From 377683a8ed85a0f6dcf78ba0d3c78f2fd9fff5d7 Mon Sep 17 00:00:00 2001
From: Mnikolenko Productengine <mnikolenko@productengine.com>
Date: Tue, 23 Aug 2016 13:01:19 +0300
Subject: MAINT-6648 FIXED [SECURITY] Link tags do not filter unicode and allow
 for easy URL spoofing.

---
 indra/llui/llurlentry.cpp | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'indra/llui/llurlentry.cpp')

diff --git a/indra/llui/llurlentry.cpp b/indra/llui/llurlentry.cpp
index 797fae81c4..27a2456deb 100644
--- a/indra/llui/llurlentry.cpp
+++ b/indra/llui/llurlentry.cpp
@@ -183,8 +183,9 @@ bool LLUrlEntryBase::isLinkDisabled() const
 
 bool LLUrlEntryBase::isWikiLinkCorrect(std::string url)
 {
-	std::string label = getLabelFromWikiLink(url);
-	return (LLUrlRegistry::instance().hasUrl(label)) ? false : true;
+	LLWString label = utf8str_to_wstring(getLabelFromWikiLink(url));
+	label.erase(std::remove(label.begin(), label.end(), L'\u200B'), label.end());
+	return (LLUrlRegistry::instance().hasUrl(wstring_to_utf8str(label))) ? false : true;
 }
 
 std::string LLUrlEntryBase::urlToLabelWithGreyQuery(const std::string &url) const
-- 
cgit v1.2.3