From 01cfb71b45804cc6e0606dafaad0de77573c20e5 Mon Sep 17 00:00:00 2001
From: Ryan Boren <ryan@git.wordpress.org>
Date: Thu, 30 Nov 2006 01:50:48 +0000
Subject: [PATCH] Update allowed protocols.  fixes #2726

git-svn-id: https://develop.svn.wordpress.org/trunk@4550 602fd350-edb4-49c9-b593-d223f7449a82
---
 wp-admin/admin-functions.php | 4 ++--
 wp-includes/kses.php         | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/wp-admin/admin-functions.php b/wp-admin/admin-functions.php
index 4a80796012..c505c91fb4 100644
--- a/wp-admin/admin-functions.php
+++ b/wp-admin/admin-functions.php
@@ -444,7 +444,7 @@ function edit_user( $user_id = 0 ) {
 		$user->user_email = wp_specialchars( trim( $_POST['email'] ));
 	if ( isset( $_POST['url'] ) ) {
 		$user->user_url = wp_specialchars( trim( $_POST['url'] ));
-		$user->user_url = preg_match( '/^(https?|ftps?|mailto|news|gopher):/is', $user->user_url ) ? $user->user_url : 'http://'.$user->user_url;
+		$user->user_url = preg_match('/^(https?|ftps?|mailto|news|irc|gopher|nntp|feed|telnet):/is', $user->user_url) ? $user->user_url : 'http://'.$user->user_url;
 	}
 	if ( isset( $_POST['first_name'] ))
 		$user->first_name = wp_specialchars( trim( $_POST['first_name'] ));
@@ -558,7 +558,7 @@ function edit_link( $link_id = '' ) {
 		wp_die( __("Cheatin' uh ?" ));
 
 	$_POST['link_url'] = wp_specialchars( $_POST['link_url'] );
-	$_POST['link_url'] = preg_match( '/^(https?|ftps?|mailto|news|gopher):/is', $_POST['link_url'] ) ? $_POST['link_url'] : 'http://' . $_POST['link_url'];
+	$_POST['link_url'] = preg_match('/^(https?|ftps?|mailto|news|irc|gopher|nntp|feed|telnet):/is', $_POST['link_url']) ? $_POST['link_url'] : 'http://' . $_POST['link_url'];
 	$_POST['link_name'] = wp_specialchars( $_POST['link_name'] );
 	$_POST['link_image'] = wp_specialchars( $_POST['link_image'] );
 	$_POST['link_rss'] = wp_specialchars( $_POST['link_rss'] );
diff --git a/wp-includes/kses.php b/wp-includes/kses.php
index 6ee53dd56f..861fe18505 100644
--- a/wp-includes/kses.php
+++ b/wp-includes/kses.php
@@ -39,7 +39,7 @@ if (!CUSTOM_TAGS) {
 		//	'ul' => array(),
 	);
 }
-function wp_kses($string, $allowed_html, $allowed_protocols = array ('http', 'https', 'ftp', 'news', 'nntp', 'telnet', 'feed', 'gopher', 'mailto'))
+function wp_kses($string, $allowed_html, $allowed_protocols = array ('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet'))
 	###############################################################################
 		# This function makes sure that only the allowed HTML element names, attribute
 		# names and attribute values plus only sane HTML entities will occur in