From e1583123b4894354679e2a35d819dba2202c3494 Mon Sep 17 00:00:00 2001
From: Hypolite Petovan <hypolite@mrpetovan.com>
Date: Fri, 13 Dec 2019 12:40:10 -0500
Subject: [PATCH] Escape potential URL-containing BBCodes before running
 autolinker

---
 src/Content/Text/BBCode.php | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/src/Content/Text/BBCode.php b/src/Content/Text/BBCode.php
index fcce795810..6d4c3418d0 100644
--- a/src/Content/Text/BBCode.php
+++ b/src/Content/Text/BBCode.php
@@ -1507,8 +1507,29 @@ class BBCode extends BaseObject
 		$text = str_replace('[hr]', '<hr />', $text);
 
 		if (!$for_plaintext) {
+			$escaped = [];
+
+			// Escaping BBCodes susceptible to contain rogue URL we don'' want the autolinker to catch
+			$text = preg_replace_callback('#\[(url|img|audio|video|youtube|vimeo|share|attachment|iframe|bookmark).+?\[/\1\]#ism',
+				function ($matches) use (&$escaped) {
+					$return = '{escaped-' . count($escaped) . '}';
+					$escaped[] = $matches[0];
+
+					return $return;
+				},
+				$text
+			);
+
 			// Autolinker for isolated URLs
 			$text = preg_replace(Strings::autoLinkRegEx(), '[url]$1[/url]', $text);
+
+			// Restoring escaped blocks
+			$text = preg_replace_callback('/{escaped-([0-9]+)}/iU',
+				function ($matches) use ($escaped) {
+					return $escaped[intval($matches[1])] ?? $matches[0];
+				},
+				$text
+			);
 		}
 
 		// This is actually executed in Item::prepareBody()