White list protocols allowed for Textile links (#32934).

git-svn-id: http://svn.redmine.org/redmine/trunk@19489 e93f8b46-1217-0410-a6f0-8f06a7374b81
2025-12-16 05:20:28 +01:00 · 2020-02-02 10:19:16 +00:00
parent 0cd14b3a4b
commit e9d5b0b8dc
1 changed files with 2 additions and 2 deletions
--- a/lib/redmine/wiki_formatting/textile/redcloth3.rb
+++ b/lib/redmine/wiki_formatting/textile/redcloth3.rb
@@ -350,7 +350,7 @@ class RedCloth3 < String
    PUNCT = Regexp::quote( '!"#$%&\'*+,-./:;=?@\\^_`|~' )
    PUNCT_NOQ = Regexp::quote( '!"#$&\',./:;=?@\\`|' )
    PUNCT_Q = Regexp::quote( '*-_+^~%' )
-    HYPERLINK = '(\S+?)([^\w\s/;=\?]*?)(?=\s|<|$)'
+    HYPERLINK = '(?=\/|https?:\/\/|s?ftps?:\/\/|www\.|mailto:)(\S+?)([^\w\s/;=\?]*?)(?=\s|<|$)'

    # Text markup tags, don't conflict with block tags
    SIMPLE_HTML_TAGS = [
@@ -815,7 +815,7 @@ class RedCloth3 < String
            (?:\(([^)]+?)\)(?="))?     # $title
            ":
            (                          # $url
-            (\/|[a-zA-Z]+:\/\/|www\.|mailto:)  # $proto
+            (\/|https?:\/\/|s?ftps?:\/\/|www\.|mailto:)  # $proto
            [[:alnum:]_\/]\S+?
            )
            (\/)?                      # $slash