From 191ed63b0450e178c11532f711e6d274201d2662 Mon Sep 17 00:00:00 2001
From: Karthik Kasturi <karthikkasturi97@gmail.com>
Date: Wed, 10 Sep 2025 16:02:06 +0100
Subject: [PATCH] fix regex check for short url in response

---
 CHANGELOG.md          | 1 +
 js/privatebin.js      | 2 +-
 lib/Configuration.php | 2 +-
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index cee04504..88e2d05d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,7 @@
 * FIXED: Allow copying the shortened link after using a URL shortener (#1624)
 * ADDED: Auto shorten URLs with config option `shortenbydefault` (#1627)
 * ADDED: Added `shortenviashlink` endpoint with an `shlink` configuration section 
+* FIXED: Check for quotes and conical braces when extracting short url (#1644)
 
 ## 2.0.0 (2025-07-28)
 * ADDED: Error logging in database and filesystem backend (#1554)
diff --git a/js/privatebin.js b/js/privatebin.js
index 2ee9ad7e..41f8f7f9 100644
--- a/js/privatebin.js
+++ b/js/privatebin.js
@@ -2151,7 +2151,7 @@ jQuery.PrivateBin = (function($) {
                 response = JSON.stringify(response);
             }
             if (typeof response === 'string' && response.length > 0) {
-                const shortUrlMatcher = /https?:\/\/[^\s"<]+/g; // JSON API will have URL in quotes, XML in tags
+                const shortUrlMatcher = /(?<=[>"])https?:\/\/[^\s"<]+(?=[<"])/g; // JSON API will have URL in quotes, XML in tags
                 const shortUrl = (response.match(shortUrlMatcher) || []).filter(function(urlRegExMatch) {
                     if (typeof URL.canParse === 'function') {
                         return URL.canParse(urlRegExMatch);
diff --git a/lib/Configuration.php b/lib/Configuration.php
index b139903e..77e29f26 100644
--- a/lib/Configuration.php
+++ b/lib/Configuration.php
@@ -121,7 +121,7 @@ class Configuration
             'js/kjua-0.10.0.js'      => 'sha512-BYj4xggowR7QD150VLSTRlzH62YPfhpIM+b/1EUEr7RQpdWAGKulxWnOvjFx1FUlba4m6ihpNYuQab51H6XlYg==',
             'js/legacy.js'           => 'sha512-08+subq1Lo+r+la5ENqeXiMgNJcVaaTtBIFGkrjziSpvtgCId3Jtin4/OkSdHYSoeztwwIab8uvCzPKHta6puQ==',
             'js/prettify.js'         => 'sha512-puO0Ogy++IoA2Pb9IjSxV1n4+kQkKXYAEUtVzfZpQepyDPyXk8hokiYDS7ybMogYlyyEIwMLpZqVhCkARQWLMg==',
-            'js/privatebin.js'       => 'sha512-Cor4acli/veLhX81YVTGQNkQ+poXsz0gRQUmLeJ6WebIXUlUi7ZQZ6lk1oIYesnBG3cV/stVT07cdVsByXoaJA==',
+            'js/privatebin.js'       => 'sha512-L4auMI55jumH2yMuIgMEvGnAMM2U1bEmsQr70Oad43s2n+NhnJFZ1gpJXBBoov4Max1VKNVqZknVRMKy6E1M4w==',
             'js/purify-3.2.6.js'     => 'sha512-zqwL4OoBLFx89QPewkz4Lz5CSA2ktU+f31fuECkF0iK3Id5qd3Zpq5dMby8KwHjIEpsUgOqwF58cnmcaNem0EA==',
             'js/showdown-2.1.0.js'   => 'sha512-WYXZgkTR0u/Y9SVIA4nTTOih0kXMEd8RRV6MLFdL6YU8ymhR528NLlYQt1nlJQbYz4EW+ZsS0fx1awhiQJme1Q==',
             'js/zlib-1.3.1-1.js'     => 'sha512-5bU9IIP4PgBrOKLZvGWJD4kgfQrkTz8Z3Iqeu058mbQzW3mCumOU6M3UVbVZU9rrVoVwaW4cZK8U8h5xjF88eQ==',