Make WordPress Core

Opened 17 years ago

Closed 17 years ago

Last modified 17 years ago

#2889 closed defect (bug) (fixed)

duplicate content when submitting comments

Reported by: whooami's profile whooami Owned by:
Milestone: Priority: high
Severity: normal Version: 2.0.3
Component: General Keywords: comment, function, anchor, make_clickable, bg|has_patch
Focuses: Cc:


An example of the problem is viewable on my brand new sandbox blog @

That is a brand new install with NO plugins installed.

Essentially what is happening is that link is being filtered twice and content is being added to the comment.

When you view the source for the second comment, you will notice that nofollow tags are changed - thats because I edited the make_clickable function and the wp_rel_nofollow function:

function wp_rel_nofollow( $text ) {
	$text = preg_replace('|<a (.+?)>|i', '<a $1 rel="nofollow-function">', $text);
	return $text;
function make_clickable($ret) {
	$ret = ' ' . $ret . ' ';
	$ret = preg_replace("#([\s>])(https?)://([^\s<>{}()]+[^\s.,<>{}()])#i", "$1<a href='$2://$3' rel='nofollow-clickable'>$2://$3</a>", $ret);
	$ret = preg_replace("#(\s)www\.([a-z0-9\-]+)\.([a-z0-9\-.\~]+)((?:/[^ <>{}()\n\r]*[^., <>{}()\n\r]?)?)#i", "$1<a href='http://www.$2.$3$4' rel='nofollow-clickable'>www.$2.$3$4</a>", $ret);
	$ret = preg_replace("#(\s)([a-z0-9\-_.]+)@([a-z0-9\-_.]+)\.([^,< \n\r]+)#i", "$1<a href=\"mailto:$2@$3.$4\">$2@$3.$4</a>", $ret);
	$ret = trim($ret);
	return $ret;

Now the source for the link in question:

<a href="" rel="nofollow-function"><a href='' rel='nofollow-clickable'></a></a>

the comment I submitted was:

<a href=""></a>

Obviously thats not correct.

Attachments (3)

functions-formatting.php.diff (1.0 KB) - added by ptvguy 17 years ago.
make_clickable without anchor wrapping
2889.20.diff (1.2 KB) - added by ryan 17 years ago.
2889.trunk.diff (1.1 KB) - added by ryan 17 years ago.

Download all attachments as: .zip

Change History (22)

#1 @ptvguy
17 years ago

I tried to duplicate this on the Sandbox blog, but moderation is turned on. I can't view the result.

#2 @ptvguy
17 years ago

Nonreproducable error. Possible mod interaction.

#3 @whooami
17 years ago

youre ability to reproduce it on my site is non-factor. I reproduced it 4 times? View the source of the page:

Source of Comment tagged as Markdown comment :

			<p>markdown comment:</p>

<p><a href="" rel="nofollow-function"></a><a href="" rel="nofollow-clickable"></a>


Once again, does that look correct to you?

Ill tell you how to reproduce it:

Make sure you are allowing HTML links in your comments. Thats configurable via kses.php.

Then go comment on your own blog.

Ive reproduced this on 2 installs on 2 seperate servers.

#4 @whooami
17 years ago

and for the record, you didnt even submit the link in the proper format.

An HTML link is done like so:

<a href=""></a>

and that above is exactly what causes the problem.


<a href="">link here</a>

and not

<a href=""></a>

which is, i might add, what you posted in your attempt to comment.

#5 @whooami
17 years ago

here it is again:

Look at the source of my comment:

<a href="" rel="nofollow"></a>
<a href="" rel="nofollow"></a></p>

Thats NOT valid XHTML and it is duplication because of the filtering.

#6 @ryan
17 years ago

This is caused by make_clickable() not properly handling anchors that have the scheme (http://) in the content.

