Add kses protocol checking to clean_url. Props Andy. fixes #3515
git-svn-id: https://develop.svn.wordpress.org/trunk@4672 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Ryan Boren
parent
29d5c032ce
commit
c34c29d935
|
|
@ -1056,7 +1056,7 @@ function wp_richedit_pre($text) {
|
|||
return apply_filters('richedit_pre', $output);
|
||||
}
|
||||
|
||||
function clean_url( $url ) {
|
||||
function clean_url( $url, $protocols = null ) {
|
||||
if ('' == $url) return $url;
|
||||
$url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%]|i', '', $url);
|
||||
$strip = array('%0d', '%0a');
|
||||
|
|
@ -1064,6 +1064,10 @@ function clean_url( $url ) {
|
|||
$url = str_replace(';//', '://', $url);
|
||||
$url = (!strstr($url, '://')) ? 'http://'.$url : $url;
|
||||
$url = preg_replace('/&([^#])(?![a-z]{2,8};)/', '&$1', $url);
|
||||
if ( !is_array($protocols) )
|
||||
$protocols = array('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet');
|
||||
if ( wp_kses_bad_protocol( $url, $protocols ) != $url )
|
||||
return '';
|
||||
return $url;
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue