Bug 1114395: Markdown only accepts the http and https protocols

author Frédéric Buclin <LpSolit@gmail.com>

Wed, 7 Jan 2015 13:36:59 +0000 (14:36 +0100)

committer Frédéric Buclin <LpSolit@gmail.com>

Wed, 7 Jan 2015 13:36:59 +0000 (14:36 +0100)
author Frédéric Buclin <LpSolit@gmail.com>
Wed, 7 Jan 2015 13:36:59 +0000 (14:36 +0100)
committer Frédéric Buclin <LpSolit@gmail.com>
Wed, 7 Jan 2015 13:36:59 +0000 (14:36 +0100)
diff --git a/Bugzilla/Markdown.pm b/Bugzilla/Markdown.pm

index 353c2ff6aef74881b38d85532f33cb4a147f80a7..ed56080258de6dc5233335e382fb19cb0b1dd9df 100644 (file)
--- a/Bugzilla/Markdown.pm
+++ b/Bugzilla/Markdown.pm
@@ -230,8 +230,8 @@ sub _DoAnchors {
              $url =~ s@</a$@@;
          }
  
-        # Limit URL to HTTP/HTTPS links
-        $url = "http://$url" unless $url =~ m!^https?://!i;
+        my $safe_url_regexp = Bugzilla::Template::SAFE_URL_REGEXP();
+        $url = "http://$url" unless $url =~ /^$safe_url_regexp$/;
  
          $self->_GenerateAnchor($whole_match, $link_text, undef, $url, $title);
      }xsge;
author	Frédéric Buclin <LpSolit@gmail.com>
	Wed, 7 Jan 2015 13:36:59 +0000 (14:36 +0100)
committer	Frédéric Buclin <LpSolit@gmail.com>
	Wed, 7 Jan 2015 13:36:59 +0000 (14:36 +0100)