[wp-trac] [WordPress Trac] #19354: wp_allowed_protocols() does not allow data URI scheme
WordPress Trac
wp-trac at lists.automattic.com
Tue Dec 6 22:43:52 UTC 2011
#19354: wp_allowed_protocols() does not allow data URI scheme
------------------------------------+------------------------------
Reporter: hardy101 | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Editor | Version: 3.2.1
Severity: normal | Resolution:
Keywords: dev-feedback has-patch |
------------------------------------+------------------------------
Comment (by kurtpayne):
In my testing, I encountered an image string that was too large for the
regex to handle. I was getting a `PREG_BACKTRACK_LIMIT_ERROR` from a 26K
string. The php documentation states that the
[http://us.php.net/manual/en/pcre.configuration.php default value for
pcre.backtrack_limit] is 100000 (1 million), but the stock installs of php
I've tested show it to be 100000 (one-hundred thousand). Raising the
backtrack limit via `ini_set()` allow the code to work on the test string.
I was able to duplicate the original problem. After applying patch
[[attachment:19354.diff]], I was able to embed an image as an unprivileged
author that survived saving.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/19354#comment:5>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list