Fix #2,3,4,5,6,7,8,9,10,11

src/ai/openaiProvider.ts

@@ -1,6 +1,7 @@
 import { configuration } from '../system/vscode/configuration';
 import type { AIModel } from './aiProviderService';
 import { OpenAICompatibleProvider } from './openAICompatibleProvider';
+import * as urlLib from 'url';
 
 const provider = { id: 'openai', name: 'OpenAI' } as const;
 
@@ -183,7 +184,8 @@ export class OpenAIProvider extends OpenAICompatibleProvider<typeof provider.id>
 		url: string,
 		apiKey: string,
 	): Record<string, string> {
-		if (url.includes('.azure.com')) {
+		const parsedUrl = urlLib.parse(url);
+		if (this.isAllowedHost(parsedUrl.host)) {
 			return {
 				Accept: 'application/json',
 				'Content-Type': 'application/json',
@@ -193,4 +195,16 @@ export class OpenAIProvider extends OpenAICompatibleProvider<typeof provider.id>
 
 		return super.getHeaders(model, url, apiKey);
 	}
+
+	private isAllowedHost(host: string | null): boolean {
+		if (!host) return false;
+		const allowedHosts = [
+			'azure.com',
+			'*.azure.com'
+		];
+		return allowedHosts.some(allowedHost => {
+			const regex = new RegExp(`^${allowedHost.replace('*.', '.*\\.')}$`);
+			return regex.test(host);
+		});
+	}
 }

src/autolinks/autolinks.ts

@@ -372,7 +372,7 @@ export class Autolinks implements Disposable {
 										} else {
 											const issue = issueResult.value;
 											const issueTitle = escapeMarkdown(issue.title.trim());
-											const issueTitleQuoteEscaped = issueTitle.replace(/"/g, '\\"');
+											const issueTitleQuoteEscaped = issueTitle.replace(/(["\\])/g, '\\$1');
 
 											if (footnotes != null && !prs?.has(num)) {
 												footnoteIndex = footnotes.size + 1;

src/env/node/fetch.ts

@@ -49,12 +49,12 @@ export async function wrapForForcedInsecureSSL<T>(
 ): Promise<T> {
 	if (ignoreSSLErrors !== 'force') return fetchFn();
 
-	const previousRejectUnauthorized = process.env.NODE_TLS_REJECT_UNAUTHORIZED;
-	process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
+	const https = require('https');
+	const agent = new https.Agent();
 
 	try {
-		return await fetchFn();
+		return await fetchFn({ agent });
 	} finally {
-		process.env.NODE_TLS_REJECT_UNAUTHORIZED = previousRejectUnauthorized;
+		// No need to restore global state
 	}
 }

src/git/formatters/commitFormatter.ts

@@ -514,7 +514,7 @@ export class CommitFormatter extends Formatter<GitCommit, CommitFormatOptions> {
 					pullRequest: { id: pr.id, url: pr.url },
 				})} "Open Pull Request \\#${pr.id}${
 					Container.instance.actionRunners.count('openPullRequest') === 1 ? ` on ${pr.provider.name}` : '...'
-				}\n${GlyphChars.Dash.repeat(2)}\n${escapeMarkdown(pr.title).replace(/"/g, '\\"')}\n${
+				}\n${GlyphChars.Dash.repeat(2)}\n${escapeMarkdown(pr.title).replace(/\\/g, '\\\\').replace(/"/g, '\\"')}\n${
 					pr.state
 				}, ${pr.formatDateFromNow()}")`;
 			} else if (isPromise(pr)) {
@@ -783,12 +783,12 @@ export class CommitFormatter extends Formatter<GitCommit, CommitFormatOptions> {
 					pullRequest: { id: pr.id, url: pr.url },
 				})} "Open Pull Request \\#${pr.id}${
 					Container.instance.actionRunners.count('openPullRequest') === 1 ? ` on ${pr.provider.name}` : '...'
-				}\n${GlyphChars.Dash.repeat(2)}\n${escapeMarkdown(pr.title).replace(/"/g, '\\"')}\n${
+				}\n${GlyphChars.Dash.repeat(2)}\n${escapeMarkdown(pr.title).replace(/\\/g, '\\\\').replace(/"/g, '\\"')}\n${
 					pr.state
 				}, ${pr.formatDateFromNow()}")`;
 
 				if (this._options.footnotes != null) {
-					const prTitle = escapeMarkdown(pr.title).replace(/"/g, '\\"').trim();
+					const prTitle = escapeMarkdown(pr.title).replace(/\\/g, '\\\\').replace(/"/g, '\\"').trim();
 
 					const index = this._options.footnotes.size + 1;
 					this._options.footnotes.set(

src/git/remotes/bitbucket-server.ts

@@ -158,7 +158,7 @@ export class BitbucketServerRemote extends RemoteProvider {
 	}
 
 	protected override getUrlForComparison(base: string, compare: string, _notation: '..' | '...'): string {
-		return this.encodeUrl(`${this.baseUrl}/branches/compare/${base}%0D${compare}`).replace('%250D', '%0D');
+		return this.encodeUrl(`${this.baseUrl}/branches/compare/${base}%0D${compare}`).replace(/%250D/g, '%0D');
 	}
 
 	protected getUrlForFile(fileName: string, branch?: string, sha?: string, range?: Range): string {

src/git/remotes/bitbucket.ts

@@ -143,7 +143,7 @@ export class BitbucketRemote extends RemoteProvider {
 	}
 
 	protected override getUrlForComparison(base: string, compare: string, _notation: '..' | '...'): string {
-		return this.encodeUrl(`${this.baseUrl}/branches/compare/${base}%0D${compare}`).replace('%250D', '%0D');
+		return this.encodeUrl(`${this.baseUrl}/branches/compare/${base}%0D${compare}`).replace(/%250D/g, '%0D');
 	}
 
 	protected getUrlForFile(fileName: string, branch?: string, sha?: string, range?: Range): string {

src/system/commands.ts

@@ -10,8 +10,7 @@ export function createMarkdownCommandLink<T>(command: Commands, args: T): string
 	if (args == null) return `command:${command}`;
 
 	// Since we are using the command in a markdown link, we need to escape ()'s so they don't get interpreted as markdown
-	return `command:${command}?${encodeURIComponent(typeof args === 'string' ? args : JSON.stringify(args)).replace(
-		/([()])/g,
-		'\\$1',
-	)}`;
+	return `command:${command}?${encodeURIComponent(typeof args === 'string' ? args : JSON.stringify(args))
+		.replace(/\\/g, '\\\\')
+		.replace(/([()])/g, '\\$1')}`;
 }