[wp-trac] Re: [WordPress Trac] #3299: clean_url() not working for
non-HTTP URLS
WordPress Trac
wp-trac at lists.automattic.com
Mon Jul 2 13:25:02 GMT 2007
#3299: clean_url() not working for non-HTTP URLS
-------------------------+--------------------------------------------------
Reporter: redclown | Owner: pishmishy
Type: defect | Status: assigned
Priority: normal | Milestone: 2.4 (future)
Component: General | Version: 2.3
Severity: normal | Resolution:
Keywords: needs-patch |
-------------------------+--------------------------------------------------
Comment (by pishmishy):
Something like this.
{{{
$allowed_schemes = array('http://','https://','mailto:');
if(substr( $url, 0, 1 ) != '/' && !preg_match('/^[a-z0-9-]+?\.php/i',
$url)){
$foo = FALSE;
foreach ($allowed_schemes as $s)
{$foo = $foo || (strpos($url, $s) !== FALSE);}
if (!$foo) $url = 'http://' . $url;
}
}}}
but isn't wp_kses_bad_protocol() meant to filter out disallowed schemes?
--
Ticket URL: <http://trac.wordpress.org/ticket/3299#comment:13>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list