Make WordPress Core

Changeset 4550


Ignore:
Timestamp:
11/30/2006 01:50:48 AM (17 years ago)
Author:
ryan
Message:

Update allowed protocols. fixes #2726

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/admin-functions.php

    r4548 r4550  
    445445    if ( isset( $_POST['url'] ) ) {
    446446        $user->user_url = wp_specialchars( trim( $_POST['url'] ));
    447         $user->user_url = preg_match( '/^(https?|ftps?|mailto|news|gopher):/is', $user->user_url ) ? $user->user_url : 'http://'.$user->user_url;
     447        $user->user_url = preg_match('/^(https?|ftps?|mailto|news|irc|gopher|nntp|feed|telnet):/is', $user->user_url) ? $user->user_url : 'http://'.$user->user_url;
    448448    }
    449449    if ( isset( $_POST['first_name'] ))
     
    559559
    560560    $_POST['link_url'] = wp_specialchars( $_POST['link_url'] );
    561     $_POST['link_url'] = preg_match( '/^(https?|ftps?|mailto|news|gopher):/is', $_POST['link_url'] ) ? $_POST['link_url'] : 'http://' . $_POST['link_url'];
     561    $_POST['link_url'] = preg_match('/^(https?|ftps?|mailto|news|irc|gopher|nntp|feed|telnet):/is', $_POST['link_url']) ? $_POST['link_url'] : 'http://' . $_POST['link_url'];
    562562    $_POST['link_name'] = wp_specialchars( $_POST['link_name'] );
    563563    $_POST['link_image'] = wp_specialchars( $_POST['link_image'] );
  • trunk/wp-includes/kses.php

    r4533 r4550  
    4040    );
    4141}
    42 function wp_kses($string, $allowed_html, $allowed_protocols = array ('http', 'https', 'ftp', 'news', 'nntp', 'telnet', 'feed', 'gopher', 'mailto'))
     42function wp_kses($string, $allowed_html, $allowed_protocols = array ('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet'))
    4343    ###############################################################################
    4444        # This function makes sure that only the allowed HTML element names, attribute
Note: See TracChangeset for help on using the changeset viewer.