Browse Source
XSS vulnerabilities in textile links (#32934).
Patch by Holger Just. git-svn-id: http://svn.redmine.org/redmine/trunk@19672 e93f8b46-1217-0410-a6f0-8f06a7374b81tags/4.2.0
Jean-Philippe Lang
4 years ago
1 changed files with 9 additions and 1 deletions
+ 9
- 1
lib/redmine/wiki_formatting/textile/redcloth3.rb
View File
| url = url[0..-2] # discard closing parenth from url | url = url[0..-2] # discard closing parenth from url | ||||
| post = ")" + post # add closing parenth to post | post = ")" + post # add closing parenth to post | ||||
| end | end | ||||
| url = htmlesc(url.dup) | |||||
| next all if url.downcase.start_with?('javascript:') | |||||
| atts = pba(atts) | atts = pba(atts) | ||||
| atts = +" href=\"#{htmlesc url}#{slash}\"#{atts}" | |||||
| atts = +" href=\"#{url}#{slash}\"#{atts}" | |||||
| atts << " title=\"#{htmlesc title}\"" if title | atts << " title=\"#{htmlesc title}\"" if title | ||||
| atts = shelve(atts) if atts | atts = shelve(atts) if atts | ||||
| external = (url =~ /^https?:\/\//) ? ' class="external"' : '' | external = (url =~ /^https?:\/\//) ? ' class="external"' : '' | ||||
| url, url_title = check_refs( url ) | url, url_title = check_refs( url ) | ||||
| next m unless uri_with_safe_scheme?(url) | next m unless uri_with_safe_scheme?(url) | ||||
| if href | |||||
| href = htmlesc(href.dup) | |||||
| next m if href.downcase.start_with?('javascript:') | |||||
| end | |||||
| out = +'' | out = +'' | ||||
| out << "<a#{shelve(" href=\"#{href}\"")}>" if href | out << "<a#{shelve(" href=\"#{href}\"")}>" if href |
Loading…