diff options
| author | Patrick Brown <ptbrown@whoopdedo.org> | 2015-07-16 12:35:56 -0400 |
|---|---|---|
| committer | Patrick Brown <ptbrown@whoopdedo.org> | 2015-07-16 12:35:56 -0400 |
| commit | 17e17ae257649aef67c693d01e8992ece86eabd2 (patch) | |
| tree | 8b5012cd488eefb7ca2c98f508b52ef2f429d5b6 /inc | |
| parent | ccee93d9d1aa20ccc91f9277983d7fa2ee34f7f9 (diff) | |
| download | rpg-17e17ae257649aef67c693d01e8992ece86eabd2.tar.gz rpg-17e17ae257649aef67c693d01e8992ece86eabd2.tar.bz2 | |
Encode unsafe characters in interwiki links. closes #1220
Diffstat (limited to 'inc')
| -rw-r--r-- | inc/parser/renderer.php | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/inc/parser/renderer.php b/inc/parser/renderer.php index d5cc68367..d7a3faef8 100644 --- a/inc/parser/renderer.php +++ b/inc/parser/renderer.php @@ -811,13 +811,21 @@ class Doku_Renderer extends DokuWiki_Plugin { } //split into hash and url part - @list($reference, $hash) = explode('#', $reference, 2); + $hash = strrchr($reference, '#'); + if($hash) { + $reference = substr($reference, 0, -strlen($hash)); + $hash = substr($hash, 1); + } //replace placeholder if(preg_match('#\{(URL|NAME|SCHEME|HOST|PORT|PATH|QUERY)\}#', $url)) { //use placeholders $url = str_replace('{URL}', rawurlencode($reference), $url); - $url = str_replace('{NAME}', $reference, $url); + //wiki names will be cleaned next, otherwise urlencode unsafe chars + $url = str_replace('{NAME}', ($url{0} === ':') ? $reference : + preg_replace_callback('/[[\\\\\]^`{|}#%]/', function($match) { + return rawurlencode($match[0]); + }, $reference), $url); $parsed = parse_url($reference); if(!$parsed['port']) $parsed['port'] = 80; $url = str_replace('{SCHEME}', $parsed['scheme'], $url); |