Ticket #3299: 3299-clean_url.patch
File 3299-clean_url.patch, 1.1 KB (added by , 17 years ago) |
---|
-
wp-includes/formatting.php
1076 1076 } 1077 1077 1078 1078 function clean_url( $url, $protocols = null ) { 1079 /* It's not at all well defined what this fuction is really 1080 * meant to achieve. I presume it doesn't just check if a 1081 * URL is well formed but also that undesirable content 1082 * is removed. 1083 */ 1079 1084 if ('' == $url) return $url; 1080 $url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:% ]|i', '', $url);1085 $url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@]|i', '', $url); 1081 1086 $strip = array('%0d', '%0a'); 1082 1087 $url = str_replace($strip, '', $url); 1083 1088 $url = str_replace(';//', '://', $url); 1084 // Append http unless a relative link starting with / or a php file. 1085 if ( strpos($url, '://') === false && 1089 /* If the URL doesn't appear to contain a scheme, we 1090 * presume it needs http:// appended (unless a relative 1091 * link starting with / or a php file). 1092 */ 1093 if ( strpos($url, ':') === false && 1086 1094 substr( $url, 0, 1 ) != '/' && !preg_match('/^[a-z0-9-]+?\.php/i', $url) ) 1087 1095 $url = 'http://' . $url; 1088 1096