Project

General

Profile

Download (1.28 KB)

Defect #35441 » 35441.patch

Yuichi HARADA, 2021-07-02 04:56

View differences:

lib/redmine/helpers/url.rb
28 28 
        return true unless uri.to_s.include? ":"
29 29 

  		




  30
  30
  
    
        # Other URLs need to be parsed

  		




  31
  
  
    
        schemes.include? URI.parse(uri).scheme

  		




  
  31
  
    
        schemes.include? URI.parse(uri.split('?').first).scheme

  		




  32
  32
  
    
      rescue URI::Error

  		




  33
  33
  
    
        false

  		




  34
  34
  
    
      end

  		












  

    
      test/unit/lib/redmine/helpers/url_test.rb
    
  





  27
  27
  
    
    assert uri_with_safe_scheme?("https://example.com/")

  		




  28
  28
  
    
    assert uri_with_safe_scheme?("ftp://example.com/index.html")

  		




  29
  29
  
    
    assert uri_with_safe_scheme?("mailto:root@example.com")

  		




  
  30
  
    

  		




  
  31
  
    
    # Gravatar uri of admin@somenet.foo and parameters

  		




  
  32
  
    
    assert uri_with_safe_scheme?("https://www.gravatar.com/avatar/982b6086063a22d85509455d8e31cca2?s=32&d=identicon&r=PG")

  		




  
  33
  
    
    assert uri_with_safe_scheme?("https://www.gravatar.com/avatar/982b6086063a22d85509455d8e31cca2?s=32x%x%d=identiconx%x%r=PG")

  		




  30
  34
  
    
  end

  		




  31
  35
  
    

  		




  32
  36
  
    
  def test_uri_with_safe_scheme_invalid_component

  		















  (2-2/3)