Drupal Association members fund grants that make connections all over the world.
Here's the patch from the security team to prevent DoS on filter_url().
From linclark (Discovered by):
"Today QA created a piece of content on our D7 site in order to test text-wrapping for extremely long words. In the body, he created a since word easily in the thousands of characters (I didn't count). After saving that, the admin/content page would no longer load as it would hit the PHP max execution time limit. I changed it to 60 seconds and it was still hitting that limit.
A developer then traced the bug to _filter_url:
After a little more investigation, the _filter_url() function is where all of the time is being used... Granted, it is invalid content but still a DoS vulnerability."
Please give commit credit to chx, jwineinger, and linclark. See http://stackoverflow.com/questions/386294/maximum-length-of-a-valid-emai... for some background. Private tracker #69603
FAILED: [[SimpleTest]]: [MySQL] 39,068 pass(es), 1 fail(s), and 0 exception(s). View
PASSED: [[SimpleTest]]: [MySQL] 39,063 pass(es). View
FAILED: [[SimpleTest]]: [MySQL] 36,316 pass(es), 1 fail(s), and 0 exception(s). View
PASSED: [[SimpleTest]]: [MySQL] 36,294 pass(es). View
FAILED: [[SimpleTest]]: [MySQL] 36,297 pass(es), 1 fail(s), and 0 exception(s). View