#7 @whooami
17 years ago

well woooonhhoo, nice of you to verify that it does in fact exist, now a fix would be fabulous :)

#8 @ptvguy
17 years ago

  • Milestone set to 2.0.4

Try this (sans mod):

function make_clickable($ret) {
	$ret = ' ' . $ret . ' ';
	$ret = preg_replace("#([\s>])(https?)://([^\s<>{}()]+[^\s.,<>{}()])#i", "$1$2://$3", $ret);
	$ret = preg_replace("#(\s)www\.([a-z0-9\-]+)\.([a-z0-9\-.\~]+)((?:/[^ <>{}()\n\r]*[^., <>{}()\n\r]?)?)#i", "$1<a href='http://www.$2.$3$4' rel='nofollow'>www.$2.$3$4</a>", $ret);
	$ret = preg_replace("#(\s)([a-z0-9\-_.]+)@([a-z0-9\-_.]+)\.([^,< \n\r]+)#i", "$1<a href=\"mailto:$2@$3.$4\">$2@$3.$4</a>", $ret);
	$ret = trim($ret);
	return $ret;

17 years ago

make_clickable without anchor wrapping

#9 @ptvguy
17 years ago

  • Keywords comment function anchor make_clickable bg|has_patch added

#10 @Libertus
17 years ago


The anchor wrapping is necessary to make bare URLs clickable. As we discussed on IRC, the function will have to make a conditional check to ensure the text being made clickable is not already a child node of a link tag.

#11 @whooami
17 years ago

This has the same effect:

$ret = preg_replace("#(^|[\s>])(https?)://([^<>{}\s]+[^.,<>{}\s])#i", "$1<a href='$2://$3' rel='nofollow'>$2://$3</a>", $ret); 
$ret = preg_replace("#(^|[\n ])([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*)#is", "\\1<a href=\"\\2\" rel=\"nofollow\">\\2</a>", $ret);
$ret = preg_replace("#(^|[\n ])((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*)#is", "\\1<a href=\"http://\\2\" rel=\"nofollow\">\\2</a>", $ret);

The effect being that yes, they both fix the http:// problem but they introduce another problem: regular urls such as :

are no longer made clickable when not enclosed in tags.

I spose thats the tradeoff? or did you update that code in the time I took to type this?

#12 @whooami
17 years ago

What libertus said is exactly what I am describing as the introduced problem.

#13 @whooami
17 years ago

  • Resolution set to fixed
  • Status changed from new to closed

Ive fixed it the way it SHOULD be fixed:
bare urls work.

here is the complete function:

function make_clickable($ret) {
	$ret = ' ' . $ret;
	$ret = preg_replace("#(^|[\n ])([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*)#is", "$1<a href='$2' rel='nofollow'>$2</a>", $ret); //fix
	$ret = preg_replace("#(^|[\n ])((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*)#is", "$1<a href='http://$2' rel='nofollow'>$2</a>", $ret); //fix
	$ret = preg_replace("#(\s)([a-z0-9\-_.]+)@([^,< \n\r]+)#i", "$1<a href=\"mailto:$2@$3\">$2@$3</a>", $ret);
	$ret = substr($ret, 1);
	$ret = trim($ret);
	return $ret;

You're all welcome.

#14 @Nazgul
17 years ago

  • Resolution fixed deleted
  • Status changed from closed to reopened

Tickets should be closed after they're committed, not before.

#15 @ptvguy
17 years ago

Much better fix by whooami. I've already incorporated it into my own blog.

#16 @spencerp
17 years ago

Going along with what ptvguy has said, I've also incorporated it into my own blog, running 2.0.4-alpha. But, I've incorporated what you have done here whoo:

I have *not* tested this since adding the "fix", but if someone else wants to try it out, it's fine with me.

I'll just remove the comments when ever. =P And if all else fails, I'll just revert back to the original functions-formatting.php file from the SVN, and go from there. =P

17 years ago

17 years ago

#17 @ryan
17 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

(In [4011]) Make clickable fix from whooami. fixes #2889

#18 @ryan
17 years ago

(In [4012]) Make clickable fix from whooami. fixes #2889

#19 @(none)
17 years ago

  • Milestone 2.0.4 deleted

Milestone 2.0.4 deleted

Note: See TracTickets for help on using tickets.