Inline image in Textile is not displayed if the image URL contains ampersands (#35441).

Contributed by Yuichi HARADA.


git-svn-id: http://svn.redmine.org/redmine/trunk@21101 e93f8b46-1217-0410-a6f0-8f06a7374b81

lib/redmine/wiki_formatting/textile/redcloth3.rb

@@ -961,7 +961,7 @@ class RedCloth3 < String
             href, alt_title = check_refs( href ) if href
             url, url_title = check_refs( url )
 
-            next m unless uri_with_safe_scheme?(url)
+            next m unless uri_with_safe_scheme?(url.partition('?').first)
             if href
               href = htmlesc(href.dup)
               next m if href.downcase.start_with?('javascript:')

test/helpers/application_helper_test.rb

@@ -150,6 +150,8 @@ class ApplicationHelperTest < Redmine::HelperTest
       'with title !http://foo.bar/image.jpg(This is a double-quoted "title")!' =>
         'with title <img src="http://foo.bar/image.jpg" title="This is a double-quoted &quot;title&quot;" ' \
           'alt="This is a double-quoted &quot;title&quot;" />',
+      'with query string !http://foo.bar/image.cgi?a=1&b=2!' =>
+        'with query string <img src="http://foo.bar/image.cgi?a=1&#38;b=2" alt="" />'
     }
     to_test.each {|text, result| assert_equal "<p>#{result}</p>", textilizable(text)}
   end