[wp-trac] [WordPress Trac] #19354: wp_allowed_protocols() does not allow data URI scheme

WordPress Trac wp-trac at lists.automattic.com
Tue Dec 6 22:43:52 UTC 2011


#19354: wp_allowed_protocols() does not allow data URI scheme
------------------------------------+------------------------------
 Reporter:  hardy101                |       Owner:
     Type:  defect (bug)            |      Status:  new
 Priority:  normal                  |   Milestone:  Awaiting Review
Component:  Editor                  |     Version:  3.2.1
 Severity:  normal                  |  Resolution:
 Keywords:  dev-feedback has-patch  |
------------------------------------+------------------------------

Comment (by kurtpayne):

 In my testing, I encountered an image string that was too large for the
 regex to handle.  I was getting a `PREG_BACKTRACK_LIMIT_ERROR` from a 26K
 string.  The php documentation states that the
 [http://us.php.net/manual/en/pcre.configuration.php default value for
 pcre.backtrack_limit] is 100000 (1 million), but the stock installs of php
 I've tested show it to be 100000 (one-hundred thousand).  Raising the
 backtrack limit via `ini_set()` allow the code to work on the test string.

 I was able to duplicate the original problem.  After applying patch
 [[attachment:19354.diff]], I was able to embed an image as an unprivileged
 author that survived saving.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/19354#comment:5>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list