Commit 3e8a9d19 authored by Dries's avatar Dries

- Cleanup form attributes.

parent 250d0d02
......@@ -1142,8 +1142,9 @@ function url($path = NULL, $query = NULL, $fragment = NULL, $absolute = FALSE) {
}
// Return an external link if $path contains an allowed absolute URL.
// Only call the slow filter_xss_bad_protocol if $path contains a ':'.
if (strpos($path, ':') !== FALSE && filter_xss_bad_protocol($path, FALSE) == check_plain($path)) {
// Only call the slow filter_xss_bad_protocol if $path contains a ':' before any / ? or #.
$colonpos = strpos($path, ':');
if ($colonpos !== FALSE && !preg_match('![/?#]!', substr($path, 0, $colonpos)) && filter_xss_bad_protocol($path, FALSE) == check_plain($path)) {
// Split off the fragment
if (strpos($path, '#') !== FALSE) {
list($path, $old_fragment) = explode('#', $path, 2);
......
......@@ -1474,19 +1474,26 @@ function filter_xss_bad_protocol($string, $decode = TRUE) {
$allowed_protocols = array_flip(variable_get('filter_allowed_protocols', array('http', 'https', 'ftp', 'news', 'nntp', 'telnet', 'mailto', 'irc', 'ssh', 'sftp', 'webcal')));
}
// Get the plain text representation of the attribute value (i.e. its meaning)
// Get the plain text representation of the attribute value (i.e. its meaning).
if ($decode) {
$string = decode_entities($string);
}
// Remove soft hyphen
$string = str_replace(chr(194) . chr(173), '', $string);
// Strip protocols
// Iteratively remove any invalid protocol found.
do {
$before = $string;
$colonpos = strpos($string, ':');
if ($colonpos > 0) {
// We found a colon, possibly a protocol. Verify.
$protocol = substr($string, 0, $colonpos);
// If a colon is preceded by a slash, question mark or hash, it cannot
// possibly be part of the URL scheme. This must be a relative URL,
// which inherits the (safe) protocol of the base document.
if (preg_match('![/?#]!', $protocol)) {
break;
}
// Check if this is a disallowed protocol.
if (!isset($allowed_protocols[$protocol])) {
$string = substr($string, $colonpos + 1);
}
......
......@@ -3486,7 +3486,7 @@ function system_update_1020() {
$ret[] = update_sql("UPDATE {node_revisions} SET body = REPLACE(body, '<break>', '<!--break-->')");
}
variable_del('update_1020_ok');
return $ret;
return $ret;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment