[Phpwiki-talk] Safe URLs in wiki

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hello,

In stdlib, there is a function that tests if a URL is "safe"

function IsSafeURL($url) {
     return !preg_match('/([<>"])|(%3C)|(%3E)|(%22)/', $url);
}

In practice, our users need to include in the wiki URLs generated by Live Meeting

https://www.livemeeting.com/cc/alcatel_lucent/join?id=4QPTFJ&role=present&pw=S%3Cpk%2F2fbS

and these URLs can contain %3C

What would be the risk to allow such URLs?

Best regards,

Marc-Etienne

-- 
==================================================================    ------
| Marc-Etienne Vargenau                                          |   /      \
| Alcatel-Lucent France, Route de Villejust, 91620 NOZAY, FRANCE |  /  /|'`  \
| +33 (0)1 30 77 28 33, Mar...@al...  | |  /'| '   |
==================================================================  \   |/   /
| L'essence des Mathématiques est dans leur liberté.             |   \      /
|                                Georges Cantor                  |    ------
==================================================================