WordPress.org

Make WordPress Core

Ticket #2726: allowed_protocols.diff

File allowed_protocols.diff, 2.1 KB (added by markjaquith, 12 years ago)

Sync allowed protocols

  • wp-includes/kses.php

     
    3939                //      'ul' => array(),
    4040        );
    4141}
    42 function wp_kses($string, $allowed_html, $allowed_protocols = array ('http', 'https', 'ftp', 'news', 'nntp', 'telnet', 'feed', 'gopher', 'mailto'))
     42function wp_kses($string, $allowed_html, $allowed_protocols = array ('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet'))
    4343        ###############################################################################
    4444                # This function makes sure that only the allowed HTML element names, attribute
    4545                # names and attribute values plus only sane HTML entities will occur in
  • wp-admin/admin-functions.php

     
    449449                $user->user_email = wp_specialchars(trim($_POST['email']));
    450450        if (isset ($_POST['url'])) {
    451451                $user->user_url = wp_specialchars(trim($_POST['url']));
    452                 $user->user_url = preg_match('/^(https?|ftps?|mailto|news|gopher):/is', $user->user_url) ? $user->user_url : 'http://'.$user->user_url;
     452                $user->user_url = preg_match('/^(https?|ftps?|mailto|news|irc|gopher|nntp|feed|telnet):/is', $user->user_url) ? $user->user_url : 'http://'.$user->user_url;
    453453        }
    454454        if (isset ($_POST['first_name']))
    455455                $user->first_name = wp_specialchars(trim($_POST['first_name']));
     
    563563                wp_die(__("Cheatin' uh ?"));
    564564
    565565        $_POST['link_url'] = wp_specialchars($_POST['link_url']);
    566         $_POST['link_url'] = preg_match('/^(https?|ftps?|mailto|news|gopher):/is', $_POST['link_url']) ? $_POST['link_url'] : 'http://' . $_POST['link_url'];
     566        $_POST['link_url'] = preg_match('/^(https?|ftps?|mailto|news|irc|gopher|nntp|feed|telnet):/is', $_POST['link_url']) ? $_POST['link_url'] : 'http://' . $_POST['link_url'];
    567567        $_POST['link_name'] = wp_specialchars($_POST['link_name']);
    568568        $_POST['link_image'] = wp_specialchars($_POST['link_image']);
    569569        $_POST['link_rss'] = wp_specialchars($_POST['link_rss']);