typing an url as < a h r e f = "url" >url< / a > breaks the parser.
< a h r e f = "url" >some text< / a > works
yes, it works now
A new link parsing bug this one affect post editing:
when doing a link to SOL, on the edited post the link is root relative (without the prefixhttp://storiesonline.net). Consequently on save, the link is striped of the post, by lack of">http://
I guess the reason is to make the link work on the secure alternate domain.
Then you have to alter the regexp to accept links starting with http:// ; https:// ; /
Another bug in the automatic link generator.
There are 2 bugs:
1 It remove preceding space making the link stick to the previous text.
2 It grabs trailing punctuation tested with comma) as part of the link.
Made some changes that I hope help. This URL parsing thing is tricky.
Still a few issues, but it's already much better.
If you put the php code somewhere like pastebin I can take a look.
Alternatively, take inspiration by the masters of the problem: wordpress.
You'll see the regex from hell to solve almost all the exceptions.
You can either adapt line 2146 to only allow http(s)? as a protocol prefix and rewrite the callback (rather evident) or follow the dependencies.
I would advise to take a look at the dependencies, as they promote security in a lots of place, by normalizing and limiting accepted data.
But you'll delve rapidly in their filter architecture, it's related to plug-in support and totally irrelevant for you.
Here are some dependencies:
note that KSES is a recursive acronym which stands for "KSES Strips Evil Scripts".
So those are of particular interest to you.
And that among other thing is why I told you that securing a forum is a huge task, and that I barely scratched the surface with my security tests. The number of attack vectors trough encoding, invalid unicode, entities is incredible.
You know, the simpler solution is to not try to make anything clickable 😈
Anyway, I've made some changes.
Oddly Firefox gives problem on url containing & they are transformed in html entities in the href, that was mandatory for html4/xhtml and officialy shouldn't but should be tolerated with html5.
Apparently with html5 and firefox they are passed as entities to the server which then may fail. Didn't test with other browser.
Obviously, note however that removing all link won't invalidate all attack vector ;)
Yeah, these things suck. Big time!
At least your server tolerate & to be replaced with & a m p ;
Not really, the  are striped of the url.
which doesn't work.
yes, those regexp sucks real big time.
Honestly, I don't care to support the URLs with square brackets.