[wp-trac] Re: [WordPress Trac] #3299: clean_url() not working for non-HTTP URLS

WordPress Trac wp-trac at lists.automattic.com
Mon Jul 2 13:25:02 GMT 2007


#3299: clean_url() not working for non-HTTP URLS
-------------------------+--------------------------------------------------
 Reporter:  redclown     |        Owner:  pishmishy   
     Type:  defect       |       Status:  assigned    
 Priority:  normal       |    Milestone:  2.4 (future)
Component:  General      |      Version:  2.3         
 Severity:  normal       |   Resolution:              
 Keywords:  needs-patch  |  
-------------------------+--------------------------------------------------
Comment (by pishmishy):

 Something like this.
 {{{
 $allowed_schemes = array('http://','https://','mailto:');
 if(substr( $url, 0, 1 ) != '/' && !preg_match('/^[a-z0-9-]+?\.php/i',
 $url)){
     $foo = FALSE;
     foreach ($allowed_schemes as $s)
         {$foo = $foo || (strpos($url, $s) !== FALSE);}
     if (!$foo) $url = 'http://' . $url;
 }
 }}}
 but isn't wp_kses_bad_protocol() meant to filter out disallowed schemes?

-- 
Ticket URL: <http://trac.wordpress.org/ticket/3299#comment:13>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list