Terminate free external link on &nbsp; (and numeric versions of <>)

Bug: T84937
Change-Id: Ic74d8d069e08c0597c7b26755e0d942bf3a510cc

RELEASE-NOTES-1.26

@@ -203,6 +203,8 @@ changes to languages because of Phabricator reports.
 * DeferredUpdates::addHTMLCacheUpdate() was removed.
 * The default name of the 'suppress' group page has been changed from
   'Project:Oversight' to 'Project:Suppress'.
+* (T84937) Free external links ("autolinked" urls) will now be terminated
+  by &nbsp; and HTML entity encodings of &nbsp, <, and >.
 
 == Compatibility ==
 

includes/parser/Parser.php

@@ -1474,8 +1474,9 @@ class Parser {
 		# The characters '<' and '>' (which were escaped by
 		# removeHTMLtags()) should not be included in
 		# URLs, per RFC 2396.
+		# Make &nbsp; terminate a URL as well (bug T84937)
 		$m2 = array();
-		if ( preg_match( '/&(lt|gt);/', $url, $m2, PREG_OFFSET_CAPTURE ) ) {
+		if ( preg_match( '/&(lt|gt|nbsp|#x0*(3[CcEe]|[Aa]0)|#0*(60|62|160));/', $url, $m2, PREG_OFFSET_CAPTURE ) ) {
 			$trail = substr( $url, $m2[0][1] ) . $trail;
 			$url = substr( $url, 0, $m2[0][1] );
 		}

tests/parser/parserTests.txt

@@ -4646,6 +4646,9 @@ http://example.com?
 http://example.com)
 http://example.com/url_with_(brackets)
 (http://example.com/url_without_brackets)
+http://example.com/url_with_entity&
+http://example.com/url_with_entity&
+http://example.com/url_with_entity&
 http://example.com/url_with_entity 
 http://example.com/url_with_entity 
 http://example.com/url_with_entity 
@@ -4663,12 +4666,15 @@ http://example.com/url_with_entity<
 <a rel="nofollow" class="external free" href="http://example.com">http://example.com</a>)
 <a rel="nofollow" class="external free" href="http://example.com/url_with_(brackets)">http://example.com/url_with_(brackets)</a>
 (<a rel="nofollow" class="external free" href="http://example.com/url_without_brackets">http://example.com/url_without_brackets</a>)
-<a rel="nofollow" class="external free" href="http://example.com/url_with_entity ">http://example.com/url_with_entity </a>
-<a rel="nofollow" class="external free" href="http://example.com/url_with_entity ">http://example.com/url_with_entity </a>
-<a rel="nofollow" class="external free" href="http://example.com/url_with_entity ">http://example.com/url_with_entity </a>
+<a rel="nofollow" class="external free" href="http://example.com/url_with_entity&amp;">http://example.com/url_with_entity&amp;</a>
+<a rel="nofollow" class="external free" href="http://example.com/url_with_entity&amp;">http://example.com/url_with_entity&amp;</a>
+<a rel="nofollow" class="external free" href="http://example.com/url_with_entity&amp;">http://example.com/url_with_entity&amp;</a>
+<a rel="nofollow" class="external free" href="http://example.com/url_with_entity">http://example.com/url_with_entity</a>&#160;
+<a rel="nofollow" class="external free" href="http://example.com/url_with_entity">http://example.com/url_with_entity</a>&#xa0;
+<a rel="nofollow" class="external free" href="http://example.com/url_with_entity">http://example.com/url_with_entity</a>&#160;
 <a rel="nofollow" class="external free" href="http://example.com/url_with_entity">http://example.com/url_with_entity</a>&lt;
-<a rel="nofollow" class="external free" href="http://example.com/url_with_entity%3C">http://example.com/url_with_entity%3C</a>
-<a rel="nofollow" class="external free" href="http://example.com/url_with_entity%3C">http://example.com/url_with_entity%3C</a>
+<a rel="nofollow" class="external free" href="http://example.com/url_with_entity">http://example.com/url_with_entity</a>&#x3c;
+<a rel="nofollow" class="external free" href="http://example.com/url_with_entity">http://example.com/url_with_entity</a>&#60;
 </p>
 !! html/parsoid
 <p><a rel="mw:ExtLink" href="http://example.com">http://example.com</a>,