Ticket #10914: 10914-3.diff
File 10914-3.diff, 2.0 KB (added by , 14 years ago) |
---|
-
wp-includes/formatting.php
2214 2214 } 2215 2215 2216 2216 if ( !is_array($protocols) ) 2217 $protocols = array ('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet');2217 $protocols = array ('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'svn'); 2218 2218 if ( wp_kses_bad_protocol( $url, $protocols ) != $url ) 2219 2219 return ''; 2220 2220 -
wp-includes/kses.php
480 480 * call this function. 481 481 * 482 482 * The default allowed protocols are 'http', 'https', 'ftp', 'mailto', 'news', 483 * 'irc', 'gopher', 'nntp', 'feed', and finally 'telnet. This covers all common484 * link protocols, except for 'javascript' which should not be allowed for485 * untrusted users.483 * 'irc', 'gopher', 'nntp', 'feed', 'telnet, 'mms', 'rtsp' and 'svn'. This 484 * covers all common link protocols, except for 'javascript' which should not 485 * be allowed for untrusted users. 486 486 * 487 487 * @since 1.0.0 488 488 * … … 491 491 * @param array $allowed_protocols Optional. Allowed protocol in links. 492 492 * @return string Filtered content with only allowed HTML elements 493 493 */ 494 function wp_kses($string, $allowed_html, $allowed_protocols = array ('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet')) { 494 function wp_kses($string, $allowed_html, $allowed_protocols = array ()) { 495 $allowed_protocols = wp_parse_args( $allowed_protocols, apply_filters('kses_allowed_protocols', array ('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'svn') )); 495 496 $string = wp_kses_no_null($string); 496 497 $string = wp_kses_js_entities($string); 497 498 $string = wp_kses_normalize_entities($string);