Disallow '<' and '>' in free external URIs; this is consistent

with RFC 2396 and fixes a parser test case. Remove the
INVERSE_EXT_LINK_URL_CLASS constant, which has never been used.

diff --git a/includes/Parser.php b/includes/Parser.php
index 7cb0ad1..8e3e8a4 100644 (file)
--- a/includes/Parser.php
+++ b/includes/Parser.php
@@ -37,8 +37,7 @@ define( 'UNIQ_PREFIX', 'NaodW29');
 define( 'URL_PROTOCOLS', 'http|https|ftp|irc|gopher|news|mailto' );
 define( 'HTTP_PROTOCOLS', 'http|https' );
 # Everything except bracket, space, or control characters
-define( 'EXT_LINK_URL_CLASS', '[^]\\x00-\\x20\\x7F]' );
-define( 'INVERSE_EXT_LINK_URL_CLASS', '[\]\\x00-\\x20\\x7F]' );
+define( 'EXT_LINK_URL_CLASS', '[^]<>\\x00-\\x20\\x7F]' );
 # Including space
 define( 'EXT_LINK_TEXT_CLASS', '[^\]\\x00-\\x1F\\x7F]' );
 define( 'EXT_IMAGE_FNAME_CLASS', '[A-Za-z0-9_.,~%\\-+&;#*?!=()@\\x80-\\xFF]' );