From f5ac84a516321271c9d1bbf0648f9d3b7da814d6 Mon Sep 17 00:00:00 2001
From: Go MAEDA <maeda@farend.jp>
Date: Wed, 28 Jul 2021 08:25:15 +0000
Subject: [PATCH] Inline image in Textile is not displayed if the image URL
 contains ampersands (#35441).

Contributed by Yuichi HARADA.


git-svn-id: http://svn.redmine.org/redmine/trunk@21101 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 lib/redmine/wiki_formatting/textile/redcloth3.rb | 2 +-
 test/helpers/application_helper_test.rb          | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/redmine/wiki_formatting/textile/redcloth3.rb b/lib/redmine/wiki_formatting/textile/redcloth3.rb
index 3c43a54d9..2816e1c90 100644
--- a/lib/redmine/wiki_formatting/textile/redcloth3.rb
+++ b/lib/redmine/wiki_formatting/textile/redcloth3.rb
@@ -961,7 +961,7 @@ class RedCloth3 < String
             href, alt_title = check_refs( href ) if href
             url, url_title = check_refs( url )
 
-            next m unless uri_with_safe_scheme?(url)
+            next m unless uri_with_safe_scheme?(url.partition('?').first)
             if href
               href = htmlesc(href.dup)
               next m if href.downcase.start_with?('javascript:')
diff --git a/test/helpers/application_helper_test.rb b/test/helpers/application_helper_test.rb
index 2a11575d6..f918f51d1 100644
--- a/test/helpers/application_helper_test.rb
+++ b/test/helpers/application_helper_test.rb
@@ -150,6 +150,8 @@ class ApplicationHelperTest < Redmine::HelperTest
       'with title !http://foo.bar/image.jpg(This is a double-quoted "title")!' =>
         'with title <img src="http://foo.bar/image.jpg" title="This is a double-quoted &quot;title&quot;" ' \
           'alt="This is a double-quoted &quot;title&quot;" />',
+      'with query string !http://foo.bar/image.cgi?a=1&b=2!' =>
+        'with query string <img src="http://foo.bar/image.cgi?a=1&#38;b=2" alt="" />'
     }
     to_test.each {|text, result| assert_equal "<p>#{result}</p>", textilizable(text)}
   end
-- 
2.39.5