diff options
| author | Mnikolenko Productengine <mnikolenko@productengine.com> | 2016-08-23 13:01:19 +0300 |
|---|---|---|
| committer | Mnikolenko Productengine <mnikolenko@productengine.com> | 2016-08-23 13:01:19 +0300 |
| commit | 377683a8ed85a0f6dcf78ba0d3c78f2fd9fff5d7 (patch) | |
| tree | cf28091e214c94af17681c2f01c725b860cb35bc /indra/llui/llurlentry.cpp | |
| parent | f69e82b584eb69ef5cde751e2ad36f995b7bc9ea (diff) | |
MAINT-6648 FIXED [SECURITY] Link tags do not filter unicode and allow for easy URL spoofing.
Diffstat (limited to 'indra/llui/llurlentry.cpp')
| -rw-r--r-- | indra/llui/llurlentry.cpp | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/indra/llui/llurlentry.cpp b/indra/llui/llurlentry.cpp index 797fae81c4..27a2456deb 100644 --- a/indra/llui/llurlentry.cpp +++ b/indra/llui/llurlentry.cpp @@ -183,8 +183,9 @@ bool LLUrlEntryBase::isLinkDisabled() const bool LLUrlEntryBase::isWikiLinkCorrect(std::string url) { - std::string label = getLabelFromWikiLink(url); - return (LLUrlRegistry::instance().hasUrl(label)) ? false : true; + LLWString label = utf8str_to_wstring(getLabelFromWikiLink(url)); + label.erase(std::remove(label.begin(), label.end(), L'\u200B'), label.end()); + return (LLUrlRegistry::instance().hasUrl(wstring_to_utf8str(label))) ? false : true; } std::string LLUrlEntryBase::urlToLabelWithGreyQuery(const std::string &url) const |