bp_activity_create_summary wrongly extracted <iframe src="....htm"/> as <img src="....htm"/>

[webp]

After posting <iframe src="....htm"> in a post, an activity summary was created with an image with a broken link at the end. HTML source shows the image with broken link:

    <img src="....htm"/>

select content from wp_bp_activity where id=xyz ;

| .... <img src="...htm"/> |

Troubleshoot:

vi bp-activity/bp-activity-functions.php

function bp_activity_create_summary( $content, $activity ) {
    $media = $extractor->extract( $content, BP_Media_Extractor::ALL, $args );

vi bp-core/classes/class-bp-media-extractor.php

class BP_Media_Extractor {
    protected function extract_images( $richtext, $plaintext, $extra_args = array() ) {
        if ( stripos( $richtext, 'src=' ) !== false ) {
            preg_match_all( '#src=(["\'])([^"\']+)\1#i', $richtext, $img_srcs );  // matches src="text" and src='text'

Suggest the following change so <iframe src='*.htm'> will not get extracted into summary:

            preg_match_all( '#(?<!iframe) src=(["\'])([^"\']+)\1#i', $richtext, $img_srcs );  // matches src="text" and src='text', excluding iframe src=

OR:

            preg_match_all( '#img src=(["\'])([^"\']+)\1#i', $richtext, $img_srcs );  // matches img src="text" and img src='text'

Database fix (for MariaDB with REGEXP_REPLACE):

UPDATE wp_bp_activity SET content = REGEXP_REPLACE(content, ' <img src=(["\'])[^"\']+\\1\/>', '') WHERE content LIKE '%img src%';

Above fixes were tested for BuddyPress 2.3.2 and MariaDB 10.0.19

[johnjamesjacoby]

Hi there. Thanks for this report. I can confirm this is happening. It should only be a bug for admins on the site that have the unfiltered_html capability, which minimizes breakage at least a bit, but we should definitely fix this anyways.

[DJPaul]

Good catch. This is a bit tricky because some strings won't have the src property immediately after the opening img tag, so we need to think a bit more about this.