Bug 1114395: Markdown only accepts the http and https protocols

r/a=glob
author: Frédéric Buclin <LpSolit@gmail.com> 2015-01-07 14:36:59 +0100
committer: Frédéric Buclin <LpSolit@gmail.com> 2015-01-07 14:36:59 +0100
commit: 4eb270e4ea780ca79027c8264db4e64ac56f2bba (patch)
tree: ce404fcf38e917b7a4d1c6adfb6651e6e1a32164 /Bugzilla/Markdown.pm
parent: 41a35f6dd3ac87d44dbdcc8418c57071cf6c5f37 (diff)
download: bugzilla-4eb270e4ea780ca79027c8264db4e64ac56f2bba.tar.gz
bugzilla-4eb270e4ea780ca79027c8264db4e64ac56f2bba.tar.xz
1 files changed, 2 insertions, 2 deletions
diff --git a/Bugzilla/Markdown.pm b/Bugzilla/Markdown.pm
index 353c2ff6a..ed5608025 100644
--- a/Bugzilla/Markdown.pm
+++ b/Bugzilla/Markdown.pm
@@ -230,8 +230,8 @@ sub _DoAnchors {
             $url =~ s@</a$@@;
         }
 
-        # Limit URL to HTTP/HTTPS links
-        $url = "http://$url" unless $url =~ m!^https?://!i;
+        my $safe_url_regexp = Bugzilla::Template::SAFE_URL_REGEXP();
+        $url = "http://$url" unless $url =~ /^$safe_url_regexp$/;
 
         $self->_GenerateAnchor($whole_match, $link_text, undef, $url, $title);
     }xsge;
author	Frédéric Buclin <LpSolit@gmail.com>	2015-01-07 14:36:59 +0100
committer	Frédéric Buclin <LpSolit@gmail.com>	2015-01-07 14:36:59 +0100
commit	4eb270e4ea780ca79027c8264db4e64ac56f2bba (patch)
tree	ce404fcf38e917b7a4d1c6adfb6651e6e1a32164 /Bugzilla/Markdown.pm
parent	41a35f6dd3ac87d44dbdcc8418c57071cf6c5f37 (diff)
download	bugzilla-4eb270e4ea780ca79027c8264db4e64ac56f2bba.tar.gz bugzilla-4eb270e4ea780ca79027c8264db4e64ac56f2bba.tar.xz