Here's the patch from the security team to prevent DoS on filter_url().
From linclark (Discovered by):
"Today QA created a piece of content on our D7 site in order to test text-wrapping for extremely long words. In the body, he created a since word easily in the thousands of characters (I didn't count). After saving that, the admin/content page would no longer load as it would hit the PHP max execution time limit. I changed it to 60 seconds and it was still hitting that limit.
A developer then traced the bug to _filter_url:
After a little more investigation, the _filter_url() function is where all of the time is being used... Granted, it is invalid content but still a DoS vulnerability."
Please give commit credit to chx, jwineinger, and linclark. See http://stackoverflow.com/questions/386294/maximum-length-of-a-valid-emai... for some background. Private tracker #69603
|69603-7-D7-do-not-test.patch||515 bytes||Ignored: Check issue status.||None||None|