From 5f6bc326a4dcfb353f4ac1b6ee6e50b84d11e080 Mon Sep 17 00:00:00 2001 From: ryan Date: Tue, 18 Mar 2008 01:53:36 +0000 Subject: [PATCH] =?UTF-8?q?Better=20protocol=20check=20from=20=C5=81ukasz?= =?UTF-8?q?=20Pilorz.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit git-svn-id: http://svn.automattic.com/wordpress/trunk@7370 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/kses.php | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/wp-includes/kses.php b/wp-includes/kses.php index 73690bc92b..ae37fc26c5 100644 --- a/wp-includes/kses.php +++ b/wp-includes/kses.php @@ -832,7 +832,14 @@ function wp_kses_html_error($string) { function wp_kses_bad_protocol_once($string, $allowed_protocols) { global $_kses_allowed_protocols; $_kses_allowed_protocols = $allowed_protocols; - return preg_replace_callback('/^((&[^;]*;|[\sA-Za-z0-9])*)'.'(:|:|&#[Xx]3[Aa];)\s*/', create_function('$matches', 'global $_kses_allowed_protocols; return wp_kses_bad_protocol_once2($matches[1], $_kses_allowed_protocols);'), $string); + + $string2 = preg_split('/:|:|:/i', $string, 2); + if ( isset($string2[1]) && !preg_match('%/\?%', $string2[0]) ) + $string = wp_kses_bad_protocol_once2($string2[0], $allowed_protocols) . trim($string2[1]); + else + $string = preg_replace_callback('/^((&[^;]*;|[\sA-Za-z0-9])*)'.'(:|:|&#[Xx]3[Aa];)\s*/', create_function('$matches', 'global $_kses_allowed_protocols; return wp_kses_bad_protocol_once2($matches[1], $_kses_allowed_protocols);'), $string); + + return $string; } /**