WordPress.org

Make WordPress Core

Ticket #2726: allowed_protocols.diff

File allowed_protocols.diff, 2.1 KB (added by markjaquith, 9 years ago)

Sync allowed protocols

  • wp-includes/kses.php

     
    3939                //      'ul' => array(), 
    4040        ); 
    4141} 
    42 function wp_kses($string, $allowed_html, $allowed_protocols = array ('http', 'https', 'ftp', 'news', 'nntp', 'telnet', 'feed', 'gopher', 'mailto')) 
     42function wp_kses($string, $allowed_html, $allowed_protocols = array ('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet')) 
    4343        ############################################################################### 
    4444                # This function makes sure that only the allowed HTML element names, attribute 
    4545                # names and attribute values plus only sane HTML entities will occur in 
  • wp-admin/admin-functions.php

     
    449449                $user->user_email = wp_specialchars(trim($_POST['email'])); 
    450450        if (isset ($_POST['url'])) { 
    451451                $user->user_url = wp_specialchars(trim($_POST['url'])); 
    452                 $user->user_url = preg_match('/^(https?|ftps?|mailto|news|gopher):/is', $user->user_url) ? $user->user_url : 'http://'.$user->user_url; 
     452                $user->user_url = preg_match('/^(https?|ftps?|mailto|news|irc|gopher|nntp|feed|telnet):/is', $user->user_url) ? $user->user_url : 'http://'.$user->user_url; 
    453453        } 
    454454        if (isset ($_POST['first_name'])) 
    455455                $user->first_name = wp_specialchars(trim($_POST['first_name'])); 
     
    563563                wp_die(__("Cheatin' uh ?")); 
    564564 
    565565        $_POST['link_url'] = wp_specialchars($_POST['link_url']); 
    566         $_POST['link_url'] = preg_match('/^(https?|ftps?|mailto|news|gopher):/is', $_POST['link_url']) ? $_POST['link_url'] : 'http://' . $_POST['link_url']; 
     566        $_POST['link_url'] = preg_match('/^(https?|ftps?|mailto|news|irc|gopher|nntp|feed|telnet):/is', $_POST['link_url']) ? $_POST['link_url'] : 'http://' . $_POST['link_url']; 
    567567        $_POST['link_name'] = wp_specialchars($_POST['link_name']); 
    568568        $_POST['link_image'] = wp_specialchars($_POST['link_image']); 
    569569        $_POST['link_rss'] = wp_specialchars($_POST['link_rss']);