35441.patch

Yuichi HARADA, 2021-07-02 04:56

Download (1.28 KB)

View differences:

lib/redmine/helpers/url.rb
28 28
        return true unless uri.to_s.include? ":"
29 29

  
30 30
        # Other URLs need to be parsed
31
        schemes.include? URI.parse(uri).scheme
31
        schemes.include? URI.parse(uri.split('?').first).scheme
32 32
      rescue URI::Error
33 33
        false
34 34
      end
test/unit/lib/redmine/helpers/url_test.rb
27 27
    assert uri_with_safe_scheme?("https://example.com/")
28 28
    assert uri_with_safe_scheme?("ftp://example.com/index.html")
29 29
    assert uri_with_safe_scheme?("mailto:root@example.com")
30

  
31
    # Gravatar uri of admin@somenet.foo and parameters
32
    assert uri_with_safe_scheme?("https://www.gravatar.com/avatar/982b6086063a22d85509455d8e31cca2?s=32&d=identicon&r=PG")
33
    assert uri_with_safe_scheme?("https://www.gravatar.com/avatar/982b6086063a22d85509455d8e31cca2?s=32x%x%d=identiconx%x%r=PG")
30 34
  end
31 35

  
32 36
  def test_uri_with_safe_scheme_invalid_component