From ccee93d9d1aa20ccc91f9277983d7fa2ee34f7f9 Mon Sep 17 00:00:00 2001
From: Patrick Brown <ptbrown@whoopdedo.org>
Date: Thu, 16 Jul 2015 02:50:41 -0400
Subject: Unit test for interwiki URL encoding bug

---
 inc/parser/renderer.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'inc/parser/renderer.php')

diff --git a/inc/parser/renderer.php b/inc/parser/renderer.php
index 35bdd0e3f..d5cc68367 100644
--- a/inc/parser/renderer.php
+++ b/inc/parser/renderer.php
@@ -806,7 +806,7 @@ class Doku_Renderer extends DokuWiki_Plugin {
             $url = $this->interwiki[$shortcut];
         } else {
             // Default to Google I'm feeling lucky
-            $url      = 'http://www.google.com/search?q={URL}&amp;btnI=lucky';
+            $url      = 'https://www.google.com/search?q={URL}&amp;btnI=lucky';
             $shortcut = 'go';
         }
 
-- 
cgit v1.2.3


From 17e17ae257649aef67c693d01e8992ece86eabd2 Mon Sep 17 00:00:00 2001
From: Patrick Brown <ptbrown@whoopdedo.org>
Date: Thu, 16 Jul 2015 12:35:56 -0400
Subject: Encode unsafe characters in interwiki links. closes #1220

---
 inc/parser/renderer.php | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

(limited to 'inc/parser/renderer.php')

diff --git a/inc/parser/renderer.php b/inc/parser/renderer.php
index d5cc68367..d7a3faef8 100644
--- a/inc/parser/renderer.php
+++ b/inc/parser/renderer.php
@@ -811,13 +811,21 @@ class Doku_Renderer extends DokuWiki_Plugin {
         }
 
         //split into hash and url part
-        @list($reference, $hash) = explode('#', $reference, 2);
+        $hash = strrchr($reference, '#');
+        if($hash) {
+            $reference = substr($reference, 0, -strlen($hash));
+            $hash = substr($hash, 1);
+        }
 
         //replace placeholder
         if(preg_match('#\{(URL|NAME|SCHEME|HOST|PORT|PATH|QUERY)\}#', $url)) {
             //use placeholders
             $url    = str_replace('{URL}', rawurlencode($reference), $url);
-            $url    = str_replace('{NAME}', $reference, $url);
+            //wiki names will be cleaned next, otherwise urlencode unsafe chars
+            $url    = str_replace('{NAME}', ($url{0} === ':') ? $reference :
+                                  preg_replace_callback('/[[\\\\\]^`{|}#%]/', function($match) {
+                                    return rawurlencode($match[0]);
+                                  }, $reference), $url);
             $parsed = parse_url($reference);
             if(!$parsed['port']) $parsed['port'] = 80;
             $url = str_replace('{SCHEME}', $parsed['scheme'], $url);
-- 
cgit v1.2.3