From: C. Scott Ananian Date: Wed, 23 Sep 2015 19:16:24 +0000 (-0400) Subject: Terminate free external link on   (and numeric versions of <>) X-Git-Tag: 1.31.0-rc.0~9883^2 X-Git-Url: https://git.cyclocoop.org/%7B%24www_url%7Dadmin/compta/exercices/bilan.php?a=commitdiff_plain;h=a05971dfc7fd;p=lhc%2Fweb%2Fwiklou.git Terminate free external link on   (and numeric versions of <>) Bug: T84937 Change-Id: Ic74d8d069e08c0597c7b26755e0d942bf3a510cc --- diff --git a/RELEASE-NOTES-1.26 b/RELEASE-NOTES-1.26 index d5b521e67f..aa32c9f6f0 100644 --- a/RELEASE-NOTES-1.26 +++ b/RELEASE-NOTES-1.26 @@ -203,6 +203,8 @@ changes to languages because of Phabricator reports. * DeferredUpdates::addHTMLCacheUpdate() was removed. * The default name of the 'suppress' group page has been changed from 'Project:Oversight' to 'Project:Suppress'. +* (T84937) Free external links ("autolinked" urls) will now be terminated + by   and HTML entity encodings of  , <, and >. == Compatibility == diff --git a/includes/parser/Parser.php b/includes/parser/Parser.php index 677da63bd7..288e4863d0 100644 --- a/includes/parser/Parser.php +++ b/includes/parser/Parser.php @@ -1474,8 +1474,9 @@ class Parser { # The characters '<' and '>' (which were escaped by # removeHTMLtags()) should not be included in # URLs, per RFC 2396. + # Make   terminate a URL as well (bug T84937) $m2 = array(); - if ( preg_match( '/&(lt|gt);/', $url, $m2, PREG_OFFSET_CAPTURE ) ) { + if ( preg_match( '/&(lt|gt|nbsp|#x0*(3[CcEe]|[Aa]0)|#0*(60|62|160));/', $url, $m2, PREG_OFFSET_CAPTURE ) ) { $trail = substr( $url, $m2[0][1] ) . $trail; $url = substr( $url, 0, $m2[0][1] ); } diff --git a/tests/parser/parserTests.txt b/tests/parser/parserTests.txt index c8c63f397b..4c6c9a5b31 100644 --- a/tests/parser/parserTests.txt +++ b/tests/parser/parserTests.txt @@ -4646,6 +4646,9 @@ http://example.com? http://example.com) http://example.com/url_with_(brackets) (http://example.com/url_without_brackets) +http://example.com/url_with_entity& +http://example.com/url_with_entity& +http://example.com/url_with_entity& http://example.com/url_with_entity  http://example.com/url_with_entity  http://example.com/url_with_entity  @@ -4663,12 +4666,15 @@ http://example.com/url_with_entity< http://example.com) http://example.com/url_with_(brackets) (http://example.com/url_without_brackets) -http://example.com/url_with_entity  -http://example.com/url_with_entity  -http://example.com/url_with_entity  +http://example.com/url_with_entity& +http://example.com/url_with_entity& +http://example.com/url_with_entity& +http://example.com/url_with_entity  +http://example.com/url_with_entity  +http://example.com/url_with_entity  http://example.com/url_with_entity< -http://example.com/url_with_entity%3C -http://example.com/url_with_entity%3C +http://example.com/url_with_entity< +http://example.com/url_with_entity<

!! html/parsoid

http://example.com,