[2.1]: html in signature can cause infinite loop #9070
Description
Basic Information
From the support forum: https://www.simplemachines.org/community/index.php?topic=593532.0
I suspect this only happens to some users on forums migrated from other platforms.
If the signature has html in it, the BBC parser can run off into a loop:
[04-Dec-2025 14:27:43 Europe/Paris] PHP Fatal error: Maximum execution time of 30 seconds exceeded in /home/xxxx/public_html/fr/Sources/Subs.php on line 3125
The only way to reproduce (other than converting from another platform) is via editing the signature field via phpmyadmin or adminer. So a legit concern can be raised whether this can be considered a valid bug or not...
But if nothing else, this serves to make the team aware of the potential for loops.
Steps to reproduce
- Edit the database directly (using phpmyadmin/adminer), & put one of the known bad html formats in the signature field (not using the UI)
- Disable BBC in signatures
- Navigate to any page with posts for that user
You will indeed loop, & get a timeout.
3.0 was not affected in my test, only 2.1. 3.0 honored the html...
But then again... Should 3.0 have honored the html in the signature??? When even BBC is disabled?
One example of a bad signature:
<a href="mailto:xyz@xyz.net">mailto:xyz@xyz.net</a>
Expected result
Possibly the html text...
Actual result
[04-Dec-2025 14:27:43 Europe/Paris] PHP Fatal error: Maximum execution time of 30 seconds exceeded in /home/xxxx/public_html/fr/Sources/Subs.php on line 3125
Version/Git revision
2.1.6
Database Engine
All
Database Version
8.4.4
PHP Version
8.4.5
Logs
Additional Information
No response