diff options
| author | Frédéric Buclin <LpSolit@gmail.com> | 2015-01-07 14:36:59 +0100 |
|---|---|---|
| committer | Frédéric Buclin <LpSolit@gmail.com> | 2015-01-07 14:36:59 +0100 |
| commit | 4eb270e4ea780ca79027c8264db4e64ac56f2bba (patch) | |
| tree | ce404fcf38e917b7a4d1c6adfb6651e6e1a32164 /Bugzilla | |
| parent | 41a35f6dd3ac87d44dbdcc8418c57071cf6c5f37 (diff) | |
| download | bugzilla-4eb270e4ea780ca79027c8264db4e64ac56f2bba.tar.gz bugzilla-4eb270e4ea780ca79027c8264db4e64ac56f2bba.tar.xz | |
Bug 1114395: Markdown only accepts the http and https protocols
r/a=glob
Diffstat (limited to 'Bugzilla')
| -rw-r--r-- | Bugzilla/Markdown.pm | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/Bugzilla/Markdown.pm b/Bugzilla/Markdown.pm index 353c2ff6a..ed5608025 100644 --- a/Bugzilla/Markdown.pm +++ b/Bugzilla/Markdown.pm @@ -230,8 +230,8 @@ sub _DoAnchors { $url =~ s@</a$@@; } - # Limit URL to HTTP/HTTPS links - $url = "http://$url" unless $url =~ m!^https?://!i; + my $safe_url_regexp = Bugzilla::Template::SAFE_URL_REGEXP(); + $url = "http://$url" unless $url =~ /^$safe_url_regexp$/; $self->_GenerateAnchor($whole_match, $link_text, undef, $url, $title); }xsge; |