return unless defined $url;
return if length($url) > 256;
$url = trim($url);
- return if $url =~ /\s/;
+ # ignore urls that contain unescaped characters outside of the range mentioned in RFC 3986 section 2
+ return if $url =~ m<[^A-Za-z0-9._~:/?#\[\]@!\$&'()*+,;=`.%-]>;
foreach my $key (keys %autodetect_attach_urls) {
if ($url =~ $autodetect_attach_urls{$key}->{regex}) {
# Creating an attachment whose contents is a URL matching one of these regexes
# will result in the user being redirected to that URL when viewing the
# attachment.
+
+my $mozreview_url_re = qr{
+ # begins with mozreview hostname
+ ^
+ https?://reviewboard(?:-dev)?\.(?:allizom|mozilla)\.org
+
+ # followed by a review path
+ /r/\d+
+
+ # ends with optional suffix
+ (?: /
+ | /diff/\#index_header
+ )?
+ $
+}ix;
+
our %autodetect_attach_urls = (
github_pr => {
title => 'GitHub Pull Request',
},
reviewboard => {
title => 'MozReview',
- regex => qr#^https?://reviewboard(?:-dev)?\.(?:allizom|mozilla)\.org/r/\d+/?#i,
+ regex => $mozreview_url_re,
content_type => 'text/x-review-board-request',
can_review => 1,
},
projects / thirdparty / bugzilla.git / commitdiff
