White list protocols allowed for Textile links (#32934).

author Jean-Philippe Lang <jp_lang@yahoo.fr>

Sun, 2 Feb 2020 10:19:16 +0000 (10:19 +0000)

committer Jean-Philippe Lang <jp_lang@yahoo.fr>

Sun, 2 Feb 2020 10:19:16 +0000 (10:19 +0000)
author Jean-Philippe Lang <jp_lang@yahoo.fr>
Sun, 2 Feb 2020 10:19:16 +0000 (10:19 +0000)
committer Jean-Philippe Lang <jp_lang@yahoo.fr>
Sun, 2 Feb 2020 10:19:16 +0000 (10:19 +0000)
diff --git a/lib/redmine/wiki_formatting/textile/redcloth3.rb b/lib/redmine/wiki_formatting/textile/redcloth3.rb

index d33aede8d247f39dee14b2b299318c3cd9b09ce6..80e0a362655d21746e43a1207c839a73fb02b26a 100644 (file)
--- a/lib/redmine/wiki_formatting/textile/redcloth3.rb
+++ b/lib/redmine/wiki_formatting/textile/redcloth3.rb
@@ -350,7 +350,7 @@ class RedCloth3 < String
      PUNCT = Regexp::quote( '!"#$%&\'*+,-./:;=?@\\^_`|~' )
      PUNCT_NOQ = Regexp::quote( '!"#$&\',./:;=?@\\`|' )
      PUNCT_Q = Regexp::quote( '*-_+^~%' )
-    HYPERLINK = '(\S+?)([^\w\s/;=\?]*?)(?=\s|<|$)'
+    HYPERLINK = '(?=\/|https?:\/\/|s?ftps?:\/\/|www\.|mailto:)(\S+?)([^\w\s/;=\?]*?)(?=\s|<|$)'
  
      # Text markup tags, don't conflict with block tags
      SIMPLE_HTML_TAGS = [
@@ -815,7 +815,7 @@ class RedCloth3 < String
              (?:\(([^)]+?)\)(?="))?     # $title
              ":
              (                          # $url
-            (\/|[a-zA-Z]+:\/\/|www\.|mailto:)  # $proto
+            (\/|https?:\/\/|s?ftps?:\/\/|www\.|mailto:)  # $proto
              [[:alnum:]_\/]\S+?
              )
              (\/)?                      # $slash
author	Jean-Philippe Lang <jp_lang@yahoo.fr>
	Sun, 2 Feb 2020 10:19:16 +0000 (10:19 +0000)
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>
	Sun, 2 Feb 2020 10:19:16 +0000 (10:19 +0000)