog, running 2.0.4-alpha. But, I've incorporated what you have done here whoo:

I have *not* tested this since adding the "fix", but if someone else wants to try it out, it's fine with me.

I'll just remove the comments when ever. =P And if all else fails, I'll just revert back to the original functions-formatting.php file from the SVN, and go from there. =P

18 years ago

18 years ago

#17 @ryan
18 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

(In [4011]) Make clickable fix from whooami. fixes #2889

#18 @ryan
18 years ago

(In [4012]) Make clickable fix from whooami. fixes #2889

#19 @(none)
18 years ago

  • Milestone 2.0.4 deleted

Milestone 2.0.4 deleted

Note: See TracTickets for help on using tickets.