Changeset 4550
- Timestamp:
- 11/30/2006 01:50:48 AM (18 years ago)
- Location:
- trunk
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-admin/admin-functions.php
r4548 r4550 445 445 if ( isset( $_POST['url'] ) ) { 446 446 $user->user_url = wp_specialchars( trim( $_POST['url'] )); 447 $user->user_url = preg_match( '/^(https?|ftps?|mailto|news|gopher):/is', $user->user_url) ? $user->user_url : 'http://'.$user->user_url;447 $user->user_url = preg_match('/^(https?|ftps?|mailto|news|irc|gopher|nntp|feed|telnet):/is', $user->user_url) ? $user->user_url : 'http://'.$user->user_url; 448 448 } 449 449 if ( isset( $_POST['first_name'] )) … … 559 559 560 560 $_POST['link_url'] = wp_specialchars( $_POST['link_url'] ); 561 $_POST['link_url'] = preg_match( '/^(https?|ftps?|mailto|news|gopher):/is', $_POST['link_url']) ? $_POST['link_url'] : 'http://' . $_POST['link_url'];561 $_POST['link_url'] = preg_match('/^(https?|ftps?|mailto|news|irc|gopher|nntp|feed|telnet):/is', $_POST['link_url']) ? $_POST['link_url'] : 'http://' . $_POST['link_url']; 562 562 $_POST['link_name'] = wp_specialchars( $_POST['link_name'] ); 563 563 $_POST['link_image'] = wp_specialchars( $_POST['link_image'] ); -
trunk/wp-includes/kses.php
r4533 r4550 40 40 ); 41 41 } 42 function wp_kses($string, $allowed_html, $allowed_protocols = array ('http', 'https', 'ftp', ' news', 'nntp', 'telnet', 'feed', 'gopher', 'mailto'))42 function wp_kses($string, $allowed_html, $allowed_protocols = array ('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet')) 43 43 ############################################################################### 44 44 # This function makes sure that only the allowed HTML element names, attribute
Note: See TracChangeset
for help on using the changeset viewer.