Skip to content
Snippets Groups Projects
Commit 2dbbdbd4 authored by Dries Buytaert's avatar Dries Buytaert
Browse files

- Improved the protocol whitelist code.

parent 0f5bdc9c
No related branches found
No related tags found
No related merge requests found
......@@ -1239,7 +1239,10 @@ function filter_xss_bad_protocol($string, $decode = TRUE) {
}
function _filter_xss_bad_protocol($m) {
static $allowed_protocols = array('http' => TRUE, 'https' => TRUE, 'ftp' => TRUE, 'news' => TRUE, 'nntp' => TRUE, 'telnet' => TRUE, 'gopher' => TRUE, 'mailto' => TRUE, 'e2dk' => TRUE, 'smb' => TRUE, 'irc' => TRUE, 'rsync' => TRUE, 'ssh' => TRUE, 'sftp' => TRUE);
static $allowed_protocols;
if (!isset($allowed_protocols)) {
$allowed_protocols = array_flip(variable_get('filter_allowed_protocols', array('http', 'https', 'ftp', 'news', 'nntp', 'telnet', 'mailto', 'irc', 'ssh', 'sftp', 'webcal')));
}
$string = preg_replace('/\s+/', '', $m[1]);
return isset($allowed_protocols[$string]) ? "$string:" : '';
}
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment