UriEscape(): better use white listing than black listing

mostly from GunnarH, mentioned on WikiBugs/NonEnglishRSS
2016-10-25 20:08:45 +02:00
parent 32a13c5e8b
commit a5eb14d28e
1 changed files with 1 additions and 1 deletions
--- a/wiki.pl
+++ b/wiki.pl
@@ -1853,7 +1853,7 @@ sub EvalLocalRules {
 
 sub UriEscape {
  my ($uri) = @_;
-  $uri =~ s/([\x00-\x1f\x7f-\xff])/sprintf("%%%02X", ord($1))/ge;
+  $uri =~ s/([^\w\-.!~*'()\&])/sprintf("%%%02X", ord($1))/ge;
  $uri =~ s/\&/\&amp;/g;
  return $uri;
 }