Ticket #2726: allowed_protocols.diff
| File allowed_protocols.diff, 2.1 KB (added by markjaquith, 7 years ago) |
|---|
-
wp-includes/kses.php
39 39 // 'ul' => array(), 40 40 ); 41 41 } 42 function wp_kses($string, $allowed_html, $allowed_protocols = array ('http', 'https', 'ftp', ' news', 'nntp', 'telnet', 'feed', 'gopher', 'mailto'))42 function wp_kses($string, $allowed_html, $allowed_protocols = array ('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet')) 43 43 ############################################################################### 44 44 # This function makes sure that only the allowed HTML element names, attribute 45 45 # names and attribute values plus only sane HTML entities will occur in -
wp-admin/admin-functions.php
449 449 $user->user_email = wp_specialchars(trim($_POST['email'])); 450 450 if (isset ($_POST['url'])) { 451 451 $user->user_url = wp_specialchars(trim($_POST['url'])); 452 $user->user_url = preg_match('/^(https?|ftps?|mailto|news| gopher):/is', $user->user_url) ? $user->user_url : 'http://'.$user->user_url;452 $user->user_url = preg_match('/^(https?|ftps?|mailto|news|irc|gopher|nntp|feed|telnet):/is', $user->user_url) ? $user->user_url : 'http://'.$user->user_url; 453 453 } 454 454 if (isset ($_POST['first_name'])) 455 455 $user->first_name = wp_specialchars(trim($_POST['first_name'])); … … 563 563 wp_die(__("Cheatin' uh ?")); 564 564 565 565 $_POST['link_url'] = wp_specialchars($_POST['link_url']); 566 $_POST['link_url'] = preg_match('/^(https?|ftps?|mailto|news| gopher):/is', $_POST['link_url']) ? $_POST['link_url'] : 'http://' . $_POST['link_url'];566 $_POST['link_url'] = preg_match('/^(https?|ftps?|mailto|news|irc|gopher|nntp|feed|telnet):/is', $_POST['link_url']) ? $_POST['link_url'] : 'http://' . $_POST['link_url']; 567 567 $_POST['link_name'] = wp_specialchars($_POST['link_name']); 568 568 $_POST['link_image'] = wp_specialchars($_POST['link_image']); 569 569 $_POST['link_rss'] = wp_specialchars($_POST['link_rss']);
