Inline image in Textile is not displayed if the image URL contains ampersands (#35441).

Contributed by Yuichi HARADA.

git-svn-id: http://svn.redmine.org/redmine/trunk@21101 e93f8b46-1217-0410-a6f0-8f06a7374b81

diff --git a/lib/redmine/wiki_formatting/textile/redcloth3.rb b/lib/redmine/wiki_formatting/textile/redcloth3.rb
index 3c43a54d924c282e9cca75729bb0952c28997686..2816e1c90d9942742f91a988e6cdd8e4a5f8255b 100644 (file)
--- a/lib/redmine/wiki_formatting/textile/redcloth3.rb
+++ b/lib/redmine/wiki_formatting/textile/redcloth3.rb
@@ -961,7 +961,7 @@ class RedCloth3 < String
             href, alt_title = check_refs( href ) if href
             url, url_title = check_refs( url )
 
-            next m unless uri_with_safe_scheme?(url)
+            next m unless uri_with_safe_scheme?(url.partition('?').first)
             if href
               href = htmlesc(href.dup)
               next m if href.downcase.start_with?('javascript:')

diff --git a/test/helpers/application_helper_test.rb b/test/helpers/application_helper_test.rb
index 2a11575d6649f11df809911791f29d59dba0ab74..f918f51d144c2361ce475c246e7d92b7016976dc 100644 (file)
--- a/test/helpers/application_helper_test.rb
+++ b/test/helpers/application_helper_test.rb
@@ -150,6 +150,8 @@ class ApplicationHelperTest < Redmine::HelperTest
       'with title !http://foo.bar/image.jpg(This is a double-quoted "title")!' =>
         'with title <img src="http://foo.bar/image.jpg" title="This is a double-quoted &quot;title&quot;" ' \
           'alt="This is a double-quoted &quot;title&quot;" />',
+      'with query string !http://foo.bar/image.cgi?a=1&b=2!' =>
+        'with query string <img src="http://foo.bar/image.cgi?a=1&#38;b=2" alt="" />'
     }
     to_test.each {|text, result| assert_equal "<p>#{result}</p>", textilizable(text)}
   end