Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-06-21 04:15:01 +02:00
Code Issues Projects Releases Wiki Activity

Update allowed protocols. fixes #2726

Browse Source 
git-svn-id: http://svn.automattic.com/wordpress/trunk@4550 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2006-11-30 01:50:48 +00:00
parent 1668b671ff
commit 832953ade7
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
wp-admin/admin-functions.php
View File

@ -444,7 +444,7 @@ function edit_user( $user_id = 0 ) {
$user->user_email = wp_specialchars( trim( $_POST['email'] ));
if ( isset( $_POST['url'] ) ) {
$user->user_url = wp_specialchars( trim( $_POST['url'] ));
$user->user_url = preg_match( '/^(https?|ftps?|mailto|news|gopher):/is', $user->user_url ) ? $user->user_url : 'http://'.$user->user_url;
$user->user_url = preg_match('/^(https?|ftps?|mailto|news|irc|gopher|nntp|feed|telnet):/is', $user->user_url) ? $user->user_url : 'http://'.$user->user_url;
}
if ( isset( $_POST['first_name'] ))
$user->first_name = wp_specialchars( trim( $_POST['first_name'] ));
@ -558,7 +558,7 @@ function edit_link( $link_id = '' ) {
wp_die( __("Cheatin' uh ?" ));
$_POST['link_url'] = wp_specialchars( $_POST['link_url'] );
$_POST['link_url'] = preg_match( '/^(https?|ftps?|mailto|news|gopher):/is', $_POST['link_url'] ) ? $_POST['link_url'] : 'http://' . $_POST['link_url'];
$_POST['link_url'] = preg_match('/^(https?|ftps?|mailto|news|irc|gopher|nntp|feed|telnet):/is', $_POST['link_url']) ? $_POST['link_url'] : 'http://' . $_POST['link_url'];
$_POST['link_name'] = wp_specialchars( $_POST['link_name'] );
$_POST['link_image'] = wp_specialchars( $_POST['link_image'] );
$_POST['link_rss'] = wp_specialchars( $_POST['link_rss'] );

2
wp-includes/kses.php
View File

@ -39,7 +39,7 @@ if (!CUSTOM_TAGS) {
// 'ul' => array(),
);
}
function wp_kses($string, $allowed_html, $allowed_protocols = array ('http', 'https', 'ftp', 'news', 'nntp', 'telnet', 'feed', 'gopher', 'mailto'))
function wp_kses($string, $allowed_html, $allowed_protocols = array ('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet'))
###############################################################################
# This function makes sure that only the allowed HTML element names, attribute
# names and attribute values plus only sane HTML entities will occur in